The RT31P2 is a broadband router with two integrated VOIP ports. Most variants are locked to a particular service provider. This is my attempt to find out how to re-use the box I bought second hand without realising this.. oops...
This is merely a set of notes written as I find things, so please do not expect a full and detailed description about how to unlock the unit, however if it's of use to you in coming up with a solution, please do email me!
My email address is robert@ this domain name!
Started 10am 23rd May 2006 Connected the router to a hub and to my laptop. Run a local dhcp server, but no dns nor gateway specified. Running ethereal to monitor traffic. TEST ONE With NO dns address supplied to the router - After initial dhcp negotiations (router is given 192.168.15.31) 15 seconds afrer powerup Router sends a dns query to 216.115.31.140 for time.vonage.net (five times) Router sends a dns query to 216.115.24.230 for time.vonage.net (four times) Router sends a dns query to 216.115.31.140 for c.voncp.com Router sends a dns query to 216.115.24.230 for c.voncp.com Router sends a dns query to 216.115.31.140 for c.voncp.com 30 seconds after powerup router then sends a dns query to the dhcp server address for time.vonage.net Router sends a dns query to 216.115.31.140 for c.voncp.com there are a further 16 queries for these two hostnames spread across the three possible server addresses Sequence them seems to repeat, looking for ls.tftp.vonage.net five fimes on each server, then it repeats again, looking for c.voncp.com five times on each server. then it repeats again, looking for c.voncp.com five times on each server. ..at this point i powered down again. TEST TWO DHCP set to give out local DNS server address (currently inaccessible to router's subnet) [DNS server told *.vonage.net all resolve to 192.168.0.14 (currently inaccessible to router's subnet)] procedure repeats as above, but uses supplied dns server address instead of dhcp server address. **NOTE** it queries the two 216.115 addresses first, multiple times, before using the user-suplied DNS server !! this means these need to be blocked!!Updates 2pm 23rd May 2006
TEST THREE set up local DNS server (bind) on laptop rather than using the one on the main network. copied over dummy zone file for vonage.net & voncp.com set dhcp server to give out this address as dns server - now the router will be able to reach a dns server. (remember to turn off windows firewall on the lan connection you are using!!) router starts up, queries dhcp for ip address as normal. dns query of 216.115.31.140 for time.vonage.net (five times) dns query of 216.115.24.230 for time.vonage.net (five times) dns query of 216.115.31.140 for c.voncp.com (three times, mixed in) dns query of local dns server for time.vonage.net - response recieved of 192.168.0.14 ntp request to 192.168.0.14 - this is repeated three times at six second intervals still dns queries of 216.115.* for c.voncp.com (making ten in total) dns query of local dns server for c.voncp.com - response received 192.168.0.14 immediate REGISTER sip:c.voncp.com:10000 sent to 192.168.0.14 -- this would appear to be a straightforward SIP registratin request -- my box tries to register with a liverpool (uk) phone number as id. this is sent five times with increasing intervals between interesting to note that this also appears to be a sipura, from the last line! DNS queries to 216.115.31.140 for ls.tftp.vonage.net (five times) dns queries to 216.115.24.230 for ls.tftp.vonage.net (five times) dns query to local dns server for ls.tftp.vonage.net - respone given of 192.168.0.14 tftp read request sent to 192.168.0.14: file /52M2nkk86x/spa<MAC address of box>.xml sent four times udp datagram sent also to 192.168.0.14, port 21 - contains the same path as the tftp request. (powered box down) I tried tftp'ing this xml file myself to see what is in it, but it's reporting Not found. 3.20pm i removed the apparent pathname from the front of the file, and managed to retrieve the spa*.xml It appears to be encrypted. Now to investigate the PAP2 tools that seem to deal with these. 10.00pm Hmm... used vuckFonage prog to retrieve the spa file. three times. each one is different. is this normal? First time, it said it decrypted it, first time, using the 52M stuff from the original filename as the key, but it was still garbage afterwards.Links: