Raspberry Pi FTP server

Posted on By Mark Wilson
This content is 9 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

I’ve been trying to resurrect my SIP-connected Cisco 7940 as part of a review of our home telephony arrangements. In order to do this, I’ve had to configure the TFTP capabilities on my home infrastructure server (i.e .my Raspberry Pi). Previously, I’d served the phone configuration from a Windows TFTP server (long since gone) and the phone had just kept going with the old settings. Now, with configuration changes required, I’ve started to use dnsmasq for TFTP as well as DNS and DHCP (actually, that had always been configured, but without any files on the Pi to serve from TFTP)!

So, how to easily transfer the files? FTP to the rescue. I followed the Pi My Life UP guide to install vsftpd on my Pi, which meant using the following commands:

  1. Update packages and install vsftpd:
    sudo apt-get update
    sudo apt-get install vsftpd
  2. Edit the vsftpd config with sudo nano /etc/vsftpd.conf, making sure it has the following entries:
    anonymous_enable=NO
    local_enable=YES
    write_enable=YES
    local_umask=022
    chroot_local_user=YES
    user_sub_token=$USER
    local_root=/home/$USER/ftp
  3. Create the folder to use for FTP and set the permissions:
    mkdir /home/pi/ftp
    mkdir /home/pi/ftp/files
    chmod a-w /home/pi/ftp
  4. Restart the FTP service with sudo service vsftpd restart.

After this, I could easily upload the files I needed to the folder that I’m serving TFTP from (/home/pi/ftp/files) – although for some reason the FTP server was listening on port 22 (not 21), and then distribute my new phone configuration…

Adding a pause when dialling a number from a softphone or mobile phone

Posted on By Mark Wilson
This content is 10 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

Back in the days when Nokia phones had monochrome screens and batteries lasted for days, a colleague explained to me how to include a p in a number to make the phone pause before dialling the next few digits – for example when entering a PIN for voicemail (I think w also worked for a wait). More recently, another colleague was asking me how to do this with our CUCILync softphones when dialling into a conference call (as described for Microsoft Lync).

Well, it seems the modern equivalent of a p for a soft pause is inserting a comma (at least it is on a Lumiaon an iPhone and on Android) and a semi-colon is a hard pause/wait (on an iPhone). Unfortunately the CUCILync client we use strips out , and ; (and, even worse, it replaces p with 7). I guess it could be an error in the dial-plan but it’s inconvenient…

Big things are happening

Posted on By Mark Wilson
This content is 13 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

I saw a great video from Cisco this morning. The fact it’s from Cisco isn’t really relevant (indeed, if I showed it without the last few seconds you woudn’t know) but it’s a great example of how IT is shaping the world that we live in (or, maybe, how the world we live in is driving technology):

In case you can’t see the video above, here are some of the key statistics it contains:

  • Humans created more data in 2009 alone than in all previous years combined.
  • Over the last 15 years, network speeds have increased 18 million times.
  • Information is moving to the cloud; 8/10 IT Managers plan to use cloud computing within the next 3 years.
  • By 2015, tools and automation will eliminate 25% of IT labour hours.
  • We’re using multiple devices: by 2015 there will be nearly one mobile-connected device for every person on earth.
  • 2/3 of employees believe they should be able to access information using company-issued devices at any time, at any location.
  • 60% believe they don’t need to be in an office to be productive.
  • This is creating entirely new forms of collaboration.
  • “The real impact of the information revolution isn’t about information management but on relationships; the ability to allow not dozens, or hundreds, but thousands of people to meaningfully interact” [Dr Michael Schrage, MIT].
  • By 2015 companies will generate 50% of web sales via their social presence and mobile applications.
  • Social business software will become a $5bn business by 2013.
  • Who sits at the centre of all this? Who is managing these exponential shifts? The CIO.

