Use The Panasonic Globarange With Asterisk

The Gadget

Today I received my Panasonic Globarange(TM) BT-GT1500E? from john lewis, got two of them for 70 quid:

John Lewis BOGOF Offer and Offer code for £10 off

The Problem

After finding out online that it used sip, I was most upset to find this shiny bit of plastic and wires not to be user customisable, and hard-configured to use their www.joip.com service, which as far as I’m aware does not cross communicate with any other sip providers, or services, ala www.sipbroker.com . Not only that but it’s only a limited service and free for the first three years. It also regularly communicates with their servers sending I don’t know what, as it’s encrypted (another issue I’m not happy with)

Technical Musings

For those who are interested the phone basestation (that does all the work) itself appears to be based on a netbsd kernel (according to the copyright declaration in the manual). They use OpenSSL too, which the config files look like they are encoded with (They begin with Salted__), and interestingly the manual states that it also has a build of thttpd, thought It doesnt appear to be listening on any ports (at least from a local scan) I suspect this needs to be enabled in the provisioning, or is filtered to only work from their address ranges

There is also a 3 pin port on the bottom of the phone which is a usb port, if you open it you’ll see them labled VCC D+ D- and the GND just below. The phone identifies as

Panasonic MULTI TALK V
Manufacturer: Panasonic
Vendor Id: 04da
Product Id: 1600

I don’t have window installed so I cant test what happens with the multitalk software. Volunteers?

The Solution

You will need:

— A firewall that sits between the phone and the internet that can redirect traffic. I have my linux machine running asterisk in this location, which works well for me.

— Asterisk

— A Web Server

The Configuration

Asterisk Sip Configuration:

Add to sip.conf

[YOURJOIPNUMBER]
type=friend
host=dynamic
context=yourlocalcontext
disallow=all
allow=ulaw

Web Server Configuration:

The phone downloads its configuration (encrypted with OpenSSL?) from provisioning.joip.com 213.137.73.74 on bootup

http://provisioning.joip.com/joip_config/joip0080fXXXXXX.cfg

Put in your phones mac address and grab this file and put it on your server in a similar location (ie, /var/www/joip_config/joipMACADDR.cfg) so the phone can provision itself on powerup. If you are already hosting various virtualhosts on your website, you may need to create a new one for this address.

Firewall Configuration:

My phone talks to proxy.joip.com 213.137.73.150 on port 23768 so on my asterisk gateway machine I added a rule to intercept the sip traffic and send it to asterisks sip port.

The phone also talks to www.joip.com and sends random little bits of encrypted information to that on http://www.joip.com/xml/xmlapi_pcclanding.asp. It appears to not be important if you filter this traffic.

The unit will also do a stun negotiation and will use your public ip when setting up sessions, which will cause you problems if you wish to use it in your local lan. This caught me out first when I could make calls but got no audio.

— Redirect SIP Traffic

iptables -t nat -A PREROUTING -d proxy.joip.com -p udp -m udp --dport 23768 -j REDIRECT --to-ports 5060

— Redirect Web Traffic

iptables -t nat -A PREROUTING -d provisioning.joip.com -j REDIRECT

— Block all other traffic to this company, including the regular messages to www.joip.com and also including STUN traffic (or you may get calls but get no audio)

iptables -A FORWARD -d 213.137.64.0/19 -j REJECT

The Other Solution

You may be able to do most of the fancy firewalling instead with a private DNS server that you configure your DHCP server to respond appropriately for, though I think I saw the phone talk directly to certain configured IP ranges without doing a DNS query. Your mileage may vary.

  1. No comments yet.
(will not be published)