New York World Phone

OP

• Does your registered provider not allow inbound SIP URI calls?
• Do you want to cut down on latency/echo, by bypassing your VoIP provider on inbound VoIP calls?
• Do you simply like the idea of allowing calls directly into your VoIP adapter?

If you said yes to any of the above, then this FAQ page may be for you. Here is a description of how to let your LinkSys/Sipura model adapter accept calls directly from a SIP URI (internet VoIP address), bypassing all VoIP providers in the process. Here’s how to do it:

• Setup your adapter for use behind a NAT router
  • Setup STUN on your adapter (NOTE: STUN settings are on the SIP tab)
    • Handle VIA received: no
    • Handle VIA rport: no
    • Insert VIA received: no
    • Insert VIA rport: no
    • Substitute VIA Addr: yes
    • Send Resp To Src Port: yes
    • STUN Enable: yes
    • STUN Test Enable: no
    • STUN Server: stun.voxalot.com.au:3478
      • NOTE: You can replace the above STUN server with any STUN server you like…
    • EXT IP:
      • NOTE: Leave this setting blank, STUN will figure this out for you…
    • EXT RTP Port Min:
      • NOTE: Normally you can leave this blank, but you can set this if you have a specific need
    • NAT Keep Alive Intvl: 45
      • NOTE: Use an value SHORTER than the “timeout” value in your router.
  • set “NAT Mapping Enable: yes“
• Set “Ans Call Without Reg: yes” on your adapter settings
• Make sure your adapter is on the default SIP port
  • i.e. “SIP Port: 5060“
• Make sure that SOMETHING is set for “User ID:”
  • NOTE: If your adapter is “registered” with a VoIP provider, this will be your real “User ID”
• Make sure NOTHING is in “Outbound Proxy:” field on your adapter
  • NOTE: This field is not normally needed if/when you have STUN setup (as above)
• Forward UDP port 5060 to your adapter
  • NOTE: This may be easier if you use a static LAN address for your VoIP adapter
• Set up a “dynamic DNS” service for your LAN
  • NOTE: The free service from “no-ip.com” works fine for this

If all of the above is setup correctly, then anyone on the internet can directly call your LinkSys/Sipura VoIP adapter by calling “sip:userid@dyamic_dns_address”. For example, if your userid is “12345″, and your dynamic DNS entry is “myaddress.no-ip.com”, then your SIP URI is “sip:12345@myaddress.no-ip.com”.

NOTE: One useful purpose of this, is to point a free http://ipkall.com number to your Sipura. You do this by logging into your IPKall account, and filling in your “UserID” info (12345 in this example) for “SIP Phone Number:” and your dynamic DNS entry (myaddress.no-ip.com in this example) for the “SIP Proxy:” field. After saving these changes (and waiting the necessary hour for them to take effect), then calling your IPKall number will directly ring your VoIP phone (bypassing any service provider, including “Free World Dialup”).

NOTE (added 2/7/2006):
Another poster mentioned that he needed to set “NAT Keep Alive Enable: yes“, or he got 1-way audio with his router. So if you are having problems with this trick (and you are not already telling your VoIP adapter to send “keep alive” packets), try turning the “NAT Keep Alive” setting on…

NOTE (added 2/7/2006):
After using this “trick” for some time, I have discovered that (while this often works very well), a minority of VoIP providers just don’t like this setup.

The problem (when you run into a VoIP provider that just won’t forward directly to your VoIP adapter, even though they do support SIP URI forwarding) appears to be with the details of the “dynamic DNS” service. The problem is, there are actually two DIFFERENT types of DNS records often used by VoIP SIP proxies (which is what you are having your adapter pretend to be, by this trick). DNS “A” records are the “normal type” of DNS entries (the type we use all the time, for example when visiting web sites), and also the type most dynamic DNS services (including the http://www.no-ip.com service I use) offer. However, apparently there is also a special DNS “SRV” type record that some proxies use just for VoIP. And if your VoIP provider is using a picky enough SIP proxy, they will be unable to forward directly to your adapter, because they won’t find a “SRV” record for your “proxy address” (even though your dynamic DNS service will have a “A” record for your IP). While most VoIP proxies either don’t use SRV records or will happily use an “A” record if an SRV record isn’t present, some proxies are just “too picky” about this little detail (and will therefore fail to forward directly to your adapter UNLESS you have DNS “SRV” record for your IP address).

Happily there is an easy “work around”, if you already have your adapter’s registered VoIP slots “full”, and you want to add a VoIP service that has this “issue” (i.e. is picky about the SRV records). What I found works well (when you run into this problem), was to register for a free SIP Broker alias that points directly to my adapter (via my dynamic DNS address). I then tell any VoIP service that has a problem with forwarding directly to my adapter, to instead forward to *0111xxxxxxx@sipbroker.com (where xxxxxxx is my SIP Broker alias ). This seems to work well as a “work around”, because “sipbroker.com” appears to have the DNS “SRV” record that some VoIP proxies “need” and SIP Broker can forward to a location identified just by a DNS “A” record. So the call essentially gets forwarded to SIP Broker, which forwards the call onto my adapter in that case. While this isn’t quite as nice as going directly to your adapter, it is still an effective “work around” for when the VoIP proxy just refuses to forward directly to your LinkSys/Sipura.