Of course, we might expect to see many of these figures cited by a company selling social collaboration software and networking equipment but they are a good indication of the way things are heading.  I would place more emphasis on empowered employees and customers redefining IT provisioning (BYO, for example); on everything as a service (XaaS) changing the IT delivery model, on the need for a new architecture to manage the “app Internet”; and on big data – which will be a key theme for the next few years.

Whatever the technologies underpinning the solution – the overall direction is for IT to provide business services that add value and enhance business agility rather than simply being part of “the cost of doing business” – maybe we need more videos like this to help us think about the possibilities?

Some alternatives to the Cisco VPN client

Posted on By Mark Wilson
This content is 15 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

Installing Cisco’s VPN client on Windows 7 requires a bit of hacking and I found it increasingly unreliable on my connection to my company’s corporate network. It’s also a 32-bit only solution and, thanks to comments left on this blog, I’ve been trying out a couple of alternatives on my 64-bit Windows 7 release candidate (build 7100) machine, namely:

This isn’t really a review as such, but it is a short summary of what I found. Please bear in mind that I’m an end user of the Cisco VPN infrastructure and not a network administrator – those who know more than me about this stuff may have their reasons not to consider one of these two clients.

Shrew Soft VPN client logoI installed the Shrew Soft client first and then found that I couldn’t connect to my VPN server. That was no fault of the software – it was just that the .PCF file I had for the VPN connection contained an encrypted password, which I needed to track down, and the current version of the Shrew Soft client can not import these files. NCP Secure Communications logoIn the meantime I decided to use the NCP client for a 30 day trial period. This installed without a hitch, was able to use the PCF file provided by my administrators and had me connected to the corporate network pretty quickly. It also made me reconsider whether my frequent disconnects with the Cisco client really were down to my ISP as it seemed far more reliable than the Cisco client had been on Windows Vista/Server 2008/7… and there’s not much more to say… it worked for a month, it nagged me to activate it as the trial period came to a close, then I uninstalled it. The uninstall failed but after a restart (and a few German error messages), a second attempt was more successful.

The NCP Secure Entry client does the job but it costs £80 (+VAT) and, at the end of the day, if I need to convince my budget holder that I need to spend money on a VPN client (whilst the majority of my colleagues manage with 32-bit XP systems and the Cisco client) then I figured it was worth taking a second look at the Shrew Soft VPN client. This time I was armed with the password for the VPN group and, following Shrewsoft’s Cisco PIX Howto, I was able to connect to my corporate network. It seems just as reliable as the NCP client and has the advantage of being free (so no business case or other such hurdles to jump through).

So, Shrew Soft it is, at least for the time being – but if you have an aging Cisco VPN infrastructure that’s not due for replacement for a while and you need a client that runs on all versions of Windows, as well as Windows Mobile and Symbian, then the NCP Secure Entry client is worth a look. On the other hand, if you have a heterogeneous network, the Shrew Soft VPN client is also available for Linux and BSD (I haven’t tried using that). Some companies love open source software – others are nervous of it, so really it is just horses for courses but both are an improvement on a Cisco VPN client that doesn’t work with modern operating systems.

Installing the Cisco VPN client on Windows 7

Posted on By Mark Wilson
This content is 16 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

I haven’t been able to run the Cisco VPN client on the notebook PC that I use for work (because there is no 64-bit Cisco VPN client) but, after a forced rebuild when my hard disk started acting erratically, I am no longer running my Windows Server 2008 workstation and I put the Windows 7 beta on it instead, choosing to go 32-bit so that I didn’t have to run a VM just to access corporate applications.

Most applications that work on Windows Vista should work on Windows 7 but the ones that will cause trouble are the ones with hooks deep into the operating system… like VPN clients – and the Cisco VPN client is no exception.

Even under Windows Vista, v5.0.3.0560 of the Cisco VPN Client needed a Windows Update to be applied prior to installation but I took the chance that was already included in the Windows 7 code. Installation was actually quite smooth and completed successfully but then, after the initial reboot, a glimpse of a blue screen of death before the PC restarted. Thinking that my hard disk error had been misdiagnosed (it hadn’t) I started to Google and came across Aaron Tiensivu’s blog post on preventing Cisco VPN client (v5.0.4.0300) installation from bluescreening Windows 7 (32-bit build 7000). That sounded interesting… it refered to a later version of the VPN client but otherwise it was exactly what I’d just seen.

