True about encryption if your pbx is public, however for private lan
PBX, I see real little advantages to encrypting and see more
desavantages for the support technicians.
----
Andre Courchesne
Concepteur Logiciel - Software Developer
[email protected]
PrivalODC Inc.
9955 ave Catania, local 145
Brossard, QC
J4Z 3V5
Web.: http://www.prival.ca
Tel.: (450) 761-9973 poste 635
1-866-761-9973
Fax.: (450) 761-9842
Ce message électronique ainsi que tous les documents annexés s’adressent
exclusivement à la personne ou à l’entité inscrit dans la rubrique
destinataire ; il peut contenir des renseignements de nature
confidentielle ou privilégiée aux termes des lois applicables. Nulle
autre personne ne doit y avoir accès. Si vous n’êtes pas le
destinataire convenu, nous vous avisons par la présente qu'il est
strictement interdit d'en divulguer le contenu, de le distribuer, le
copier ou l’ utiliser. Veuillez aviser l’expéditeur immédiatement par
retour de courrier électronique et supprimer ce message de votre
système. Toute diffusion ou reproduction de ce document ainsi que tout
mesure prise à l’égard de la présente est formellement interdite.
Merci de penser à l'environnement avant d'imprimer ce courriel.
Aloysius Thevarajah Lloyd wrote:
*Step1: Installtftp server - CentOS
*yum install tftp-server
edit /etc/xinetd.d/tftp
disable= no
/etc/rc.d/init.d/xinetd restart
/sbin/chkconfig --level 345 tftp on
*
For Example tftp server running 192.168.2.1
Asterisk 192.168.2.1
Extension 23
Password 23
Step 2: create a security.tuz by encrypting a security.cfg containing the
public key (password)*
security.cfg
XXXXXXX
note : password - complex password
*Step 3: create aastra.tuz by encrypting the aastra.cfg using the same
password*
aastra.cfg
dhcp: 1
#
download protocol: TFTP
tftp server: *192.168.2.1*
#
sip digit timeout: 4
#
sip dial plan:
"x+#|xx+*|[2-9]XX[2-9]XXXXXX|1[2-9]XX[2-9]XXXXXX|1XXXXXXXXXX|[2-3]XX"
#
# each of the following parameters can be adjusted by +/- 10db
#
headset tx gain: -3
headset sidetone gain: -3
handset tx gain: -3
handset sidetone gain: -3
handsfree tx gain: 0
#
handset volume: 5 #RX volumes - user adjustable, so easily changed
speaker volume: 5
ringer volume: 3
#
live dialpad: 1
#
missed calls indicator disabled: 1
#
audio mode: 2 #0 = speaker (default)1 = headset 2 =
speaker/headset 3 = headset/speaker
#
directed call pickup: 1
#
time server disabled: 0
time server1: pool.ntp.org
#
*Step 4: for each phone, create a MAC.tuz by encrypting the MAC.cfg using
the same password*
MAC.cfg is full mac address.cfg For Example 00085D03CD57.cfg
# configure line 1
sip line1 screen name: Any Name
sip line1 display name: Any Name
sip line1 auth name: 23
sip line1 user name: 23
sip line1 password: 23
sip line1 proxy ip: 192.168.2.1
sip line1 registrar ip: 192.168.2.1
sip line1 registration period: 120
*Step5: Encrypt*
I assume all files in the D:\Temp\ directory
anacrypt - download from Aastra Telecom
FOR %a IN (D:\Temp\*.cfg) DO anacrypt %a -o D:\Temp -p XXXXXXX
Note : XXXXXXX - Same password in the security.cfg file
*
Stpe 6: Copy all the *.tuz files to the tftpboot directory*
*Step 7: Aastra phone tftp server address pont to 192.168.2.1
*Hope this will help you.
Andree .... Simon is correct after encrypt the files all new file extensions
will be *.tuz. This is important if your tftpserver on the cloud. otherwise
everyone can see get your configuration files in a plain text format.