Of course, you might as well try the “forward directly to your adapter” address first, and only resort to the SIP Broker alias if/when the “direct” path doesn’t work (as your call path will be slightly more reliable if the direct address works with your VoIP provider). And many places (including http://ipkall.com ) will happpily forward directly to your LinkSys/Sipura without any problems. But for those places that just don’t like the DNS “A” records provided by dynamic DNS services, forwarding to SIP Broker (and then letting SIP Broker forward directly to your adapter) can be an effective “work around”.

Life is getting more and more beautiful. We don’t use skype as something like vonage because we have to use computer. We’ll have something nice, something that could make things much better, like Sony Mylo. It is probably just one of many similar devices coming out on the market. It uses your local wireless networks / hot spots, Skype for phone calls, a mini-browser, and Yahoo for chat (no AIM).

Actually, today people can already use PDA/PPC/SmartPhone to use skype, msn, aim, etc with WiFi. But do they really use it a lot at home? I dont think so. Why? It’s not as convenient as a home phone or a computer. If we have some phone adapter or other dedicated device for skype etc, and it’s cheap, $30 a year, will we use it? Why not?

I believe in the near future the voip phone monthly fee in the market would be again halved.

Check more at: http://www.learningcenter.sony.us/assets/itpd/mylo/prod/index.html

Unlock instructions:
—————

How to identify if unlockable - Check serial number: FH900Exxxx, starts at x, if it’s a number. (0~9) it’s OK to unlock. if it’s a char (A~Z), most likely it’s 3.1.7. or higher.Serial Number ranges/firmware version:
FH9004xxxxxx 2.10
FH900ECxxxxx 3.1.8
FH900F10xxxx 3.1.8
FH900F11xxxx 3.1.9
FH900F5xxxxx 3.1.9cInstructions are provided for the benefit of Competent persons who are capable of following instructions. DO NOT PM people if you can’t get it working. Double check that you have followed all instructions exactly and try again. The instructions work. If they don’t work for you, you are doing something wrong.

Unlock instructions:
1) Print these instructions. Read them twice before beginning and do not connect your PAP2 to your network until told to, or you’ll be very sorry.
2) Download, install, start and configure a TFTP server from here if you don’t already have one: link. Some users have reported that they have to reboot after installng this software before it will work correctly. (alternate TFTP program: Pumpkin TFTP)
3) Download the following file: link (do NOT click - use right click, save file as)
4) Rename the file to pap2sp2kzip3vn.zip and unzip it into the TFTP Service\TFTPRoot folder you configured in step two. (TFTP product, not Pumpkin)
5) Download the following file: link (do NOT click - use right click, save file as)
6) Rename the file to sp2kpap2zip1pm.zip and unzip it into the TFTP Service\TFTPRoot folder you configured in step two. (TFTP product, not Pumpkin)
7) Disconnect your internet access now by disconnecting your cable/dsl modem. Leave your router connected to your PC. (very important)
Connect the PAP2 unit to your router, connect a phone to line 1 then plug the PAP2 in to a power outlet.
9) Pick up the phone, press the star (*) button four times (you will not hear a dial tone)
10) Dial 73738#. If needed, use password 7756112# or 8995523# or 50274537#. Press 1 to confirm, press #, Hang up. (This number is used to reset the device to factory setting. If you’ve already hacked your device, do not press this number again)
11) Determine the PAP2 IP address by picking up the phone and dialing four stars (*), then 110# and write it down. My PAP2 IP address is:____________________
12) Determine your PC’s IP address by going to a DOS window and type IPCONFIG, write it down. My PC IP address is:____________________
13) Shut down Zone Alarm or other software firewalls, including the Windows XP built-in firewall if you’re using Windows XP. You may have to forward ports 5060 & 5061 (UDP) to your PAP2’s IP address if step 18 doesn’t work. (check your router’s manual for instructions)
14) Browse to the configuration page of the PAP2 by typing the IP address of the PAP2 unit (from step 11) into Internet Explorer.
15) Go to the SYSTEM tab and set a User password of 1234.
16) Click the SAVE SETTINGS button, then close the window.
17) Browse to the configuration page of the PAP2 by typing the IP address of the PAP2 unit (from step 11) into Internet Explorer and login with ID “user” and password “1234″ (don’t type qotes)
18) Cut and paste the bold link and add it to the end of the PAP2 address that is currently in the Internet Explorer window (make sure to get the / in front):
/upgrade?tftp://xxx.xxx.xxx.xxx/PAP2SP2K.bin
(replace xxx’s with Computer IP address from step 12)
19) Watch the status LEDs. The power LED will turn RED when it is done. Give it a minute or two, don’t interrupt it.
20) Once the power LED is red, browse to the configuration web page of the PAP2 by typing the IP address of the PAP2 unit into Internet Explorer.
21) Click the “admin login” link near the top-right.
22) Click the PROVISIONING tab and set PROVISION ENABLE=NO.
23) Under the SYSTEM tab, Optional Network Configuration section, DNS Server Order: box, select “DHCP, Manual” and enter 68.87.64.196 in Primary DNS, & 68.87.66.196 in Secondary DNS.
24) Click SAVE SETTINGS.
25) Browse to the configuration web page of the PAP2 by typing the IP address of the PAP2 unit into Internet Explorer.
26) Now, cut and paste the bold link and add it to the end of the PAP2 address that is currently in the Internet Explorer window (make sure to get the / in front):
/upgrade?tftp://xxx.xxx.xxx.xxx/SP2KPAP2.bin
(replace xxx’s with Computer IP address from step 12)
27) The PAP2 will eventually reboot (Power LED and Ethernet LED will be solid blue) BE PATIENT. When complete, you can click the “admin login” near the top-right and no password will be needed.
28) Configure line 1 and/or line 2 with your favorite VOIP provider(s).
29) Re-connect your internet access if all steps worked.

