dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
2637
share rss forum feed

OZO
Premium
join:2003-01-17
kudos:2
reply to RonR

Re: Provisioning of the OBi100/110/202 (Made Easy)

Then why do not use just two files:
$MAC-init.xml - obi-encrypted, contains K and IV and points to $MAC-encrypted.cfg
$MAC-encrypted.cfg - AES-encrypted, contains configuration and points to itself

Frankly, I don't see the reason for making $DM.xml at all. Is it because of the default $DHCPOPT66 value in ConfigURL? If it is, I don't think it's working. Think about how many routers have this option? E.g. mine, ZyWALL, cost me $400, doesn't have it. In any case, if you want to target a user, who can't change default ConfigURL setting in OBi to point to your TFTP/HTTP server, then I may assure you, that he won't be able to change his router's "option 66" too... (assuming he even has a router, which supports "option 66") So, IMHO, this idea doesn't fly.

But if you have to ask user to set that ConfigURL manually (which is simpler to do, than to configure his router), then you may provide him with string, that points it to $MAC-init.xml file on your TFTP/HTTP server. So, IMHO there is no real need for the intermediate $DM.xml file...

BTW, I still keep a hope to see support for HTTP option in OBiProv tool...
--
Keep it simple, it'll become complex by itself...


RonR

join:2003-10-10
Ash Flat, AR
kudos:6

1 recommendation

said by OZO:

Frankly, I don't see the reason for making $DM.xml at all. Is it because of the default $DHCPOPT66 value in ConfigURL? If it is, I don't think it's working.

The OBi's default ConfigURL [tftp://$DHCPOPT66/$DM.xml] works perfectly. It's what makes it possible to provision a device fresh out of the box with no pre-configuration (as well as reprovision a unit when it's been reset to factory defaults). The very first test of OBiProv used it and it has never failed.

said by OZO:

Think about how many routers have this option? E.g. mine, ZyWALL, cost me $400, doesn't have it. In any case, if you want to target a user, who can't change default ConfigURL setting in OBi to point to your TFTP/HTTP server, then I may assure you, that he won't be able to change his router's "option 66" too... (assuming he even has a router, which supports "option 66")

Every router that has third-party firmware installed (i.e. Tomato, DD-WRT, etc.) supports DHCPOPT66. Configuring the router consists of nothing more than putting a single line [dhcp-option=66,"192.168.1.125"] in the Dnsmasq Custom configuration box. It couldn't be easier. If your router doesn't support it, simply change the OBi's ConfigURL to tftp://192.168.1.125/$DM.xml. It's too nice a feature to penalize those that have it by using a different scheme.

MrCurious

join:2013-04-14
Pompano Beach, FL
reply to RonR

I hate to sound like a rookie, but is this so I can make encrypted VOIP calls? Also, does the other person on the phone call need to have the same setup (Obi with encryption)? One last thing, will this work with google voice?


OZO
Premium
join:2003-01-17
kudos:2

Unfortunately OBi devices do not support ZRTP or other types of secure communications.
--
Keep it simple, it'll become complex by itself...


RonR

join:2003-10-10
Ash Flat, AR
kudos:6
reply to RonR

An update has been posted:

»Provisioning Utility for OBi100/110/200/202/300/302

The new version now supports OBi100/110/200/202/300/302 devices.


obiliving

join:2011-01-22
reply to OZO

said by OZO:

Unfortunately OBi devices do not support ZRTP or other types of secure communications.

You can use SRTP on the OBi. You may select TLS as the transport for SIP so that the crypto keys may be exchanged securely over SIP (the S-Descriptor method).