After a System Restore had got me back to a running system, I followed the steps in the post, but they have been updated several times now, so what follows are the exact steps that worked for me:

  1. Install the Citrix Deterministic Network Enhancer (DNE) update (direct link to the installer file) and restart the computer.
  2. Take ownership of c:\windows\system32\drivers\ndis.sys and c:\windows\system32\drivers\en-us\ndis.sys.mui, then set permissions to grant Full Control to Administrators, before deleting the files.
  3. Install the Cisco VPN Client (I used v5.0.03.0560 but this is also reported to work with v5.0.04.0300 and v5.0.05.0280) and restart the system.
  4. Allow Windows 7 to perform Startup Repairs and then click Finish to shut down the computer.
  5. Start the computer, log on, and the Cisco VPN Client should now be available for use.

Following this, I was able to initiate a successful connection to my company’s network.

Incidentally, for those who need to run 64-bit Windows, Nicholas Caito’s workaround looks interesting – running the VPN client in a virtual machine, sharing the connection, and providing a static route on the host.

Building a branch office in a box?

Posted on By Mark Wilson
This content is 16 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

For many organisations, branch offices are critical to business and often, rather than being a remote backwater, they represent the point of delivery for business. Meanwhile, organisations want to spend less on IT – and, as IT hardware and software prices fall, providing local resources improves performance for end-users. That sounds great until considering that local IT provision escalates support and administration costs so it makes more financial sense to deliver centralised services (which have a consequential effect on performance and availability). These conflicting business drivers create a real problem for organisations with a large number of branch offices.

For the last few weeks, I’ve been looking at a branch office consolidation exercise at a global organisation who seem to be suffering from server proliferation. One of the potential solutions for consolidation is using Windows Server 2008 and Hyper-V to provide a virtualised infrastructure – a “branch office in a box”, as Gartner described it in a research note from a few years ago [Gartner RAS Core Research Note G00131307, Joe Skorupa, 14 December 2005]. Windows Server 2008 licensing arrangements for virtualisation allow a server to run up to 4 virtualised operating system environments (with enterprise edition) or a single virtual and a single physical instance (with standard edition). It’s also possible to separate domain-level administration (local domain controllers, etc.) from local applications and infrastructure services (file, print, etc.) but such a solution doesn’t completely resolve the issue of maintaining a branch infrastructure.

Any consolidation at the branch level is a good thing but there’s still the issue of wide area network connectivity which means that, for each branch office, not only are there one or more Windows servers (with a number of virtualised workloads) to consider but also potentially some WAN optimisation hardware (e.g. a Cisco WAAS or a Riverbed Steelhead product).

Whilst I was researching the feasibility of such as solution, I came across a couple of alternative products from Cisco and Citrix which include Microsoft’s technology – and this post attempts to provide a high level overview of each of them (bear in mind I’m a Windows guy and I’m coming at this from the Windows perspective rather than from a deep networking point of view).

Cisco and Microsoft Windows Server on WAAS

When I found the Windows Server on WAAS website I thought this sounded like the answer to my problem – Windows Server running on a WAN optimisation appliance – the best of both worlds from two of the industry’s largest names, who may compete in some areas but still have an alliance partnership. In a video produced as part of the joint Cisco and Microsoft announcement of the Windows on WAAS solution, Cisco’s Vice President Marketing for Enterprise Solutions, Paul McNab, claims that this solution allows key Windows services to be placed locally at a reduced cost whilst providing increased flexibility for IT service provision; whilst Microsoft’s Bill Hilf, General Manager for Windows Server marketing and platform strategy, outlines how the branch office market is growing as workforces become more distributed and that the Windows on WAAS solution combines Windows Server IT services with Cisco WAAS’ WAN optimisation, reducing costs relating to infrastructure management and power usage whilst improving the user experience as services are brought closer to the user.