If you have trouble in step 18, then try this:

Open a DOS window. Type:

TFTP xxx.xxx.xxx.xxx get pap2sp2k.bin test.bin

Where xxx.xxx.xxx.xxx is the IP address of your computer from step 12. If that works, then you have a firewall issue. If it does not work, then you have a TFTP server configuration issue.

This dial plan handles three types of calling:

Stana-to-Stana : 08xxxxxx
Local : xxx-xxxx or xxx xxx-xxxx
Long distance : 1 xxx xxx-xxxx or xxx xxx-xxxx
International : 011 + country code + area code + number

Other parameters use default values.

SIP tab:

Handle VIA received: Yes Handle VIA rport: Yes
Insert VIA received: Yes Insert VIA rport: Yes

STUN Enable: Yes
STUN Server: stun.fwdnet.net:3478

Line 1 Tab:

NAT Mapping Enable: Yes
SIP Port: 5061
Proxy: sip.stanaphone.com
Register Expires: 400
Preferred Codec: G.711a

Leave everything else as is.

Line enable : yes
nat mapping enable : yes
proxy : stun.voipbuster.com
outbound proxy : leave blank
use outbound proxy : no
register : yes
display name : leave blank (Voipbuster does not support CallerID Name anyways)
user id : voipbuster username
password : voipbuster password

On SIP tab
STUN enable: yes
STUN server: sip.voipbuster.com (or any other public STUN server)

For USA residents, add the following line to Dial Plan field:
(<:001aaa>[2-9]xxxxxx|<:00>1[2-9]xx[2-9]xxxxxxS0|<:001>[2-9]xx[2-9]xxxxxxS0|<011:00>xx.)

Replace aaa with your area code.

This dial plan handles three types of calling:

Local : xxx-xxxx or xxx xxx-xxxx
Long distance : 1 xxx xxx-xxxx or xxx xxx-xxxx
International : 011 + country code + area code + number

An alternative dial plan is as follows:
(<:001>[2-9]xxxxxxxxx|<:00>x.T)

This dial plan handles two types of calling:

Local, Long distance, and of course - toll free: 1 xxx xxx-xxxx or xxx xxx-xxxx
International : country code + area code + number

If your get a message that the PAP2 cannot establish a connection, double check the settings, then leave the adapter plugged into your router and wait until it connects (a few hours or overnight)

If PAP2 adapter is behind a router, there are two options. For non-symmetric NAT router, STUN server outlined as above works fine. For symmetric NAT router, you need to set up port-forwarding:
1. UDP 5060/5061
2. UDP port range specified from “SIP > RTP Parameters > RTP Port Min” until “SIP > RTP Parameters > RTP Port Max”

Run netcheck to find out what kind of router you have.

Replace aaa with your area code.

This dial plan handles three types of calling:

Local : xxx-xxxx or xxx xxx-xxxx
Long distance : 1 xxx xxx-xxxx or xxx xxx-xxxx
International : 011 + country code + area code + number

Other parameters use default values.

Leave everything else as is.

Replace aaa with your area code.

This dial plan handles three types of calling:

Local : xxx-xxxx or xxx xxx-xxxx
Long distance : 1 xxx xxx-xxxx or xxx xxx-xxxx
International : 011 + country code + area code + number

Regional:
Remove Call Back Deact Code: *86, this way you could use *86 to check your VM

DSLREPORTS VOIP FORUM

Most of your questions will be answered there. Enjoy VOIP!