Thank you
Lloyd
On Mon, Jun 29, 2009 at 9:55 PM, Andre Courchesne - Consultant <
[email protected]> wrote:
The aastra.cfg and the mac.cfg are sufficient. What I found tough is that
the tftp server you are using really makes a difference. Try atftp-server.
I'm using atftp-server-0.7-6.el5.rf.i386.rpm and it works great on CentOS.
Simon, I don't have aastra.tuz on any of my installs.
----
Andre Courchesne - Consultant
http://www.net-forces.com
Phone: (514) 667-8448
MSN: [email protected]
Skype: VoipForces
L'information contenue dans le présent document est la propriété de Andre
Courchesne. Et est divulguée en toute confidentialité. Cette information ne
doit pas être utilisée, divulguée à d'autres personnes ou reproduite sans le
consentement écrit explicite de Andre Courchesne.
The information contained in this document is confidential and property of
Andre Courchesne. It shall not be used, disclosed to others or reproduced
without the express written consent of Andre Courchesne.
Simon P. Ditner wrote:
Some of the Aastra's are pretty picky, and will give up if they don't
find some extra files present, I believe one of those magic files is
"aastra.tuz". It doesn't need to contain anything.
If you look at your FTP logs, you should see what else it's attempting
to retrieve.
You can also accept syslog from the phone by adding a '-r' to
/etc/default/syslogd, setting the syslog server to your system in the
phone under 'troubleshooting', and cranking the debugging levels to
65535 for anything related to provisioning.
-spd
On Mon, Jun 29, 2009 at 7:55 PM, Terry D. Cudney <[email protected]>
wrote:
Hi all,
Having a problem gettin my Aastra 480ict to retrieve its configs from
any kind of server, tftp, ftp or http.
Prefer ftp, and have ftp autoconfig working with my Aastra 51i.
The two phones both have the latest firmware from Aastra although they
have slightly different functionality, i.e. the 51i has a "ftp path" option
in the web ui, while the 480ict does not. Otherwise they are configured the
same.
With a user login on my Debian server dedicated to handling the
ftp-configs for these phones, I put eh <mac>.cfg and aastra.cfg files int eh
root of the ftp-user account and the 51i's <mac>.cfg and aastra.cfg in a
subdirectory called "configs/". With no "path" parameter for the 480ict I
figured they should go in the root of the user account.
Here are the "/var/log/syslog" lines where the two phones fail/succeed
to retrieve their configs (ip numbers have been changed, but they are both
on the same subnet with the server):
#portion of /var/log/syslog where Aastra 480ict fails to retrieve
configuration
Jun 29 18:23:15 a1 in.ftpd[16963]: connect from 192.168.9.2 (192.168.9.2)
Jun 29 18:23:15 a1 in.ftpd[16964]: connect from 192.168.9.2 (192.168.9.2)
Jun 29 18:23:15 a1 ftpd[16964]: mmap(0): Invalid argument
Jun 29 18:23:15 a1 in.ftpd[16965]: connect from 192.168.9.2 (192.168.9.2)
Jun 29 18:23:15 a1 in.ftpd[16966]: connect from 192.168.9.2 (192.168.9.2)
#portion of log where Aastra 51i succeeds in retrieving configuration
Jun 29 18:30:13 a1 in.ftpd[17083]: connect from 192.168.9.6 (192.168.9.6)
Jun 29 18:30:13 a1 ftpd[17083]: mmap(0): Invalid argument
they both get the "invalid argument" error, but the 51i succeeds while
the 480ict fails. The 51i does not try to connect after the "mmap(0):
Invalid argument" message, as the 480ict does.
I have tried tftp and http as well with the 480ict and nothing works so
far.
Any pointers/suggestions will be much appreciated.
--terry
--
Name: Terry D. Cudney
Phone: (705) 812-4949
SIP: [email protected]
E-mail: [email protected]
Please avoid sending me Word or PowerPoint attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html
Having a smoking section in a restaurant is like...
having a peeing sectionin a swimming pool.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