It all sounds good – so how does this solution work?

  • Windows on WAAS is an appliance-based solution which uses virtualisation technologies for Cisco WAAS and Microsoft Windows Server 2008 to run on a shared platform, combined with the advantages of rapid device provisioning. Whilst virtualisation in the datacentre has allowed consolidation, at the branch level the benefit is potentially the ability to reconfigure hardware without a refresh or even a visit from a technician.
  • Windows Server 2008 is used in server core installation mode to provide a reduced Windows Server footprint, with increased security and fewer patches to apply, whilst taking advantage of other Windows Server 2008 enhancements, such as improved SMB performance, a new TCP/IP stack, and read-only domain controllers for increased directory security at the branch.
  • On the WAAS side, Cisco cite improved application performance for TCP-based applications – typically 3-10 times better (and sometimes considerably more) as well as WAN bandwidth usage reduction and the ability to prioritise traffic.
  • Meanwhile, running services such as logon and printing locally means that end user productivity is increased.

Unfortunately, as I began to dig a little deeper (including a really interesting call with one of Cisco’s datacentre product specialists), it seems that this solution is constrained in a number of ways and so might not allow the complete eradication of Windows Server at the branch office.

Firstly, this is not a full Windows Server 2008 server core solution – only four roles are supported: Active Directory Domain Services; DHCP server; DNS server and Print services. Other services are neither supported, nor recommended – and the hardware specifications for the appliances are more akin to PCs (single PSU, etc.) than to servers.

It’s also two distinct solutions – Windows runs in a (KVM) virtual machine to provide local services to the branch and WAAS handles the network acceleration side of things – greatly improved with the v4.1 software release.

On the face of it (and remember I’m a Windows guy) the network acceleration sounds good – with three main methods employed:

  1. Improve native TCP performance (which Microsoft claim Windows Server 2008 does already) by quickly moving to a larger TCP window size and then lessening the flow once it reaches the point of data loss.
  2. Generic caching and compression.
  3. Application-specific acceleration for HTTP, MAPI, CIFS and NFS (but no native packet shaping capability).

All of this comes without the need to make any modifications to the existing network – no tunnelling and no TCP header changes – so the existing quality of service (QoS) and network security policies in place are unaffected by the intervening network acceleration (as long as there’s not another network provider between the branch and the hub with conflicting priorities).

From a support perspective Windows on WAAS is included in the SVVP (so is supported by Microsoft) but KVM will be a new technology for many organisations and there’s also a potential management issue as it’s my understanding that Cisco’s virtual blade technology (e.g. Windows on WAAS) does not yet support centralised management or third party management solutions.

Windows on WAAS is not inexpensive either (around $6,500 list price for a basic WAAS solution, plus another $2,000 for Windows on WAAS, and a further $1,500 if you buy the Windows licenses from Cisco). Add in the cost of the hardware – and the Cisco support from year 2 onwards – and you could buy (and maintain) quite a few Windows Servers in the branch. Of course this is not about cheap access to Windows services – the potential benefits of this solution are much broader – but it’s worth noting that if the network is controlled by a third party then WAN optimisation may not be practical either (for the reasons I alluded to above – if their WAN optimisation/prioritisation conflicts with yours, the net result is unlikely to result in improved performance).

As for competitive solutions, Cisco don’t even regard Citrix (more on them in a moment) as a serious player – from the Cisco perspective the main competition is Riverbed. I didn’t examine Riverbed’s appliances in this study because I was looking for solutions which supported native Windows services (Riverbed’s main focus is wide area application services and their wide area file services are not developed, supported or licensed by Microsoft, so will make uncomfortable bedfellows for many Windows administrators).