22 Comments

1. Can I have a reference for unlock Linksys PAP2 with seril number: FH900F11xxxx ?
   Is it possible to unlock FH900F11xxxx?Thank you very much.Comment by min — July 23, 2006 @ 4:02 pm
2. http://nyworldphone.wordpress.com/2006/09/27/unlock-pap2-firmware-317-and-above-including-319-quoted/Comment by cunyalen — July 26, 2006 @ 11:13 pm
3. Hi, will an adapter with serial number FH900F5xxxxx also be able to be unlocked? I haven’t opened it, but I assume the firmware version is 3.1.9cThanks.Comment by Mike — August 17, 2006 @ 12:47 pm
4. Yes, it should be able to be unlocked. I have done this for a couple of units with 3.1.9.Comment by cunyalen — August 17, 2006 @ 2:43 pm
5. Thanks for the response. Were they 3.1.9c? Or does it not matter?Comment by Mike — August 17, 2006 @ 4:52 pm
6. If it’s lower than 3.1.7, you can just use the basic instruction to unlock it. This is for 3.1.7+, but not V2.0.Comment by Alen — August 29, 2006 @ 3:16 am
7. Hi,
   Mine is Firmware Version: 3.1.9(LSc)
   Serial number is FH900F14xxxx
   Steps 9 and 10 don’t really work for me. After I type * 4 times, I type 73738# and still no sound/feedback through the phone.
   I tried the following steps anyway but on step 18, when I enter the URL for the tftp update, it asks for the admin password.Maybe this new firmware needs a different approach? Thanks.
   –mqmComment by mqm — October 31, 2006 @ 2:06 am
8. You need the following post.http://nyworldphone.wordpress.com/2006/09/27/unlock-pap2-firmware-317-and-above-including-319-quoted/Comment by alen — October 31, 2006 @ 2:33 pm
9. […] Requesting assistance from the experts … I found this instruction for Voicestick on PAP2 Unlock Linksys PAP2 Phone Adapter - quoted I don’t know why but it says: “You must use line 2/SIP port […]Pingback by Requesting assistance from the experts … - Voxilla VoIP Forum — April 8, 2007 @ 6:24 am
10. Because they have port 1 for something else. Actually, it can be at port 1.Comment by Alen — April 8, 2007 @ 3:36 pm
11. Hi, I had a hacked-working PAP2 while playing around with it to setup new SIP I factory reset it again. And now I see a solid red power LED and a solid blue Ethernet LED.
    It does not register on the network and does not respond to any phone commands.Is there ant way to salvage it
    Please post your experience and related links.Comment by aqan — April 30, 2007 @ 11:40 am
12. Hi aqan,Is it ver 1? What’s the firmware of it? Use 150# to check firmware. If it’s 3.1.7+, do you have the GPP_K value?If it’s ver 1.0, and the firmware is not 3.1.7+, you should be able to login user account. Use the basic unlock process guide to re-unlock it: http://nyworldphone.wordpress.com/2006/10/29/pap2-unlock-guide-for-316-firmwares-and-earlier/

    If it’s ver 1.0 with firmware 3.1.7+, you need the GPP_K value to re-unlock it: http://nyworldphone.wordpress.com/2006/10/29/how-to-re-unlock-your-adapter-using-the-factory-fresh-gpp_k-value/ . Without GPP_K, you’re kind of stuck here unless you would like to pay for an unlock service.

    If it’s ver 2.0, then you just need the CYT tool to re-unlock it again：http://nyworldphone.wordpress.com/2006/08/27/linksys-wrtp54g-rtp300-pap2-v20-unlock-info-cyt-devices-from-bargainshare-by-cron/ .

    Hope this helps.
    Alen

    Comment by cunyalen — April 30, 2007 @ 8:19 pm

13. need help , i have one linksys pap2 box , but i forget my admin password , when i put command by phone ,**** then 73738# and passowrd 8995523 and 1 to confirm ,after rest i can login by web user access , but i can’t login ADMIN access . Without admin access not possible to configure proxy ip and line ,So , please any one help me , how can i brack pap2 admin password , e-mail itsjakir41@yahoo.comthanks
    Jak

    Comment by need linksys pap 2 admin password , — July 13, 2007 @ 9:40 pm

14. Hi Jak,What’s the firmware version? Check the firmware with 150#. Do you have the GPP_K key?73738 will factory reset the unit. Of course you can’t log in admin without re-unlock.

    If the firmware is 3.1.6 or lower, then you just need follow the basic unlock process in this post or http://nyworldphone.wordpress.com/2006/10/29/pap2-unlock-guide-for-316-firmwares-and-earlier/. If the firmware is 3.1.7 or higher, then you need the GPP_K key to re-unlock. Otherwise, you are pretty much stuck.

    Alen

    Comment by alen — July 14, 2007 @ 8:06 pm

15. Thanks Alan for replay ,my Firmware Version: 3.1.9(LSc) , i don’t have any GPP_K key ,if possible can you help me about the GPP_K key and how can i get it ?aslo the process for re-unlock . please …Thanks
    JakComment by need linksys pap 2 admin password , — July 15, 2007 @ 8:33 pm
16. HI ALEN ,my mac address in : 001217FD3CF5 and my box userpass is 1234 , please help me how can i found GPP_K VALUE ,and please help me where my mistake ,OpenSSL> aes-256-cbc -e -in plain.txt -out spa001217FD3CF5.xml -k “”
    plain.txt: No such file or directory
    676:error:02001002:system library:fopen:No such file or directory:./crypto/bio/b
    ss_file.c:278:fopen(’plain.txt’,’rb’)
    676:error:20074002:BIO routines:FILE_CTRL:system lib:./crypto/bio/bss_file.c:280
    :
    error in aes-256-cbc
    OpenSSL>

