VOIP Tech Chat → [PAP2] Project: IVR disable

OK, now that your Linksys PAP2 is unlocked... This thread contains important information for your Linksys PAP2 to live a long and healthy life.

Be aware that not everyone in this world will offer you safe food for your PAP2. If you are unsure of the environment that your PAP2 will reside, it would be a good idea to keep it running the 3.1.3 firmware.

Some of the obvious, but needed, reminders:

1. Ensure that the provision enable is set to OFF.

2. Remove the DNS Server entries! Leave 'em blank or use your own!

3. Make a note of the GPP_K contents (Provisioning tab). You never know when you might wish you had this.

4. If you feel that the people handling your PAP2 might be inclined to perform a RESET# from the IVR, you might want to consider disabling the IVR. This will require some XML handywork, but is possible. Simply make a .XML file that disables the IVR and sets the admin_passwd. Don't disable admin access, and dont disable the web interface. Make note of the settings and then feed this to your PAP2. You may either 're-sync' it to your PAP2, or use the provision rule to point to your TFTP server. (For this to happen, you will need to enable provisioning to let it get the file from your provision server). For those who are not comfortable with this setting, you may wish to try it with your 'Internet' disconnected from your router (unplug the WAN port).

Just as you would read the nutrition label of a food you are about to consume, you should also know about this:

The Linksys PAP2 firmware 3.1.7 and newer (someone has seen 3.1.8 already!) are not fit for use in all unlocked PAP2 units. If you load the 3.1.7 or newer firmware into your PAP2 and perform a RESET# in the IVR (or just do a »PAP2-IP/reset), you will re-lock your device. The unlock instruction will not help, as they require ADMIN password for firmware changes from 3.1.7 and newer firmware. The ADMIN password is factory-set, and most likely not known to you.

So, for safety's sake, you should strongly consider bringing your PAP2 unit(s) to firmware release 3.1.3 (or 3.1.6), but nothing newer than 3.1.6...

I hope your PAP2 lives a long life of happiness. Don't let those big guys kill your PAP2 with poisoned firmware!

Here's a sample XML file to feed to your PAP2 to disable IVR...

This XML file will:

1. Set USER password to 1234
2. Set ADMIN password to 4321
3. Enable WEB server (should already be enabled)
4. Set Web server port to 80
5. Allow ADMIN web server access
6. Clears any "restricted access domains"
7. sets Protect_IVR_FactoryReset to YES


To feed this to your PAP2:

1. cut from above and save to a plain-text file on your system. (example: save as lock-ivr.xml)

2. Place this file in your TFTProot folder

3. Put in a "provision rule" to tell the PAP2 to pick up the file. (example: my TFTP server is at 192.168.1.11)
Profile Rule: tftp://192.168.1.11/lock-ivr.xml

4. Turn on provisioning. (unplug your WAN connection if this scares you..)

5. Save Settings-- PAP2 will reboot.

6. Watch TFTP logs. Does it pick up the lock-ivr.xml file?

7. Once it is picked-up, you can disable provisioning again.

That's it..

I am doing this from memory, so some minor tweaking might need to be done. I will test and revise once I get home to let you know if any changes need to be made to get this accomplished.

OK, I have tested the above process, and can report that the PAP2 takes the config. It seems to change the settings.

I just tested the "****" and got "configuration menu" spoken to me... I wanted that to stop working too. I tried the RESET# and it prompted for password, so that is working!! YAY!

Don't worry about encrypting the file, it is not required, as the profile rule we will use does not attempt to decrypt anything.

Here's a way to do it:

1. Copy the text above in the box and save it as lock-ivr.xml

2. Put this on a web server. It can be on your network (internal web server) or on a real web server.

3. Open a web browser to configure your Linksys PAP2 unit.

4. Under the provisioning tab change the profile rule to read: http: //192.168.1.76/pap2/lock-ivr.xml (do not put a space after http: and before //192.168.1.76/pap2/lock-ivr.xml )
* Sorry about the mutilation, this forum does that to http links..

NOTE: this assumes your web server is at 192.168.1.76 and that the lock-ivr.xml is in the pap2 folder on the web server.

5. Set the provision enable to YES.

6. Save settings on the Linksys PAP2 unit.

7. The PAP2 will reboot itself. after approx 2 seconds, it will attempt to download the XML file. (be patient! give it up to 1 minute to update itself!)

8. Refresh the Linksys PAP2 screen (even if it did refresh itself).

9. The XML file (if you copied the contents from above) will automatically turn off provisioning (provision enable=no), so that is one way to verify it worked.

--

I did not want to reset my PAP2, but I would guess it will take the "4321" (admin Password) to do it.

read notes above. it changes admin pw to 4321 and user pw to 1234 also. (you can login and change them later.)

Thanks.

Maybe this weekend, when I have time, I'll "vaccinate" my family of PAP2's. I don't own a PAP2-NA, but would the 3.1.7 firmware poison them, or they're already safe?

OK, I guess I was not paying attention enough.

The above 'does' work! I finally dug a little deeper into the PAP2 testing and realized:

1. Yes, the "****" will still announce the IVR ('configuration menu') through the phone.

2. If you punch-in RESET#, it prompts "enter password".

I did not want to reset my unit, so I stopped here. So, I guess this is a success! I confused myself, cuz I thought I was going to disable the **** option from working.. (no config menu, nothing).

Enjoy!

I see two versions of your Profile Rule, namely:
Which one is right? Is TFTP supported under the Profile Rule, too?

Sorry about that. I ended up making a pap2 folder under my web site. The file is "lock-ivr.xml" in plaintext.

I am sure you can also use tftp if you wish.

Yes and confirmed by some friends.

One can torture him/herself by using https too.:p

Page 20 of the Admin Guide:
"provisioning is achieved through configuration profiles
transferred to the device via TFTP, HTTP or HTTPS"

When I saved the config, my web browser indicated that the PAP2 is rebooting and it refreshed but I didnt see it grabbing the xml from the tftp server. I ended up power cycling the unit and it got it.

Should I also edit the Profile Rule back to "/spa$PSN.cfg"? I guess I should but wasnt indicated on your steps above.

The three things did happen afterwards :

1. Provisioning was turned to off
2. IVR would ask for a password after **** + RESET#
3. Web browser admin password is 4321.

Thanks.

I did not bother to put that back, because it is not really useful to anyone. If you wish, you may put the "/spa$PSN.cfg" back in the profile rule.

Since the Provision Enable is set to NO, it will have no effect.

I've been trying to upload the XML provisioning file, both by putting it in my TFTP server, and putting it in the root of my web server. The PAP2 doesn't suck it up. Does nothing. Any ideas?

Isn't there a command to send to your pap2 to force a resync? I can't remember it exactly, but something like this:


I dont have the manual here to check..

Hope this helps..

I finally did get the PAP2 to accept the XML, but on a ****RESET, I still get a "press 1 to confirm" message. I'm sure the XML took, since it shows in my TFTP log, provisioning enabled got switched back to "no," plus the unit had the 4321/1234 admin/user passwords.

I'll leave at that for now. This PAP2 is a stocking stuffer for a friend, which I just configured with FWD on line 1. If he resets it, turning it into a brick, it will be his problem, not mine.