Autoprovisioning Plug & Play (PnP), this technology is supported by many manufacturers - Yealink, Snom, Fanvil.
The main advantages of automatic phone settings:
- Facilitates initial setup - no need to go to the web interface of each device. It is enough to indicate the correspondence of the MAC address of the device and the account on the auto-tuning server.
- Simplifies support - it really becomes easier if you need to change device settings. We control the settings again on the server
- It is possible to reduce the setting to the set of starcode “* 911 * <SIP_ACC>” - in some cases, this function simply does not have a price. Not every office worker can configure an IP phone, but dialing a combination of numbers is a simple task.
Let's describe how the Autoprovisioning Plug & Play works. At the end of the article, a link to the sources of a small PHP script that implements the functionality of the PnP server.
Case Study
We had an interesting case when introducing telephony to one of our customers. The main problem was that the client was in another city. At the same time, one of the requirements was that after unpacking the parcel with the telephones and plugging them into the network, telephony should immediately work.
The problem was solved relatively simply. The client has reserved a number of IP addresses for us. We set up the equipment in our office and packed it in a box and sent it by courier.
Using automatic device configuration, the task would become much simpler.
Simplified PnP Scheme
The telephone set at the beginning of operation sends a broadcast SIP SUBSCRIBE request to the address 224.0.1.75 multicast IP.
Read more about 224.0.1.75
224.0.1.75 is multicast IP (for multicast) "reserved" for SIP servers.
see networksorcery.com/Enp/protocol/sip.htm
224.0.1.75 SIP, Session Initiation Protocol (all servers).
see networksorcery.com/Enp/protocol/sip.htm
224.0.1.75 SIP, Session Initiation Protocol (all servers).
In response, he expects to receive a NOTIFY response with configuration instructions.
SUBSCRIBE Example
2019/09/02 09:26:41.543856 172.16.32.148:5059 -> 224.0.1.75:5060 SUBSCRIBE sip:MAC0015657322ff@224.0.1.75 SIP/2.0 Via: SIP/2.0/UDP 172.16.32.148:5059;branch=z9hG4bK42032775 From: <sip:MAC0015657322ff@224.0.1.75>;tag=42032772 To: <sip:MAC0015657322ff@224.0.1.75> Call-ID: 42032772@172.16.32.148 CSeq: 1 SUBSCRIBE Contact: <sip:MAC0015657322ff@172.16.32.148:5059> Max-Forwards: 70 User-Agent: Yealink SIP-T21P 34.72.14.6 Expires: 0 Event: ua-profile;profile-type="device";vendor="Yealink";model="T21D";version="34.72.14.6" Accept: application/url Content-Length: 0
The most important and interesting headlines
- From - the poppy address of the device is 0015657322ff
- Event - comprehensively describes the device, Manufacturer, model, firmware version
- Contact - device address
- Call-ID - this header is interesting when configuring DECT devices from Yealink, it transfers the line identifier (tube serial number), delimiter " _ "
Once the PnP server has received such a request, it should respond
NOTIFY example
2019/09/02 09:26:41.550125 172.16.32.153:57593 -> 172.16.32.148:5059 NOTIFY sip:172.16.32.148:5059 SIP/2.0 Via: SIP/2.0/UDP 172.16.32.148:5059;branch=z9hG4bK42032775 Max-Forwards: 20 Contact: <sip:172.16.32.148:5059;transport=UDP;handler=dum> From: <sip:MAC0015657322ff@224.0.1.75>;tag=42032772 To: <sip:MAC0015657322ff@224.0.1.75> Call-ID: 42032772@172.16.32.148 CSeq: 3 NOTIFY Content-Type: application/url Subscription-State: terminated;reason=timeout Event: ua-profile;profile-type="device";vendor="MIKO";model="MikoServerPnP";version="1.8" Content-Length: 40 http://172.16.32.153:84/0015657322ff.cfg
In a NOTIFY message, the most valuable information is in the message body. As a rule, in the body you must pass a link to get the configuration file:
http://172.16.32.153:84/0015657322ff.cfg
If several PnP servers are running on the network, then who is the first who will respond to the device will configure it.
The phone, upon receipt of NOTIFY, attempts to fulfill the request at the specified address.