    Thanks
    Jak

    Comment by need linksys pap 2 admin password , — July 16, 2007 @ 12:32 am

17. HI alen ,my mac address in : 001217FD3CF5 and my box userpass is 1234 ,
    now i get this massage ,please help me where my mistake ,OpenSSL> aes-256-cbc -k -in plain.txt -out spa001217FD3CF5.xml -k “”
    unknown option ‘plain.txt’

    please ,

    Comment by need linksys pap 2 admin password , — July 16, 2007 @ 2:08 am

18. Hi Jak,The openssl command you were using can work assuming if you got the GPP_K key value from the unit. If you don’t have it, you can use it.
    We can’t get it now. You can only get it if it’s unlocked. This sounds contradictory. The thing is we don’t need the GPP_K when we first time unlock it which is never connected to internet.So, if you can’t get the GPP_K, you are almost stuck unless you pay somebody for an unlock service.

    People mentioned before if Vonage(I assume it was originally for vonage) updated their xml config file, we would be able to re-unlock it again without GPP_K key. Even though there’re many higher version firmwares, still it may not work for a unit because the xml file on the server may not be updated yet. But you can try if you would like to. If it’s first time you try this, it may take a while and you may encounter problems. And you may end up without nothing. If you want to try it, follow this: http://nyworldphone.wordpress.com/2006/09/27/unlock-pap2-firmware-317-and-above-including-319-quoted/.

    Good luck!
    Alen

    Comment by alen — July 16, 2007 @ 2:37 am

19. I have a rather unusual issue with my PAP2 version 1 box, which is being provisioned by vonage. The Serial Number does not match listed at the top of this article. The Serial number begins FH900Dxxxxx. IVR Reports that I have firmware 3.1.9c (or z, i can’t tell). Anyone know how to unlock this puppy?Comment by meistersinger — January 1, 2008 @ 6:34 am
20. Since it’s 3.1.9 and provisioned by vonage, you are pretty much “stuck” unless get a paid service.Comment by alen — January 1, 2008 @ 8:00 pm
21. hi plz got me linksys unluck mathodeComment by prajwal — January 3, 2008 @ 1:40 pm
22. @prajwal, what do you mean? This post is unlock method for vonage linksys pap2 with 3.1.6-.Comment by alen — January 3, 2008 @ 7:40 pm

