The Gadget
Today I received my Panasonic Globarange(TM) BT-GT1500E? from john lewis, got two of them for 70 quid:
John Lewis BOGOF Offer and Offer code for £10 off
The Problem
After finding out online that it used sip, I was most upset to find this shiny bit of plastic and wires not to be user customisable, and hard-configured to use their www.joip.com service, which as far as I’m aware does not cross communicate with any other sip providers, or services, ala www.sipbroker.com . Not only that but it’s only a limited service and free for the first three years. It also regularly communicates with their servers sending I don’t know what, as it’s encrypted (another issue I’m not happy with)
Technical Musings
For those who are interested the phone basestation (that does all the work) itself appears to be based on a netbsd kernel (according to the copyright declaration in the manual). They use OpenSSL too, which the config files look like they are encoded with (They begin with Salted__), and interestingly the manual states that it also has a build of thttpd, thought It doesnt appear to be listening on any ports (at least from a local scan) I suspect this needs to be enabled in the provisioning, or is filtered to only work from their address ranges
There is also a 3 pin port on the bottom of the phone which is a usb port, if you open it you’ll see them labled VCC D+ D- and the GND just below. The phone identifies as
Panasonic MULTI TALK V
Manufacturer: Panasonic
Vendor Id: 04da
Product Id: 1600
I don’t have window installed so I cant test what happens with the multitalk software. Volunteers?
The Solution
You will need:
— A firewall that sits between the phone and the internet that can redirect traffic. I have my linux machine running asterisk in this location, which works well for me.
— Asterisk
— A Web Server
The Configuration
Asterisk Sip Configuration:
Add to sip.conf
[YOURJOIPNUMBER] type=friend host=dynamic context=yourlocalcontext disallow=all allow=ulaw
Web Server Configuration:
The phone downloads its configuration (encrypted with OpenSSL?) from provisioning.joip.com 213.137.73.74 on bootup
http://provisioning.joip.com/joip_config/joip0080fXXXXXX.cfg
Put in your phones mac address and grab this file and put it on your server in a similar location (ie, /var/www/joip_config/joipMACADDR.cfg) so the phone can provision itself on powerup. If you are already hosting various virtualhosts on your website, you may need to create a new one for this address.
Firewall Configuration:
My phone talks to proxy.joip.com 213.137.73.150 on port 23768 so on my asterisk gateway machine I added a rule to intercept the sip traffic and send it to asterisks sip port.
The phone also talks to www.joip.com and sends random little bits of encrypted information to that on http://www.joip.com/xml/xmlapi_pcclanding.asp. It appears to not be important if you filter this traffic.
The unit will also do a stun negotiation and will use your public ip when setting up sessions, which will cause you problems if you wish to use it in your local lan. This caught me out first when I could make calls but got no audio.
— Redirect SIP Traffic
iptables -t nat -A PREROUTING -d proxy.joip.com -p udp -m udp --dport 23768 -j REDIRECT --to-ports 5060
— Redirect Web Traffic
iptables -t nat -A PREROUTING -d provisioning.joip.com -j REDIRECT
— Block all other traffic to this company, including the regular messages to www.joip.com and also including STUN traffic (or you may get calls but get no audio)
iptables -A FORWARD -d 213.137.64.0/19 -j REJECT
The Other Solution
You may be able to do most of the fancy firewalling instead with a private DNS server that you configure your DHCP server to respond appropriately for, though I think I saw the phone talk directly to certain configured IP ranges without doing a DNS query. Your mileage may vary.