f l a m e . o r g

organized flames

D-Link VTA-VR with Asterisk

Posted on June 05, 2009

While walking around a local store, I came upon the clearance isle and found a D-Link VTA-VR in an opened package. Seeing the price was $25 (which read as $15 at the register) I thought I’d give it a try. The goal is to rip it from its Vonage branding and make it speak to my Asterisk server.

It worked, mostly. There are many guides on the net on how to deal with this device, but it turns out the default password was already open, so perhaps someone had already cracked it for me. Thanks, if so.

The box has two phone jacks, but my first goal was to get just one of them working. This turns out to be trivial – just configure the username, password, and the proxy and away it goes.

The second line turned out to be a problem. This client, like so many other cheap devices, seems to break the SIP protocol. For one, both lines share a single UDP agent port (defaults to 10000, I set it to 5060 for packet capture filter sanity.) This is ok but, when registering at least, Asterisk would often (but not always) report “expired nonce.”

What is an “expired nonce” you ask? It is part of the registration protocol. Basically, the SIP device sends a REGISTER requeest without any login information, and it receives an UNAUTHORIZED response. In that response, however, is some information which can be combined with a username and a password that the client and server know, to generate an authentication token. Part of this is called a “nonce” which is really just a little bit of random data that prevents certain security attacks.

What I was seeing is this:

VTA:  REGISTER for line 1
Asterisk:  UNAUTHORIZED retry with nonce [123456]
VTA:  REGISTER for line 2
Asterisk:  UNAUTHORIZED retry with nonce [abcdef]
VTA:  REGISTER for line 1 with nonce [123456]
Asterisk:  Expired nonce [123456] retry with [deadbeef]
VTA:  REGISTER for line 2 with nonce [abcdef]
Asterisk:  Expired nonce [abcdef] retry with [feedme]
...

The VTA would never recover from this. A bit of random jitter between registration attempts, or only attempting one at a time, would fix this. Using different ports on the VTA device would fix this, but there is no configuration option for that. If the VTA used a different Call-ID for each registration request, it would work.

Unfortunately, there seems to be no way to get both lines working reliably with a single Asterisk server.

There are several hacks I can think of, one is to install a SIP proxy that can register the second line, but would really just proxy the connection to the Asterisk server. Another would be to cause Asterisk to listen on more than one port, and use different ports per line. I don’t think that’s easy or even possible.

Another option would be to hack Asterisk to make it understand that a very popular firmware is rather broken, and it should just expire a nonce based on more criteria than it uses now. Right now, for a given Call-ID, there can be but one nonce. If a new one is issued, the old goes away. If Asterisk were to maintain a linked list of possible values and expire them all when one is found to be working, this might work. It would delay line 2 registration, but that’s quite acceptable.

Myth Busting

I’d also like to dispel some myths that many VTA-VR hacking pages are saying, usually referring to each other in the process.

The VTA-VR uses four UDP ports: One for the shared “agent port”, one for each line’s SIP proxy (usually both are 5060, this is the port the Asterisk server listens on), and one for TLS (which I do not use, but it defaults to 5061.) You cannot set the proxy port to something other than what the asterisk server is listening on, so any comments like “you need to use different ports” is just wrong, as unless your Asterisk server is accepting connections on more than one port, it won’t work.

Setting the “user agent” port to 5060 is handy. If you do this, you can set the defaultip=10.42.1.2 in sip.conf for that line, and even if the device is not registered, Asterisk will still send calls there. This is somewhat scary, but it does seem to work. Sometimes.

Changing the timers does not help a great deal. They are defaults, it’s best to leave them alone.