by TheDiggler Link

Ok, since you don’t have the GPP_K value of the adapter which has been upgraded to firmware 3.1.9, before going any further, make sure you can FACTORY RESET THE ADAPTER (while it’s disconnected from the internet). STEP 1: Factory Reset the adapter: 1) Disconnect the adapter from the internet 2) Connect a simple telephone to LINE1 3) Enter IVR mode by dialing: **** 4) Enter the command: 73738# (i.e. R E S E T #) 5) If/when prompted for password, enter one of the 5 “known/common” Vonage USER Passwords: 78196365 50274537 7756112 8995523 5465866 6) Press the # key after entering a password 7) Repeat the process above until one of the passwords works or you’ve exhausted the list If prompted to “Press 1 to confirm,” do so. If the adapter successfully factory resets, you may proceed with the next series of steps. If not, you’re pretty much “stuck” at this point and need to find a working Vonage USER Password. STEP 2: Attempt to access the PAP2’s WEB INTERFACE & remove Vonage’s DNS settings: 1) Disconnect the internet connection from your BROADBAND ROUTER or BROADBAND MODEM 2) Connect the PAP2 to your ROUTER 3) Connect a PC to the ROUTER 4) In a web-browser, navigate to the PAP2’s IP address (if you don’t know it, go back into IVR mode and issue command 110#) 5) Go to the “SYSTEM” tab and clear out the “Primary DNS” and “Secondary DNS” entires.Note: If you can’t access the adapter’s web interface, so long as the adapter remains disconnected from the internet, the inability to perform this series of steps is not a big deal. The adapter will simply take longer resolving DNS requests (by trying Vonage’s IP addresses first, and after failing to reach them, trying DHCP assigned DNS entries next). STEP 3: Gather/setup the following items: 1) Sipura SPA-2000 Firmware 2.0.9 converted to PAP2 mode firmware and renamed to file: PAP2-bin-03-01-09-LSc.bin (An already converted version of the firmware is availabe in Post #3, Step 3. Use file PAP2-SP2K.bin. If the aforementioned link is down, an alternate location for the files is listed in Post #504). 2) An HTTP Server running on your LOCAL LAN 3) A TFTP Server running on your LOCAL LAN @ Port 69 (for simplicity make this the same PC as the HTTP server) 4) A DNS Server running on your LOCAL LAN (for simplicity make this the same PC as the HTTP & TFTP servers) 5) A DHCP Server running on your LOCAL LAN: If you have a BROADBAND ROUTER, this may be used provided you: i) Disconnect the INTERNET CONNECTION to the router (i.e. unplug the cable going to the router’s WAN port and/or disable any WDS settings) ii) Manually configure the PAP2’s DNS server to use the IP ADDRESS of your local DNS server (i.e. STEP #4 above). This will need to be done through the PAP2’s IVR: a) Enter IVR mode by dialing: **** b) Enter command 160# to review the current DNS server IP address (if you so desire) c) Enter command 161# to set/change the DNS server IP address d) Type in the IP address of your LOCAL DNS SERVER, separating octects with an asterisk (*). End input with the # key. Example: if your DNS SERVER’s IP address is 192.168.0.50, enter: 192*168*0*50# e) Press 1 to SAVE, Press 2 to REVIEW, Press 3 to RE-ENTER, Press * to exit f) Upon successfully reviewing the DNS Server IP Address setting, SAVE THE SETTING! iii) Remember to clear the PAP2’s DNS Server settings after it’s been unlocked! (This can be done through the adapter’s web interface). Internet Connection Sharing (ICS) built into XP may work. Try enabling it on the ETHERNET adapter of your PC (i.e. the same PC running the HTTP, TFTP, and DNS servers) 3rd Party DHCP software should work too (for simplicity, make this the same PC as the HTTP, TFTP, and DNS servers) 6) A copy of your adapter’s ENCRYPTED Config File (from Vonage’s TFTP server) named spa000000000000.xml (where 000000000000 is the MAC ADDRESS of your PAP2) Download a copy of your adapter’s ENCRYPTED Config File (from Vonage’s TFTP server) named spa000000000000.xml (where 000000000000 is the MAC ADDRESS of your PAP2). Try these commands. tftp -i ls.tftp.vonage.net GET spa000000000000.xml or tftp -i ls.tftp.vonage.net GET //spa000000000000.xml or tftp -i ls.tftp.vonage.net GET /spa000000000000.xml 7) A CROSSOVER Ethernet cable STEP 4: Configure your LOCAL LAN’s DNS Server to mimic Vonage’s Servers: 1) Point httpconfig.vonage.net to the LAN IP address running your HTTP server 2) Point ls.tftp.vonage.net to the LAN IP address running your TFTP server 3) (Optional but recommended) Point *.vonage.net to the LAN IP address running your HTTP/TFTP servers 4) (Optional but recommended) Forward UDP ports 21 & 2400 to Port 69 (so that your TFTP server receives traffic on ports 21, 2400, and the default TFTP port of 69). If you don’t know how to configure this, setup a 2nd TFTP server listening on PORT 2400. (Vonage seems to use ports 69 & 2400 the most, but they also use 21). STEP 5: Prepare your local file structure: 1) In your TFTP ROOT directory (or directories if running mulitple TFTP servers), copy your adapter’s ENCRYPTED config file to that directory as