Child pages
  • How to auto-provision VPN Patch to your desk phone


Contents

Since Firmware version 8.7.5.15 and 8.9.3.5 the VPN feature is no longer shipped with the default firmware due to security considerations. Snom now separates the base firmware and the VPN patch as two separate files.

Due to the change, to update the firmware on your phones via provisioning, or manual upgrade, you must;


  1. update the firmware 
  2. change the firmware link to the VPN one and update again.


Unfortunately, it isn't possible to combine the VPN patch and the firmware via Provisioning. During provisioning, you can distinguish between phones with VPN enabled and the phones that do not, using the "X-snom-Vpn: supported" HTTP header. This header is added to the provisioning requests by phones with the VPN patch already installed. In this way, you can deploy the VPN patch to the phones that do not have the header.


  • Attached you can find the check_vpn.php script.
  • This example shows how to patch the Snom D765; Modify it as needed.
  • This script defines the function vpn_auto_patch( )


Such function do the following tasks:

  • if the firmware version is prior to 8.7.5.15 => do nothing
  • if the firmware version is prior to 8.9.3.5 => do nothing
  • if the request contains the X-snom-vpn: available => do nothing

in all the other cases provides the XML to perform the upgrade:

<?xml version="1.0" encoding="utf-8"?>
<settings e="2">
    <phone-settings e="2">
        <update_policy>auto_update</update_policy>
        <firmware_status>{{THE_SCRIPT_URL}}?snom-vpn-patch-fw=true</firmware_status>
    </phone-settings>
</settings>

and in case the request contains snom-vpn-patch-fw=true in the query string:

<?xml version="1.0" encoding="utf-8"?>
<firmware-settings>
    <firmware perm="">http://downloads.snom.com/fw/snom760-vpnfeature-r.bin</firmware>
</firmware-settings>

The firmware patch URL comes from the array defined at the top of the file.


I modified the snomD765-vpn.php adding the following 2 lines:

require_once('check_vpn.php');
vpn_auto_patch();

Example:

<?php
require_once('check_vpn.php');
vpn_auto_patch();


if (isset($_GET['mac']) && !empty($_GET['mac'])){
    $mac = $_GET['mac'];
}else{
    $mac = "generic";
}