how-to block ads
|
|
Uniqs:
1230 |
Share Topic
 |
 |
|
|
|
OZOPremium
join:2003-01-17
kudos:2 | reply to RonR
Re: Provisioning of the OBi100/110/202 (Made Easy) Then why do not use just two files:
• $MAC-init.xml - obi-encrypted, contains K and IV and points to $MAC-encrypted.cfg
• $MAC-encrypted.cfg - AES-encrypted, contains configuration and points to itself
Frankly, I don't see the reason for making $DM.xml at all. Is it because of the default $DHCPOPT66 value in ConfigURL? If it is, I don't think it's working. Think about how many routers have this option? E.g. mine, ZyWALL, cost me $400, doesn't have it. In any case, if you want to target a user, who can't change default ConfigURL setting in OBi to point to your TFTP/HTTP server, then I may assure you, that he won't be able to change his router's "option 66" too... (assuming he even has a router, which supports "option 66") So, IMHO, this idea doesn't fly.
But if you have to ask user to set that ConfigURL manually (which is simpler to do, than to configure his router), then you may provide him with string, that points it to $MAC-init.xml file on your TFTP/HTTP server. So, IMHO there is no real need for the intermediate $DM.xml file...
BTW, I still keep a hope to see support for HTTP option in OBiProv tool... 
--
Keep it simple, it'll become complex by itself... | |
RonR
join:2003-10-10
Ash Flat, AR
kudos:1 | said by OZO:Frankly, I don't see the reason for making $DM.xml at all. Is it because of the default $DHCPOPT66 value in ConfigURL? If it is, I don't think it's working. The OBi's default ConfigURL [tftp://$DHCPOPT66/$DM.xml] works perfectly. It's what makes it possible to provision a device fresh out of the box with no pre-configuration (as well as reprovision a unit when it's been reset to factory defaults). The very first test of OBiProv used it and it has never failed.
said by OZO:Think about how many routers have this option? E.g. mine, ZyWALL, cost me $400, doesn't have it. In any case, if you want to target a user, who can't change default ConfigURL setting in OBi to point to your TFTP/HTTP server, then I may assure you, that he won't be able to change his router's "option 66" too... (assuming he even has a router, which supports "option 66") Every router that has third-party firmware installed (i.e. Tomato, DD-WRT, etc.) supports DHCPOPT66. Configuring the router consists of nothing more than putting a single line [dhcp-option=66,"192.168.1.125"] in the Dnsmasq Custom configuration box. It couldn't be easier. If your router doesn't support it, simply change the OBi's ConfigURL to tftp://192.168.1.125/$DM.xml. It's too nice a feature to penalize those that have it by using a different scheme. | |
| reply to RonR
I hate to sound like a rookie, but is this so I can make encrypted VOIP calls? Also, does the other person on the phone call need to have the same setup (Obi with encryption)? One last thing, will this work with google voice? | |
OZOPremium
join:2003-01-17
kudos:2 | Unfortunately OBi devices do not support ZRTP or other types of secure communications.
--
Keep it simple, it'll become complex by itself... | |
|
