SOLVED Linphone Provisioning template

[cemotyz09]

Provisioning template for linphone. If anyone has any improvements please share. you'd have to add the directory and correct the permissions. Be aware that secure calling is enabled in this template.

tree /var/www/fusionpbx/resources/templates/provision/ |grep linphone
├── linphone
│       └── {$mac}-linphone.xml

<?xml version="1.0" encoding="UTF-8"?>
<config xmlns="http://www.linphone.org/xsds/lpconfig.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.linphone.org/xsds/lpconfig.xsd lpconfig.xsd">
  <section name="misc">
    <entry name="transient_provisioning" overwrite="true">1</entry>
    <entry name="uuid" overwrite="true">317971da-65c4-419f-a0ca-69fe26523e2b</entry>
  </section>
  <section name="sip">
    <entry name="verify_server_certs" overwrite="true">0</entry>
    <entry name="verify_server_cn" overwrite="true">0</entry>
    <entry name="media_encryption" overwrite="true">srtp</entry>
  </section>
  <section name="ui">
    <entry name="exit_on_close" overwrite="true">1</entry>
    <entry name="logs_enabled" overwrite="true">1</entry>
  </section>
  <section name="audio_codec_0">
    <entry name="mime" overwrite="true">opus</entry>
    <entry name="enabled" overwrite="true">1</entry>
  </section>
  <section name="audio_codec_1">
    <entry name="mime" overwrite="true">G722</entry>
    <entry name="enabled" overwrite="true">1</entry>
  </section>
  <section name="audio_codec_2">
    <entry name="mime" overwrite="true">speex</entry>
    <entry name="enabled" overwrite="true">0</entry>
  </section>
  <section name="audio_codec_3">
    <entry name="mime" overwrite="true">speex</entry>
    <entry name="enabled" overwrite="true">0</entry>
  </section>
  <section name="audio_codec_4">
    <entry name="mime" overwrite="true">PCMU</entry>
    <entry name="enabled" overwrite="true">1</entry>
  </section>
  <section name="audio_codec_5">
    <entry name="mime" overwrite="true">PCMA</entry>
    <entry name="enabled" overwrite="true">1</entry>
  </section>
  <section name="audio_codec_6">
    <entry name="mime" overwrite="true">GSM</entry>
    <entry name="enabled" overwrite="true">0</entry>
  </section>
  <section name="audio_codec_7">
    <entry name="mime" overwrite="true">G729</entry>
    <entry name="enabled" overwrite="true">0</entry>
  </section>
  <section name="audio_codec_8">
    <entry name="mime" overwrite="true">speex</entry>
    <entry name="enabled" overwrite="true">0</entry>
  </section>
  <section name="audio_codec_9">
    <entry name="mime" overwrite="true">BV16</entry>
    <entry name="enabled" overwrite="true">0</entry>
  </section>
  <section name="audio_codec_10">
    <entry name="mime" overwrite="true">L16</entry>
    <entry name="enabled" overwrite="true">0</entry>
  </section>
  <section name="audio_codec_11">
    <entry name="mime" overwrite="true">L16</entry>
    <entry name="enabled" overwrite="true">0</entry>
  </section>
  <section name="video_codec_0">
    <entry name="mime" overwrite="true">VP8</entry>
    <entry name="rate" overwrite="true">90000</entry>
    <entry name="enabled" overwrite="true">1</entry>
  </section>
  <section name="video_codec_1">
    <entry name="mime" overwrite="true">H264</entry>
    <entry name="enabled" overwrite="true">1</entry>
  </section>
  <section name="proxy_default_values">
    <entry name="avpf" overwrite="true">0</entry>
  </section>
  <section name="auth_info_0">
    <entry name="username" overwrite="true">{$account.1.user_id}</entry>
    <entry name="ha1" >{$account.1.password}</entry>
    <entry name="realm" overwrite="true">{$account.1.server_address}</entry>
    <entry name="domain" overwrite="true">{$account.1.server_address}</entry>
