Grandstream Networks, Inc.

• Grandstream Phone System Manual
• Grandstream Phone Manual

GXV3140 IP Multimedia Phone; External Devices. It is recommended to use headsets that are tested to be interoperable by Grandstream, for example the iphone headset. Which 3G USB Adapters are supported on the GXV3140? List of supported 3G modems: For WCDMA: - Huawei E1750. User manual instruction guide for IP Multimedia Phone GXV3275V3 Grandstream Networks, Inc. Setup instructions, pairing guide, and how to reset.

XML Provisioning Guide

GXV3140/GXV3175 IP Multimedia Phone

GXV21XX/GXP14XX Enterprise IP Phone

HT50x Analog Telephone Adapters

GXW40xx FXS Analog IP Gateways

OVERVIEW

The XML provisioning system allows Grandstream phones to perform configuration updates via XML configuration files. In addition, the XML provisioning implementation may also allow generic XML configuration file on top of the MAC based configuration file.

Note: Currently, XML provisioning is supported on the following Grandstream products:

•GXV3140 IP Multimedia Phone

•GXV3175 IP Multimedia Phone

•GXP21XX/GXP14XX Enterprise IP phones

•HT50X Analog Telephone Adapters

•GXW40XX FXS Analog IP Gateways

PROVISIONING FLOW

Parse and

Done

apply new configurations

Figure 1: Provisioning Flow.

The provision program on the phone will apply and reload the settings after downloading the legacy binary cfgMAC config file. This means that a provision/re-direction server can redirect the device to a XML

provision server without reboot. It can also be used to send the XML encryption password.

XML SCHEMA AND EXAMPLE FILE

The general XML syntax consists of a list of name-value pairs. P-Value is the element and the value of the element is represents the value for that particular configuration that the corresponding P-Value represents. For the complete P-value list, please refer to the legacy configuration templates at http://www.grandstream.com/index.php/support/tools

Example XML configuration file (cfgxxxxxxxxxxxx.xml):

<?xml version='1.0' encoding='UTF-8' ?>

<gs_provision version='1'> <mac>000b82123456</mac> <config version='1'>

<P271>0</P271> <P270>Account name</P270>

</config> </gs_provision>

The mac element is not mandatory. It is designed this way because not all provision systems support MAC address. If it is present, the provision program will validate the mac element with the actual MAC address on the device.

XML FILE ENCRYPTION

The XML configuration file may be encrypted using AES-256-CBC algorithm. The encryption password is defined in P1359 (XML Config File Password) of the configuration file. The encryption may use salt to enhance security. The algorithm to derive the key and IV from a password is the same as the one used by OpenSSL:

The OpenSSL command-line to encrypt the file is as follows:

Openssl enc –e –aes-256-cbc –k password –in config.xml –out cfgxxxxxxxxxxxx.xml

Alternatively, users can also set the XML Config File Password in the web UI of the phone.

Figure 2: Using web UI to define the XML Configuration File Password

When the XML configuration file is encrypted using this method, the phone would only be able to decrypt and parse the file if user set the XML Config File Password in P1349 of binary configuration file or in the web UI.

SECURE PROVISIONING

Although the XML config file can be encrypted and the encryption algorithm itself is regarded as safe and strong by using AES with 256-bit key length, it remains a question on how to bootstrap and provision the initial XML encryption password. There are several methods to provide solutions to this:

1.Use legacy binary config file to set the initial XML encryption password. The legacy binary file is encrypted and it generally regarded safe.

2.Use HTTPS and use client side authentication. This is the industry standard approach and has the strongest safety.

Grandstream Phone System Manual

Grandstream Phone Manual