Traditionally this service is provided via its supplied Fritzbox router, utilising its FXS port to supply telephony to analogue devices.

As the service is SIP based, it is possible to connect direct via SIP phones or Asterisk which is ideal should the Fritzbox not be suitable for your requirements. While this is permitted by Zen, it is unsupported.

Here are a couple of examples of getting connected to Zen DV without the use of the Fritzbox.

A Pre-Setup Warning

This process involves exposing a SIP server / device to the internet, this protocol is constantly targeted by hackers and fraudsters due to its reward for exposing a vulnerable system.

For example, hackers can exploit a system to generate high volumes of calls on your account for either their own benefit (calling a premium rate number they setup) or for the sheer fun of it, while fraudsters could use your “line” to make robocalls to other phone numbers.

Therefore, it is imperative to limit the service’s exposure to only the IP’s listed below, if your router is unable to open ports to specified addresses, consider upgrading or not proceeding.

Network

From a network point of view, VoIP is split into two sections; Signalling (SIP) that deals with the actions of a call, such as “start ringing” and “hangup now”. The Media (RTP) solely deals with the audio of the call and its setup is defined via the SIP signalling.

Uniquely For the DV service, Zen employs a separate server each for inbound and outbound calls:

SIP Inbound:
voip.zen.co.uk – 212.23.7.228

SIP Outbound:
voip2.zen.co.uk – 212.23.7.235

Media uses a common range:

RTP Media:

62.3.88.0/28
62.3.88.16/28

Ports used by the service are the standard:

SIP: 5060
RTP: 10000 – 20000

Setup

As we are trying to mimic the Fritzbox, which is the first point of contact from the internet, the above ports need to be passed onto your SIP device. As this could pass any internet traffic on these ports to the device it’s a good idea to limit these open ports to only the IPs above too.

This will differ depending on the router used, as an example this is how to set it up on a Draytek router:

Allowed Client List / Whitelist

In the router’s web interface, navigate to Objects Setting >> IP Object, add the IPs:

These need to be grouped together, in Objects Setting >> IP Groups, add these IPs into the group:

Open Ports

Now there is a list of allowed IPs, the ports can be opened, in NAT >> Open Ports, edit an index, setting:

WAN Interface: Port connected to Zen internet
Source IP: The group created above
Private IP: Local IP of SIP device
Ports: Open UDP ports 5060 and a range 10000-20000

Now VoIP traffic is forwarding to the device, it can be configured…

SIP

To authenticate with the service the phone number {number} (full number including area code, in national format, i.e starting 01 or 02) will be used as the username, and you’ll need the password {password}(secret). The password is available via the old Zen portal for legacy customer (https://portal.zen.co.uk/) or by contacting Zen and asking for “your VoIP password”.

Asterisk

As there are two servers in use for SIP signalling, two trunks are required on the PBX:

Trunk 1 – Inbound; This just needs to accept calls from Zen’s server so is pretty basic:

type=peer
trustrpid=yes
nat=yes
insecure=invite
host=voip.zen.co.uk
disallow=all
allow=alaw

Trunk 2 – Outbound; This contains authentication to login (register) to the service and make calls:

type=peer
secret={password}
host=voip2.zen.co.uk
fromuser={number}
disallow=all
authuser={number}
allow=alaw
nat=yes
insecure=invite
fromdomain=voip2.zen.co.uk
defaultuser={number}

The outbound trunk also requires the registration details, this allows Zen’s servers to recognise that your service is online and ready for calls:

{number}:{password}@voip2.zen.co.uk/{number}

If you’d like to monitor the connection, you’d see this in sngrep:

Note even when setup correctly, the initial registration attempt will fail as Asterisk attempts to register without authentication, upon the 401 error it will then attempt registration with authentication details and receive the 200 OK response and so registered to the service.

SIP Phone

To connect directly to SIP device, it’s mainly a case of just getting the phone to register, from there the Zen server will know it is logged in for calls and take it from there. The generic details needed are below, apply this best to the terminology used by the device:

Username / Register Name: {number}
Password / Secret: {password}

Server / Registrar / Host: voip2.zen.co.uk
Transport / Protocol: UDP
Port: 5060

For example, this is a setup of a Yealink phone:

If setup correctly, the registration status should state “Registered”.

This is for Yealink devices but will likely be applicable for other vendors, you will need to change the following settings in Features >> General Information:

Accept SIP Trust Server Only: This needs to be disabled as inbound calls come from a different server than the device is registered to.