    <entry name="algorithm" overwrite="true">MD5</entry>
  </section>
  <section name="proxy_0">
    <entry name="reg_proxy" overwrite="true">&lt;sip:{$account.1.server_address};transport={if $account.1.sip_transport == 'udp'}udp{/if}{if $account.1.sip_transport == 'tcp'}tcp{/if}{if $account.1.sip_transport == 'tls'}tls{/if}&gt;</entry>
    <entry name="reg_identity" overwrite="true">"{$account.1.display_name}" &lt;sip:{$account.1.user_id}@{$account.1.server_address}&gt;</entry>
    <entry name="reg_route" overwrite="true">&lt;sip:{$account.1.server_address};transport={if $account.1.sip_transport == 'udp'}udp{/if}{if $account.1.sip_transport == 'tcp'}tcp{/if}{if $account.1.sip_transport == 'tls'}tls{/if}&gt;</entry>
    <entry name="realm" overwrite="true">{$account.1.server_address}</entry>
    <entry name="reg_expires" overwrite="true">3600</entry>
    <entry name="reg_sendregister" overwrite="true">{if $account.1.enabled == 'true'}1{else}0{/if}</entry>
    <entry name="publish" overwrite="true">1</entry>
    <entry name="dial_escape_plus" overwrite="true">0</entry>
  </section>
    <section name="auth_info_1">
    <entry name="username" overwrite="true">{$account.2.user_id}</entry>
    <entry name="ha1" overwrite="true">{$account.2.password}</entry>
    <entry name="domain" overwrite="true">{$account.2.server_address}</entry>
    <entry name="realm" overwrite="true">{$account.2.server_address}</entry>
    <entry name="algorithm" overwrite="true">MD5</entry>
  </section>
  <section name="proxy_1">
    <entry name="reg_proxy" overwrite="true">&lt;sip:{$account.2.server_address};transport={if $account.2.sip_transport == 'udp'}udp{/if}{if $account.2.sip_transport == 'tcp'}tcp{/if}{if $account.2.sip_transport == 'tls'}tls{/if}&gt;</entry>
    <entry name="reg_identity" overwrite="true">"{$account.2.display_name}" &lt;sip:{$account.2.user_id}@{$account.2.server_address}&gt;</entry>
    <entry name="reg_route" overwrite="true">&lt;sip:{$account.2.server_address};transport={if $account.2.sip_transport == 'udp'}udp{/if}{if $account.2.sip_transport == 'tcp'}tcp{/if}{if $account.2.sip_transport == 'tls'}tls{/if}&gt;</entry>
    <entry name="realm" overwrite="true">{$account.2.server_address}</entry>
    <entry name="reg_expires" overwrite="true">3600</entry>
    <entry name="reg_sendregister" overwrite="true">{if $account.2.enabled == 'true'}1{else}0{/if}</entry>
    <entry name="publish" overwrite="true">1</entry>
    <entry name="avpf" overwrite="true">0</entry>
    <entry name="dial_escape_plus" overwrite="true">0</entry>
  </section>
</config>

 

[Adrian Fretwell]

Thank you for sharing.

 

[bcmike]

Thanks!

Would you happen to know how you pass http auth credentials in the provisioning URL for Linphone? I have been trying https://username:password@subdomain.domain.com/app/provision/[MACADDRESS] but it doesn't seem to like it.

 

[cemotyz09]

As far as I can tell it doesn't accept authentication. I use a letsencrypt cert so it uses https.

 

[bcmike]

As far as I can tell it doesn't accept authentication. I use a letsencrypt cert so it uses https.

I would be very careful doing this over a public network without authentication. If somebody can guess your mac (or whatever you use as an identifier) then they can download the provisioning file and get your sip credentials (unless there's something I'm missing??). Http auth isn't perfect but it does put up more of a barrier especially if you pair it with fail2ban.

It's too bad, for us that's a deal breaker. Thanks for sharing though!

 

[cemotyz09]

This is for a home network in my case so it's less of an issue for me but good info for others.

 

[cemotyz09]

Also linphone supports md5 hashing of passwords so I use that as well