When I pressed Cisco for comment on Citrix’s solution, they made the point that WAN optimisation is not yet a mature market and it currently has half a dozen or more vendors competing whilst history from in other markets (e.g. SAN fabrics) would suggest that there will be a lot of consolidation before these solutions reach maturity (i.e. expect some vendors to fall by the wayside).

Citrix Branch Repeater/WANScaler

The Citrix Branch Repeater looks at the branch office problem from a different perspective – and, not surprisingly, that perspective is server-based computing, pairing with Citrix WANScaler in the datacentre. Originally based around Linux, Citrix now offer Branch Repeaters based on Windows Server.

When I spoke to one of Citrix’s product specialists in the UK, he explained to me that the WANScaler technologies used by the Branch Repeater include:

  1. Transparency – the header is left in place so there are no third-party network changes and there is no need to change QoS policies, firewall rules, etc.
  2. Flow control – similar to the Cisco WAAS algorithm (although, somewhat predictably, Citrix claim that their solution is slightly better than Cisco’s).
  3. Application support for CIFS, MAPI, TCP and, uniquely, ICA.

Whereas Cisco advocate turning off the ICA compression in order to compress at the TCP level, ICA is Citrix’s own protocol and they are able to use channel optimisation techniques to provide QoS on particular channels (ICA supports 32 channels in its client-server communications – e.g. mouse, keyboard, screen refresh, etc.) so that, for example, printing can be allowed to take a few seconds to cross the network but mouse, keyboard and screen updates must be maintained in near-real time. In the future, Citrix intend to extend this with cross-session ICA compression in order to use the binary history to reduce the volume of data transferred.

The Linux and Windows-based WANScalers are interoperable and, at the branch end, Citrix offers client software that mimics an appliance (e.g. for home-based workers) or various sizes of Branch Repeater with differing throughput capabilities running a complete Windows Server 2003 installation (not 2008) with the option of a built-in Microsoft ISA Server 2006 firewall and web caching server.

When I asked Citrix who they see as competition, they highlighted that one two companies have licensed Windows for use in an appliance (Citrix and Cisco) – so it seems that Citrix see Cisco as the competition in the branch office server/WAN optimisation appliance market – even if Cisco are not bothered about Citrix!

Summary

There is no clear “one size fits all” solution here and the Cisco Windows on WAAS and Citrix WANScaler solutions each provide significant benefits, albeit with a cost attached. When choosing a solution, it’s also important to consider the network traffic profile – including the protocols in use. The two vendors each come from a slightly different direction: in the case of Cisco this is clearly a piece of networking hardware and software which happens to run a version of Windows; and, for Citrix, the ability to manipulate ICA traffic for server-based computing scenarios is their strength.

In some cases neither the Cisco nor the Citrix solution will be cost effective and, if a third party manages the network, they may not even be able to provide any WAN optimisation benefits. This is why, in my customer scenario, the recommendation was to investigate the use of virtualisation to consolidate various physical servers onto a single Windows Server 2008 “branch office in a box”.

Finally, if such a project is still a little way off, then it may be worth taking a look the branch cache technology which is expected to be included within Windows Server 2008 R2. I’ll follow up with more information on this technology later.

Configuring a Cisco IP phone for VoIP using SIP

Posted on By Mark Wilson
This content is 16 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

Cisco logoOne of my projects at home has involved trying to get a variety of telephony systems to work together so that I can make voice over IP (VoIP) or plain old telephone service (POTS) as necessary to get the best call rates. In truth, it’s probably not about getting the best rates as our phone bill is already pretty small – maybe it’s just because the geek inside me wants to get an IP phone working on my desk… anyway, I still have a few pieces of the puzzle to fit in place but last week I had a major breakthrough in getting a Cisco IP phone to provide a voice over IP (VoIP) service using SIP. It was a long haul, but worth it in the end – and this is how it’s done…

Cisco IP Phone 7940GFirst of all I needed an IP Phone. I managed to pick up a brand new 7940G for £50 on eBay (a bargain) and this was perfect for me. Why a Cisco phone? Partly because we use them at work (so I know they are good phones – and I like the form factor – although I wish it had a backlit screen) but mostly because there are so many of them about – that means that plenty of people have tried to do this and there is information available on the web. Using a Cisco phone does cause a couple of problems though:

  1. The standard protocol used for VoIP is session initiation protocol (SIP) and Cisco IP phones don’t use SIP natively. Cisco has it’s own IP Telephony system (Call Manager) which uses SCCP; however they do provide SIP firmware for their 79xx IP phones.
  2. Some of the Cisco documentation and software is only available with a service contract and generating configuration details can be a challenge if you don’t have access to a Cisco Call Manager solution – thankfully everything I used for this is available on the ‘net through a variety of websites that are aimed at getting people up and running with VoIP solutions.

It’s also worth knowing that there are two types of configuration file for Cisco IP Phones:

  • The 79x0 models use a fairly simple configuration file.
  • The 79x1 models use an XML configuration, which is all very well if you have access to a Cisco Call Manager solution but not so well documented if you don’t.

I found that the 7940 is a good model to go for as it has been around for a while, there is plenty of information available, and it can be picked up for a reasonably low price (and it helped to know that one of my colleagues already had this solution working well for him!). The 7960 is similar but with support for more lines and there are other models available (e.g. cordless phones, or phones with colour screens). In addition, Linksys (owned by Cisco) sells some similar phones that do run SIP natively but I don’t know if they use the same firmware.

After choosing the phone there were a couple of other considerations:

With the phone powered on and able to download a configuration, I uploaded the necessary configuration files to the TFTP server. Cisco Document ID: 5455 – Converting a Cisco 7940/7960 CallManager Phone to a SIP Phone and the Reverse Process gives details of the required files but the main ones to know are:

  • OS79XX.TXT – tells the phone which firmware to use.
  • SIPDefault.cnf – configuration information relevant to all phones.
  • SIPmacaddress.cnf – configuration information relevant to a specific phones.

Other files that I have include:

  • RINGLIST.DAT – Lists audio files that provide the custom ring types.
  • CTU.raw – an audio file referenced by RINGLIST.DAT.
  • dialplan.xml – a dialplan.
  • Various firmware images named as follows:
    • P003x-xx-x-00.bin – universal application loader for upgrades from images earlier than 5.x.
    • P003x-xx-x-00.sbn – secure universal application loader for upgrades from images 5.x or later.
    • P0y3x-xx-x-00.loads – universal application loader and application image, where y represents the protocol of the application image (.loads) file: 0 for SCCP, and S for SIP.
    • P0y3x-xx-x-00.sb2 – application firmware image, where y represents the protocol used by the image: 0 for SCCP, and S for SIP.

With all the necessary files available on the TFTP server, I set about upgrading the firmware to the latest SIP release by editing the OS79XX.TXT file to read P0S3-08-2-00 and resetting the phone. The TFTP server log told me that the phone picked up the appropriate firmware release, but that it couldn’t find one of binary images (P0S3-08-2-00.bin)

After some research, it seems that POS3-08-x-00.bin does not seem to exist for any 8.x firmware:

Versions [6.x] and [7.x] seem to have P0S3-0xxx-00.BIN files which make it easy when upgrading from SCCP to SIP as all you have to do is rename the file it loads in OS79XX.TXT to one of these *.BIN files and its all done straight to SIP.

With version 8 series it doesn’t have these and that forces you to upgrade it in a 3 part reboot and load phase with[:]

XMLDefault.cnf.xml
[SEPmacaddress.cnf.xml]

That loads the *.loads file then it loads *.sbn and reboots
After warm reboot it loads *.sb2 which must be the sip software.

Then reboots again starting in sip and then provisions with[:]

SIPDefault.cnf
[SIPmacaddress.cnf]

Armed with this new information, I put the 7.4 SIP firmware into my TFTP root folder, edited OS79xx.TXT to read P0S3-07-4-00 and created an xmlDefault.CNF.XML file.