Allow IP Call: Important to disable especially if there is no IP whitelisting on the router, this stops random or “ghost” calls generated by hackers trying to find a response from internet facing phones. This will not be an issue if you are able to restrict open WAN ports to allowed IP’s, but if not, this helps.

Conclusion

Setup, you should be able to use your Zen DV number with your VoIP / SIP devices.

For a single phone this is a simple solution, but for multiple phones around the home your either limited to only cordless phones from the likes of Yealink or Gigaset (where the base unit is the controller and SIP registration device).

But for a combination of landline and cordless, the VoIP revolution means the end of an era of running an extension cable to the next phone, you’ll need a local PBX of some sort to handle signalling.

Finale

This is also likely an end of an era for my VoIP based posts, as I have left my telecoms role for something different.

I may return sporadically to VoIP postings if I find a home use for it, or revive a post that didn’t quite get there. But for now, it’s a goodbye to SIP.

So why not, nearly 16 years after the show started, try and get one of these working on an Asterisk PBX? At work we had a number of similar 7940 models that hadn’t be used for years, so why not give it a try…

History

When the show started in 2005, these phones would need an entire Cisco ecosystem to support it, as it was essentially locked to Cisco’s propriety SCCP system. It was later and when the models were approaching end of life that a firmware update allowed it to communicate over SIP, therefore making it compatible with many more systems.

Before going further, I should note that I the telephony world, these things are ancient and have fallen way behind the capability that modern phones can offer. I would recommend these as a novelty and not be considered for deployment as it requires a lot of manual setup for little return, as we’ll go into….

Requirements

PBX: SIP based, for this example I’ll be using FreePBX, based on Asterisk.

Firmware: Dependent on what’s already loaded on the phone, you may need to source the P0S3-8-12-00 firmware that enables SIP. It can still be found with enough searching online.

TFTP Server: The 7940 can only be configured via TFTP and cannot be setup manually on the phone, so this is essential. In this example I’ll be using Windows Server 2019 and repurposing the TFTP element of Windows Deployment Services.

DHCP Options: The phones are pointed to the TFTP server via DHCP Options, a router or DHCP server capable of these is required. I’ll be setting this up on a Draytek 2862.

HTTP Server: Should you wish to add Services and a Directory, the phone pulls this information via HTTP.

Setup

TFTP Server

In Windows Server 2019, open Server Manager and start the Add Roles and Features Wizard.

In Server Roles, tick Windows Deployment Services

Then in Role Services, select just Transport Server to enable TFTP.

By default, Windows uses TFTP exclusively to deploy Windows images on client machines, so we’ll need to make a registry edit to allow the server to provide all files.

Open RegEdit, and navigate to:

Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WDSServer\Providers\WDSTFTP

TFTP files are served from C:\RemoteInstall by default, this can be changed by editing RootFolder value.

Edit ReadFilter value to add \* to allow all files to be read in the root folder.

To re load these changes, restart Windows Deployment Services Server from the Services folder.

DHCP Options

To allow the phone to know where the TFTP server is on boot, DHCP Option 150 is used to direct the phone.

Logged into the Draytek 2862, navigate to LAN –> General Setup –> DHCP Server Option button.

Enter Option Number 150, and enter the server IP address in the Data field:

To check its working, plug the phone into the network, after initial loading it will start looking for files at the server’s IP address.

Config Files

All of the phone’s functionality is provided by the config files. As a minimum the phone requires the following for use with SIP:

SIPDefault.cnf – Common configuration for all phones on the network, containing info such as SIP server.

SIP<MAC Address>.cnf – Phone’s individual config, such as extension registration info. File is named SIP001D45000000.cnf where 001D45000000 is the MAC address of the phone.

If your phone is loaded with SCCP firmware, for instance if it was pulled from a Cisco infrastructure environment, the phone will attempt to pull a different set of files from the TFTP server.

To identify SCCP firmware, when loading the top black bar will lack the “SIP” logo on the right.

If it is the older firmware, additional files are needed to instruct the phone to update its firmware:

XMLDefault.cnf.xml – First file served, specifies the firmware to load.

OS79XX.TXT – An alternative firmware pointer file.

Then you will need the firmware files, for reference / search purposes, these are the files needed:

P0S3-8-12-00.loads
P0S3-8-12-00.sb2
P0S3-8-12-00.tar
P0S3-8-12-00.bin
P0S3-8-12-00.sbin

Factory Reset

If the phone already loads and gives an extension, it will need to be factory reset:

With the phone unpowered, hold the # key. While holding, connect power to the phone and release the # key when the Headset, Mute and Speaker buttons start lighting in sequence.