Server request and response example
# curl -i http://172.16.32.153:84/0015657322ff.cfg HTTP/1.0 200 OK Content-type: text/plain Date: Mon, 02 Sep 2019 06:52:23 GMT Connection: close Accept-Ranges: bytes Last-Modified: Mon, 02 Sep 2019 06:25:02 GMT Content-length: 769 #!version:1.0.0.1 account.1.enable = 1 account.1.label = PnP (203) ...
An example implementation of the server is available on github https://github.com/boffart/MikoServerPnP
For this PnP server to work, you must:
- PHP 7.1.9
- Php sockets
- BusyBox v1.26.2
- Broadcast requests must be allowed on the network
PnP Server Features
- Listens for requests sent to the address ' 224.0.1.75:5060 '
- When you start, it starts the web server ( busybox httpd )
- Allows you to create a simplified phone configuration
- Allows you to send NOTIFY to Yealink to reboot
Using a PnP server allows you to use "One-time links."
Suppose we give the file by the link:
http://172.16.32.153:84/0015657322ff.cfg
The usual direct link to the file. Obviously, this is NOT safe. Knowing the MAC address of the phone and the server address, you can try to get a config with logins and passwords.
When working with a PnP server, it is possible to give a unique link for each SUBSCRIBE request:
http://172.16.32.153:84/?mac=0015657322ff&hash=0a67f5290
An example of a formula for calculating a hash:
hash = md5(MAC + DATE + PID)
PID is the process ID of the PnP server. Only root can recognize it.
Choosing such a hash is almost impossible.
If an appeal occurs via an invalid link, then we ban the pest.
Reboot Yealink NOTIFY means without authorization
Yes, yes, without authorization .
I could not close the device from the current version of the firmware from this possibility.
Just run the command
php -f MikoServerPnP.php socket_client_notify <IP_PBX> <PORT_SIP_PBX> <IP_PHONE> <PORT_PHONE>
And the phone will go into reboot. By hanging such a command in cron you can achieve a terrifying effect. Of course, this is possible if we know the IP address and SIP port of the phone.
An example PHP function to send NOTIFY
public static function socket_client_notify($ip_pbx, $port_pbx, $ip_phone, $port_phone):void { $phone_user = 'autoprovision_user'; $sock = socket_create(AF_INET, SOCK_DGRAM, SOL_UDP); $msg = "NOTIFY sip:{$phone_user}@{$ip_phone}:{$port_phone};ob SIP/2.0\r\n". "Via: SIP/2.0/UDP {$ip_pbx}:{$port_pbx};branch=z9hG4bK12fd4e5c;rport\r\n". "Max-Forwards: 70\r\n". "From: \"asterisk\" <sip:asterisk@{$ip_pbx}>;tag=as54cd2be9\r\n". "To: <sip:{$phone_user}@{$ip_phone}:{$port_phone};ob>\r\n". "Contact: <sip:asterisk@{$ip_pbx}:{$port_pbx}>\r\n". "Call-ID: 4afab6ce2bff0be11a4af41064340242@{$ip_pbx}:{$port_pbx}\r\n". "CSeq: 102 NOTIFY\r\n". "User-Agent: mikopbx\r\n". "Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE\r\n". "Supported: replaces, timer\r\n". "Subscription-State: terminated\r\n". "Event: check-sync;reboot=true\r\n". "Content-Length: 0\r\n\n"; $len = strlen($msg); socket_sendto($sock, $msg, $len, 0, $ip_phone, $port_phone); socket_close($sock); }
PnP Server Setup
Located in settings / settings.json
{ "url": "http://<pbx_host>:<http_port>/", "http_port": 84, "pbx_host": "172.16.32.153", "pbx_sip_port": "5060", "vm_extension": "*001", "feature_transfer": "**" }
MAC White List
Can be described in settings / mac_white.conf . Separator - line feed.
MAC blacklist
Can be described in settings / mac_black.conf . Separator - line feed.
Phone configuration files
Must be placed in the configs directory.
By means of the PnP server, it is possible to create the simplest configs for Yeakink and Snom:
php -f MikoServerPnP.php mk_config SIP_ACCAUNT SECRET MAC