After booting the phone I was pleased to see a message that said Upgrading software but that pleasure soon ended as the upgrade never completed. Thankfully I hadn’t “bricked” the phone and, after another reboot, the phone showed a message which said Load ID Incorrect. The TFTP logs indicated that the phone was trying to load a file called SEPmacaddress.cnf.xml.

Googling turned up some more information and it turned out I was trying to go too far in one jump – my phone had been supplied with v3.x SCCP firmware and I was trying to go straight to v7.x firmware:

You have to upgrade to a new version of SCCP or older version of SIP before the bootloader on the phone will be able to handle the newer firmware […] you can either use an older version of SIP first, or a newer version of SCCP. Older SIP is probably easier – 6.3 is the newest you can use to then jump to 7.x and/or 8.x.

I put the v6.3 firmware on my TFTP server, edited OS79XX.TXT to read P0S3-06-3-00 and rebooted the phone. This time I saw the Upgrading Software message and watched the transfer take place.

After rebooting itself the phone came back up on the v6.3 firmware and was showing itself as Phone Unprovisioned.

I set about the second stage upgrade to v8.2 by editing OS79XX.TXT to P0S3-08-2-00 and rebooting the phone again. That didn’t help, but a further OS79XX.TXT edit from P0S3-08-2-00 to P003-08-2-00 did the trick as the Universal Application Loader booted.

Despite attempting to read non-existent files called CTLSEPmacaddress.tlv and SEPmacaddress.cnf.xml (the Cisco 7940 and 7960 IP Phones Firmware Upgrade Matrix explains the hunt algorithm employed by the Universal Application Loader) the phone downloaded the appropriate files and restarted to return as an unprovisioned device, finally running the v8.2 SIP firmware.

By this point, the TFTP logs were not much help as they didn’t indicate any errors but the status message on the phone gave me more clues:

W350 unprovisioned proxy_backup
W351 unprovisioned proxy_emergency
W362 No Valid Line Names Provisioned

The unprovisioned backup and emergency proxies didn’t bother me but I couldn’t understand why I had no valid lines provisioned. I had been trying to get the phone to use my Linksys SPA3102 as a SIP proxy but something was not quite right. In the end, I gave up and registered with SIPgate. After updating my configuration files to reflect the SIPgate account details, my phone picked up a valid line but couldn’t make or receive calls. Following advice on the SIPgate website, I made sure that the following ports were all open:

I’m not sure if all of these are strictly necessary but they seem to have got things working. The final contents of my configuration files are detailed below, after the TFTP log from a successful boot:

Connection received from ipaddress on port 50967 [25/07 00:41:32.672]
Read request for file <CTLSEPmacaddress.tlv>. Mode octet [25/07 00:41:32.672]
File <CTLSEPmacaddress.tlv> : error 2 in system call CreateFile The system cannot find the file specified. [25/07 00:41:32.672]
Connection received from ipaddress on port 50968 [25/07 00:41:32.703]
Read request for file <SEPmacaddress.cnf.xml>. Mode octet [25/07 00:41:32.703]
File <SEPmacaddress.cnf.xml> : error 2 in system call CreateFile The system cannot find the file specified. [25/07 00:41:32.703]
Connection received from ipaddress on port 50969 [25/07 00:41:32.719]
Read request for file <SIPmacaddress.cnf>. Mode octet [25/07 00:41:32.719]
Using local port 1203 [25/07 00:41:32.719]
<SIPmacaddress.cnf>: sent 2 blks, 632 bytes in 0 s. 0 blk resent [25/07 00:41:32.735]
Connection received from ipaddress on port 50970 [25/07 00:41:32.766]
Read request for file <P0S3-08-2-00.loads>. Mode octet [25/07 00:41:32.781]
Using local port 1204 [25/07 00:41:32.781]
<P0S3-08-2-00.loads>: sent 1 blk, 461 bytes in 0 s. 0 blk resent [25/07 00:41:32.781]
Connection received from ipaddress on port 50962 [25/07 00:41:54.672]
Read request for file <SIPDefault.cnf>. Mode octet [25/07 00:41:54.672]
Using local port 1205 [25/07 00:41:54.672]
<SIPDefault.cnf>: sent 2 blks, 925 bytes in 0 s. 0 blk resent [25/07 00:41:54.688]
Connection received from ipaddress on port 50963 [25/07 00:41:54.813]
Read request for file <SIPmacaddress.cnf>. Mode octet [25/07 00:41:54.828]
Using local port 1206 [25/07 00:41:54.828]
<SIPmacaddress.cnf>: sent 2 blks, 632 bytes in 0 s. 0 blk resent [25/07 00:41:54.828]
Connection received from ipaddress on port 50967 [25/07 00:41:56.891]
Read request for file <RINGLIST.DAT>. Mode octet [25/07 00:41:56.891]
Using local port 1207 [25/07 00:41:56.891]
Connection received from ipaddress on port 50974 [25/07 00:41:56.907]
<RINGLIST.DAT>: sent 1 blk, 15 bytes in 0 s. 0 blk resent [25/07 00:41:56.907]
Read request for file <dialplan.xml>. Mode octet [25/07 00:41:56.907]
Using local port 1208 [25/07 00:41:56.907]
<dialplan.xml>: sent 1 blk, 104 bytes in 0 s. 0 blk resent [25/07 00:41:56.907]

