Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Digium phones can either retrieve their configuration directly from a DPMA or Switchvox system via SIP MESSAGE, or by being directed to an HTTP, HTTPs, FTP or FTPS host via DHCP Option 66. TFTP is not supported.

Here is an example Avahi services definition file that will point a phone to DPMA and/or Switchvox:

Expand
No Format
<?xml version="1.0" standalone='no'?>
<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
<service-group>
 <name>Digium Phones Server</name>
  <service>
     <type>_digiumproxy._udp</type>
        <port>5060</port>
        <txt-record>sipUrl=sip:proxy@server.example.com:5060;transport=udp</txt-record>
        <txt-record>serviceType=switchvox</txt-record>
  </service>
</service-group>

Note that serviceType may be defined as either switchvox or asterisk.

Here is a typical DHCP daemon configuration specifying Option 66:

...

Tip

A custom Avahi services definition file can be used to also, in addition to mass deploying firmware, point a Digium phone to a DPMA system. To accomplish this, use a service element definition like:

No Format
<service>
    <type>_digiumproxy._udp</type>
    <port>5060</port>
    <txt-record>sipUrl=sip:proxy@10.1.2.3:5060;transport=udp</txt-record>
    <txt-record>serviceType=asterisk</txt-record>
</service>

 

XML Firmware Management

Within the XML configuration file, the phone receives configuration information, including information about firmware files to load. Firmware is managed using a <firmwares> configuration element, such as:

...

Expand
config_server_url Setting Example for XML Provisioning with Firmware and Network Settings
config_server_url Setting Example for XML Provisioning with Firmware and Network Settings
No Format
<?xml version="1.0" ?>
<config>
    <setting id="config_server_url" value="https://user:pass@server.example.com:443" network_id="1" />
    <setting id="config_server_url" value="https://user:pass@otherserver.example.com:443" network_id="2" />
    <setting id="config_server_url" value="https://user:pass@otherotherserver.example.com:443" network_id="3" />
    <setting id="network_vlan_discovery_mode" value="MANUAL" network_id="1" />
    <setting id="network_vlan_id" value="5" network_id="1" />
    <setting id="network_vlan_discovery_mode" value="LLDP" network_id="2" />
    <setting id="network_vlan_discovery_mode" value="NONE" network_id="3" />
    <setting id="sip_qos" value="3" network_id="1" />
    <setting id="rtp_qos" value="6" network_id="1" />
    <setting id="sip_qos" value="3" network_id="2" />
    <setting id="rtp_qos" value="6" network_id="2" />
    <setting id="sip_dscp" value="24" />
    <setting id="rtp_dscp" value="46" />
    <networks>
        <network id="1" display_name="Internal" cidr="192.168.8.0/24" />
        <network id="2" display_name="External" cidr="10.0.0.0/8" />
        <network id="3" display_name="All Networks" cidr="0.0.0.0/0" />
    </networks>
    <firmwares network_id="1">
        <firmware model="D50" version="1_1_3_0_99999" url="http://192.168.0.11/firmware/1_1_3_0_99999_D50_firmware.eff" />
        <firmware model="D70" version="1_1_3_0_99999" url="http://192.168.0.11/firmware/1_1_3_0_99999_D70_firmware.eff" />
        <firmware model="D40" version="1_1_3_0_99999" url="http://192.168.0.11/firmware/1_1_3_0_99999_D40_firmware.eff" />
    </firmwares>
    <firmwares network_id="2">
        <firmware model="D50" version="1_1_3_0_99999" url="http://10.10.4.11/firmware/1_1_3_0_99999_D50_firmware.eff" />
        <firmware model="D70" version="1_1_3_0_99999" url="http://10.10.4.11/firmware/1_1_3_0_99999_D70_firmware.eff" />
        <firmware model="D40" version="1_1_3_0_99999" url="http://10.10.4.11/firmware/1_1_3_0_99999_D40_firmware.eff" />
    </firmwares>
    <firmwares network_id="3">
        <firmware model="D50" version="1_1_3_0_99999" url="http://server.example.com/backupstuff/1_1_3_0_99999_D50_firmware.eff" />
        <firmware model="D70" version="1_1_3_0_99999" url="http://server.example.com/backupstuff/1_1_3_0_99999_D70_firmware.eff" />
        <firmware model="D40" version="1_1_3_0_99999" url="http://server.example.com/backupstuff/1_1_3_0_99999_D40_firmware.eff" />
    </firmwares>
</config>

SSL Considerations

Digium phones, beginning with firmwares 1_5_0 (D80) and 2_3_0 (other models), validate the SSL for any cURL operations. This includes configuration file retrieval, for non-DPMA/Switchvox phones, as well as for retrieval, inside of DPMA/Switchvox environments, of firmware, ringtones, contacts files, blf items files, applications, etc.  And, beginning with firmware 2_7_0 (non-D80), phones also validate SSL for 802.1X authentication.  SSL Validation can be manually disabled from the phone's UI - or later disabled via an XML config parameter.  But, this can present some chicken-and-egg challenges.

From a factory default state, Digium phones root CA bundle is the only means by which it can validate SSL.  The root CA bundle is typically kept current with the Mozilla PEM bundle at the time of the firmware's building.  So, for an initial validation, the phone, if it is directed to an HTTPs location, can only validate against a publicly signed server.  The phones are capable of being fed additional root CA PEM payloads, which may be privately signed CAs, from within the phone's XML config file inside of the certs element.  The phone will, on boot, combine any root CA payloads from its config file with the baked in Mozilla bundle to create the bundle that it uses for all SSL validation.  Thus, phones, once they've been given an initial config file, can validate non-publicly signed SSL connections.

The problem is further complicated by time.  Digium phones do not have a built in battery.  Thus, from a factory default state, the phone has been programmed to set its clock to its firmware build date.  The phone, if it's able to get on a network, will then attempt to set its clock using NTP.  Beginning with firmware 2_7_0 (non-D80), phones are able to respond to DHCP Option 42 for NTP servers, and will utilize servers retrieved there in lieu of the phone's built-in server definitions: 0.digium.pool.ntp.org and 1.digium.pool.ntp.org.  Once time has been retrieved, the phone will set its clock and continue the boot process.  Subsequently, whenever the phone is rebooted, it will save off its current time and will, on on the next boot, use that time in lieu of the firmware's build-time.  This provides a more accurate clock in the future for validating SSL.