Next whiles lights are still in sequence, press 123456789*0#.

When reset menu appears, press 2 to say no to keep network settings.

Phone will reboot and is ready to provision.

Provisioning

DHCP Option, TFTP Server, files in place, the phone can now be provisioned.

Dependant on firmware level it will take up to 5mins to upgrade and provision, during which and if all goes well will get some comforting references to the files served by the TFTP server.

You now have a Dunder Mifflin issued extension.

Installing and poking around the GUI is all well and good but to really find out how a PBX behaves it needs some traffic, to find outs its performance in regards to resources but also to find out what a vendor’s interpretation of an advertised feature actually is.

To generate sample calls, instead of registering handsets/softphones and dialling manually it would be better to automate this, and SIPp is the perfect tool for this.

SIPp is an open source SIP testing tool for stress testing PBX’s, but it can also be used more modestly so it can generate more real-world scenarios to simulate typical calls. This can also be beneficial when testing and reviewing complex call flows through a system before deploying.

Environment

In this example I would be using a local CentOS 7 Virtual Machine to host the SIPp application, with the PBX sitting remotely and network access via VPN for the testing period.

The PBX will also have a trunk set to allow calls in from the CentOS box and a DDI assigned.

Installation

Installation on CentOS is easiest via yum and the EPEL repositories.

From a clean install run:

yum update
yum install epel-release
yum install sipp 

Operation

Once installed its as easy to run as running the program from the command line, but getting the results you are looking for requires a lot of switches and a scenario file.

The simplest way to look at this is the switches take care of the targeting and rate of the calls, where the scenario file simulates the calling person, and can be set to imitate speech (RTP streams), dtmf inputs and even introduce packet loss to measure quality of calls. Essentially a profile of a call is contained within the scenario file.

As an example, this is a typical command I use for testing a very modest call load:

sipp -sf file.xml -trace_err -trace_msg -i 10.20.30.40 -r 1 -rp 10000 -l 100 -m 50 -s 12345678901 10.100.100.100

To break down this command and make it more understandable:

• -sf {FILENAME} – Scenario file.
• -trace_err – Print errors to file, for troubleshooting.
• -trace_msg – Print verbose log to file, for troubleshooting.
• -i {IPADDRESS} – RTP stream (Audio) source.
• -r {NUMBER} – Call Rate – Rate that calls are attempted.
• -rp {NUMBER} – Rate Period – Number defined in Call Rate are spread over the Rate Period.
• -l {NUMBER} – Max number of concurrent calls.
• -m {NUMBER} – Total number of calls to attempt.
• -s {NUMBER}- SIP number to dial and server.
• “10.100.100.100” – PBX server IP

Scenario File

As mentioned, the scenario file contains the simulation of a call from a calling party.

SIPp has a number of template scenario files in XML format available on their Sourceforge page, these can be download and modified as needed.

For example, below is my modification of the uac_pcap.xml template, this is a simple file that connects and plays an RTP stream (from a pcap file) for two minutes before hanging up:

  <scenario name="UAC with media">
 <!-- CALL SETUP         -->
   <send retrans="500">
     <![CDATA[
  
       INVITE sip:[service]@[remote_ip]:[remote_port] SIP/2.0
       Via: SIP/2.0/[transport] [local_ip]:[local_port];branch=[branch]
       From: 01234567890 <sip:01234567890@[local_ip]:[local_port]>;tag=[call_number]
       To: sut <sip:[service]@[remote_ip]:[remote_port]>
       Call-ID: [call_id]
       CSeq: 1 INVITE
       Contact: sip:sipp@[local_ip]:[local_port]
       Max-Forwards: 70
       Subject: Performance Test
       Content-Type: application/sdp
       Content-Length: [len]
  
       v=0
       o=user1 53655765 2353687637 IN IP[local_ip_type] [local_ip]
       s=-
       c=IN IP[local_ip_type] [local_ip]
       t=0 0
       m=audio [auto_media_port] RTP/AVP 8
       a=rtpmap:8 PCMA/8000
       a=rtpmap:101 telephone-event/8000
       a=fmtp:101 0-11,16
  