spa000000000000.xml (where 000000000000 is the MAC ADDRESS of your PAP2) 2) In your HTTP ROOT directory, create sub-directory: +000000000000 (where 000000000000 is the MAC ADDRESS of your PAP2) 3) Copy the modified SPA-2000 v2.0.9 firmware to the HTTP-ROOT/+000000000000/ directory (where 000000000000 is the MAC ADDRESS of your PAP2) as filename PAP2-bin-03-01-09-LSc.bin STEP 6: Start the UNLOCK PROCESS (i.e. load SPA2000 2.0.9 firmware into your PAP2): 1) Disconnect the ethernet cable from the PC running the HTTP/TFTP/DNS servers 2) Disconnect the POWER cable from the PAP2 3) Connect the PAP2 and the PC to each other: If using a PC as your DHCP server: Connect the CROSSOVER Ethernet cable to the PAP2 (on one end) and to the PC running the DNS, TFTP, and HTTP servers (on the other end). If using a BROADBAND ROUTER as your DHCP server: Using a standard ethernet cable, connect the PAP2 to a LAN PORT on your Broadband Router Using a standard ethernet cable, connect the PC (running the DNS, TFTP, and HTTP servers) to a LAN PORT on your Broadband Router Make sure NOTHING is connected to the WAN PORT of the Broadband Router! Make sure any WDS (Wireless Distribution System) settings have been disabled on the Broadband Router! If you don’t know what a WDS is and/or haven’t set one up, chances are there is nothing to disable. 4) Make sure the PC is powered up and that the DNS, TFTP and HTTP servers are running 5) Power on the PAP2 6) If all goes well, your TFTP server’s log will show the PAP2 grabbing the encrypted file. 7) Shortly thereafter, the HTTP server’s log should show the PAP2 grabbing the modified SPA2000 v2.0.9 firmware file. Once the PAP2 has loaded the SPA-2000 firmware, one of the indicator lights on the PAP2 should turn RED STEP 7: (Re-)Open WEB access and configure known USER & ADMIN pws: 1) Create a TEXT FILE called spa000000000000.xml (where 000000000000 is the MAC ADDRESS of your PAP2) as follows: CODE <flat-profile> <Admin_Passwd ua=”na”>4321</Admin_Passwd> <Enable_Web_Server ua=”na”>Yes</Enable_Web_Server> <Web_Server_Port ua=”na”>80</Web_Server_Port> <Enable_Web_Admin_Access ua=”na”>Yes</Enable_Web_Admin_Access> <Protect_IVR_FactoryReset ua=”na”>No</Protect_IVR_FactoryReset> <User_Password ua=”na”>1234</User_Password> </flat-profile> 2) Copy the new spa000000000000.xml (where 000000000000 is the MAC ADDRESS of your PAP2) file to your TFTP ROOT directory (or directories if running multiple TFTP servers) 3) Power cycle the PAP2 4) Check your TFTP Server’s log to see when the file has been grabbed If the TFTP Server’s log shows a FILE NOT FOUND error message, and if the file attempting to be grabbed was requested from an obscurely named sub-directory (i.e. /a12BcdeFgH/spa000000000000.xml), create that sub-directory (a12BcdeFgH) underneath the TFTP Root and move (or copy) the spa000000000000.xml file to that sub-directory. Then re-Power Cycle the PAP2 and re-check the TFTP Server’s log. 5) After it’s been grabbed & loaded, the adapter’s USER password is “1234” and the ADMIN password is “4321“ Note: Sipura SPA-2000 2.0.9 firmware allows PLAIN TEXT config files to be loaded and processed. That is why this unlock “trick” works. STEP 8: Revert back to PAP2 firmware: 1) Use PAP2 firmware 3.1.6 or LOWER!!! 2) Follow the directions here: Basic Firmware Update Instructions STEP 9: Obtain the FACTORY FRESH GPP_K key (OPTIONAL but recommended) 1) In STEP 6, the encrypted Vonage Config File got loaded into the adapter. This caused the adapter’s FACTORY FRESH GPP_K value to be overwritten w/ one supplied by Vonage. 2) With the adapter disconnected from the internet and loaded w/ PAP2 firmware 3.1.6 or lower, FACTORY RESET THE ADAPTER. This will cause the FACTORY FRESH GPP_K value to be re-loaded, but it will also re-lock the adapter. Before FACTORY RESETTING the adapter though, delete your Vonage Encrypted spa000000000000.xml file from your TFTP ROOT! Otherwise, upon performing a FACTORY RESET, your adapter will request and process this file, a file which DISABLES THE ADAPTER’S WEB INTERACE! 3) Repeat the ORIGINAL (easy) UNLOCK process (i.e. perform the entire series of steps listed in POST #4 of this thread) 4) After the adapter has been re-unlocked, extract the GPP_K value and save it! This value is located in the “Provisioning” tab of the adapter’s web-interface (i.e login as “admin,” switch to “advanced” mode and click on the “Provisioning” tab).How do you tell the difference beween the FACTORY FRESH GPP_K value and a Vonage assigned one?Attributes of the FACTORY FRESH GPP_K value: 44 characters long Comprised of alpha (A-Z, a-z), numeric (0-9), and symbols Ends with an EQUAL SIGN (=) Example: n6KClGUoMXzIQ/JmmuSFBE1GOu+M8335eHfPeYHeRAs= Attributes of a Vonage Assigned GPP_K value: 64 characters long Comprised of HEX characters (A-F, a-f, 0-9) only! Example: 9190ca44e4cffb893c2ae43c4bca57fb18f04482a84dcce30d28017e7715a8a0 Diggler P.S. For a flow-chart summary of most of the above, download pap2-318unl.zip which is also contained in the 4th post here: http://www.dslreports.com/forum/remark,144…9999~start=1520