OS79XX.TXT

P003-08-2-00

SIPDefault.cnf

;begin
image_version: P0S3-08-2-00
proxy_register: 1
dial_template: dialplan
tftp_cfg_dir: “”
sntp_server: “ntp.sipgate.net”
sntp_mode: unicast
time_zone: GMT
dst_offset: 1
dst_start_month: March
dst_start_day_of_week: Sun
dst_start_week_of_month: 8
dst_start_time: 01
dst_stop_month: Oct
dst_stop_day_of_week: Sun
dst_stop_week_of_month: 8
dst_stop_time: 02
dst_auto_adjust: 1
time_format_24hr: 1
date_format : D/M/Y

# NAT/Firewall Traversal
nat_enable: 1 ; 0-Disabled (default), 1-Enabled
nat_address: “” ; WAN IP address of NAT box (dotted IP or DNS A record only)
voip_control_port: 5060 ; UDP port used for SIP messages (default – 5060)
start_media_port: 8000 ; Start RTP range for media (default – 16384)
end_media_port: 8012 ; End RTP range for media (default – 32766)
nat_received_processing: 0 ; 0-Disabled (default), 1-Enabled
outbound_proxy_port: 5082
telnet_level: 2
;end

SIPmacaddress.cnf

;begin
image_version: P0S3-08-2-00
phone_label : “markwilson.it ” ; Has no effect on SIP Messaging
line1_name : “sipgateid” ; SIPgate device ID#
line1_authname : “sipgateid” ; SIPgate device ID#
line1_password : “sipgatepassword” ; SIPgate device password
line1_shortname : “phonenumber”
line1_displayname : “phonenumber”
proxy1_address : “sipgate.co.uk”
proxy1_port : 5060
line2_displayname: “”
line2_shortname: “”
line2_name: UNPROVISIONED
line2_authname: “UNPROVISIONED”
line2_password: “UNPROVISIONED”
proxy2_address : “”
proxy2_port : 5060
phone_password: “password”
logo_url: “http://webserver/sipgate.bmp”
directory_url: “http://webserver/directory.xml”
;end

RINGLIST.DAT

CTU CTU.raw

xmlDefault.CNF.XML





2000
2427 2428



P0S3-07-4-00






Further information

Here are some of the sites that I found particularly useful as I went through this process:

[update 10 September 2009: Here’s another useful resource on how to set up a cisco 7940 and 7941 IP phone to do SIP.]

[update 27 March 2010: Tyler Winfield’s article on configuring Cisco IP phones with Asterisk is very thorough and easy to read – even if you’re not using Asterisk.]