     ]]>
   </send>
  
   <recv response="100" optional="true">
   </recv>
  
   <recv response="180" optional="true">
   </recv>
  
   <send>
     <![CDATA[
  
       ACK sip:[service]@[remote_ip]:[remote_port] SIP/2.0
       Via: SIP/2.0/[transport] [local_ip]:[local_port];branch=[branch]
       From: sipp <sip:sipp@[local_ip]:[local_port]>;tag=[call_number]
       To: sut <sip:[service]@[remote_ip]:[remote_port]>[peer_tag_param]
       Call-ID: [call_id]
       CSeq: 1 ACK
       Contact: sip:sipp@[local_ip]:[local_port]
       Max-Forwards: 70
       Subject: Performance Test
       Content-Length: 0
  
     ]]>
   </send>
   <!-- PLAY RTP STREAM         -->
   <nop>
     <action> 
         <exec play_pcap_audio="pcap/g711a_600.pcap"/>
     </action>
   </nop>
  
   <!-- SET CALL LENGTH                                                        -->
   <pause milliseconds="120000"/>
  
   <send retrans="500">
     <![CDATA[
  
       BYE sip:[service]@[remote_ip]:[remote_port] SIP/2.0
       Via: SIP/2.0/[transport] [local_ip]:[local_port];branch=[branch]
       From: sipp <sip:sipp@[local_ip]:[local_port]>;tag=[call_number]
       To: sut <sip:[service]@[remote_ip]:[remote_port]>[peer_tag_param]
       Call-ID: [call_id]
       CSeq: 2 BYE
       Contact: sip:sipp@[local_ip]:[local_port]
       Max-Forwards: 70
       Subject: Performance Test
       Content-Length: 0
  
     ]]>
   </send>
  
   <recv response="200" crlf="true">
   </recv>
  
   <!-- definition of the response time repartition table (unit is ms)   -->
   <ResponseTimeRepartition value="10, 20, 30, 40, 50, 100, 150, 200"/>
  
   <!-- definition of the call length repartition table (unit is ms)     -->
   <CallLengthRepartition value="10, 50, 100, 500, 1000, 5000, 10000"/>
  
 </scenario> 

Personal Observations

This is a great tool for automation in the testing phase of a new platform deployment, and you can easily generate calls in numbers considered unfeasible when using traditional desk and soft phones, plus this method allows all phones in the test bed to become call recipients, increasing the user base to more accurately test a platform.

In addition to the PBX this tool also tests the network that provides connectivity to the phone system, this was highlighted to me when testing with traffic going over a VPN, and discovered that the VPN gateway could not cope with more than 10 concurrent calls despite having enough bandwidth available.

As a final note I recommend to start a test with minimal call volume ad scale from there. Whilst SIPPp can simulate calls, these aren’t as organic as the real world. I managed to knock a live system offline with as little as 100 generated calls, due in part to 100 SIP invites being sent within one second.

Oh, and don’t introduce a load of test calls to a flow where the final destination is a voicemail, I found that out the hard way!

The simple step to prevent unauthorised access is to delete / change the secret to the extension, if your will to put up with the constant failed registration attempts. But what about the personal data on the phone? BLFs, local directories and the like.

Yealink devices since firmware version 81 have had the ability to factory reset via a SIP notify command, meaning should a phone still be online, a factory reset can be handled remotely and without end user intervention.

Phone Setup

Remote reset is disabled by default, to enable it add the following to the provisioning template:

sip.notify_reset.enable = 1

Note: If you’d like to incorporate this with new deployments, ensure you also add the following to ensure sip notify commands are only trusted from registrar server.

account.1.sip_trust_ctrl = 1

PBX Setup

Via SFTP, Log in to the PBX and navigate to /etc/asterisk to locate the sip_notify.conf file.

Here there may be a few variants of the sip_notify.conf, such as sip_notify_additional.conf and sip_notify_custom.conf, choose the variant that does not contain the “do not edit” warning within the contents.

In the correct file, add the following lines of code:

[yealink-reset]
Event=>reset

Next, log into the CLI (command line interface) of the PBX via SSH.

Enter asterisk -rvvv to open the Asterisk CLI at verbose level 3.

Enter reload to load the newly added code into the system.

Resetting

Now the reset command can be issued in the Asterisk CLI:

Asterisk Versions 1-3:

Sip notify yealink-reset NNNN

Asterisk Versions 13 onwards:

pjsip send notify yealink-reset endpoint NNNN

Where NNNN is the phones’ extension number.

All things well, you will get conformation of the Notify command being send, shortly followed by the device dropping offline.

Note: If you take advantage of the Yealink Remote Provisioning Service, remember to remove the device or enter sinkhole credentials, otherwise the phone will re-provision and come straight back to you.