67 Comments

1. I tried this on my 3.1.9 and everything went ok until it was supposed to grab the firmware from the http server. It never even makes a request to the dns server for anything other than the ls.tftp.vonage.net. Any further help would be greatly appreciated.Comment by MS — November 29, 2006 @ 10:28 pm
2. How did you make the connections between your computer and adapter? What’s your computer’s ip and adapter’s. I think you need double check your DNS server if all addresses are really ok. Ping http://www.vonage.net and see if it’s working.Comment by alen — November 30, 2006 @ 4:09 am
3. I have the same problem as MS; but I stupidly connected the device to the internet before ever starting research. (I was naive and didn’t think it would be locked…) As far as I can see, if you’ve been online with a 3.1.9(Lsc) device - then you’re out of luck. My device grabs the XML from my TFTP server but does not attempt a firmware update. From what I can read, it wont happen until Vonage pushes a firmware update (and updates your XML file on their TFTP server?)Comment by Al — December 19, 2006 @ 3:04 am
4. I followed the procedure and now it has sipura 2000 firmware. now I cant get to the web interface - cant change the DNS entries to point it to my local dNS and when I try 161#, its asking me for a password and none of the above passwords are working.I am pretty much screwed I guess. THE mistake i made was….Connected the pap2 adapter to the internet after upgrading it to sipura 2000 firmware - now i think vonage has locked everything -is there any way I can recover my device and unlock it???Would really appreciate it.Thanks
   KevinComment by Kevin — December 30, 2006 @ 6:19 pm
5. Hoy much time takes the firmware upgrade? Only request ls.tftp.vonage.net in the DNS server and no http server queryComment by drnet — January 18, 2007 @ 2:35 am
6. Kevin, after it grabs spa2000, you need feed it with the plain text xml file. After that, you’ll have user/1234, admin/4321.Comment by alen — January 18, 2007 @ 3:09 am
7. drnet, with DNS, http, and tftp servers, it will request xml first, then Firmware once and only once. When it requested, ls.tftp.vonage.net, did it take it? It’ll request .bin file only after it takes .xml file. If it already took .xml file, make sure the http server, address httpconfig.vonage.net, and .bin file’s path are correct. If the unit was never connected to internet, it should take it. Otherwise, it won’t. Good luck.
   AlenComment by alen — January 18, 2007 @ 3:13 am
8. I am stuck at RED Led light. I have power cycled it many times so it would take plain text xml file but no luck. It does not reuqest the file. It only requested first time when it took the .bin file. It asked for u1Q2i8biMs folder. I created the folder and put plain xml file there. Then did the power recycle but it does not ask for it.Any help????TIAComment by ch — January 29, 2007 @ 6:25 pm
9. Hi TIA, so it took .bin file already, right? You could check it by going to the ip. If you see Sipura web interface, it means it took spa2k firmware. Only if so, it will take the plain text xml file. Make sure everything else is still working file, like dns server, by trying ping ls.tftp.vonage.net. After you double check all above and are sure everything working properly, then wait for a little more time after you power cycle it.Note: You need have plain text xml file in tftp root and tftp root/u1Q2i8biMs. Better to copy the folder name u1Q2i8biMs from the log file to avoid typo.Comment by alen — January 29, 2007 @ 10:51 pm
10. Hi Alen,
    Thanks for the reply. Yes, device has taken to the .bin file. I can use **** and check the vesion. It says Supra 2.xxx. But I cannot get to the web interface. I tried to user 161# to modify DNS server ip but it asked for password. None of the passwords worked even 4321. So I made my dns server 216.x.x.x and it took plain text xml file from u1Q2i8biMs folder. One led light it is still RED and no web interface access.Am I missing anyting?Thanks for you help Comment by Tia — January 30, 2007 @ 4:56 pm
11. Further more when I try to reset the device so I could access web interface it asks for password and none of the above works.I dialed **** and then 73738# to reset.Thanks.Comment by Tia — January 30, 2007 @ 5:05 pm
12. Did you reset after it took plain text file? If it’s sipura 2.0.9D, that’s good news. Before it took plain text file, you’ll not be able to access the web interface. After it took plain text file, you should be able to access web interface. log in as user/1234 first, then admin login with admin/4321. Make sure you have the right ip address. Check it by 110#. If the web interface doesn’t display, there must be something wrong with the plain text file. If you factory reset it now, the password 1234 or 4321 will be removed. If you want to try factory reset to activate web interface, use one of the passwords:
    78196365
    50274537
    7756112
    8995523
    5465866
    But it should not be necessary to do that, because plain text file will enable the web interface.
    By the way, to create the text file, just copy from the site and paste, that will make it for sure.Comment by alen — January 30, 2007 @ 5:26 pm
13. By the way, did you try power cycle?Comment by alen — January 30, 2007 @ 5:28 pm
14. Thanks Alen.I followed the steps exactly described in this thread. Also copied the text and put it in plain text xml file.Atfer it took plain xml file, I tried to access the web interface but no luck. Then I confirmed the ip by using **** and 110#. Tried again no luck. I thought may be I needed to do use 73738#, tried that and it asked for password. No luck with known passwords so far.But I will try accessing the web interface when I get home tonight and post the results here.Thanks.Comment by Tia — January 30, 2007 @ 5:31 pm
15. Yes, power cycles many times.a Now it is sitting unplugged for more than 20 hours. I will try again tonight.Thanks.Comment by Tia — January 30, 2007 @ 5:32 pm
16. 1. Was the plain text in both tftp root and tftp root/u1Q2i8biMs? Make sure it didn’t take the original xml file.2. Then make sure it’s not physical problem like cable.3. Then only one possibility left which is there’s something wrong with the plain text file. If you want, I could forward you the file I used and feed it again. You don’t need do factory reset.Comment by alen — January 30, 2007 @ 5:40 pm
17. Here is my plain xml file:4321
    Yes
    80
    Yes
    No
    1234Yes I put it in root as well as u1Q2i8dBim folder. I haven’t tried again today but tomorrow I will.Thanks for your help and time.Comment by TIA — January 31, 2007 @ 4:29 am
18. What happend to my xml file. LEts try again:
    CODE4321
    Yes
    80
    Yes
    No
    1234Comment by TIA — January 31, 2007 @ 4:30 am
19. <flat-profile>
    <Admin_Passwd ua=”na”>4321</Admin_Passwd>
    <Enable_Web_Server ua=”na”>Yes</Enable_Web_Server>
    <Web_Server_Port ua=”na”>80</Web_Server_Port>
    <Enable_Web_Admin_Access ua=”na”>Yes</Enable_Web_Admin_Access>
    <Protect_IVR_FactoryReset ua=”na”>No</Protect_IVR_FactoryReset>
    <User_Password ua=”na”>1234</User_Password>
    </flat-profile>Comment by alen — January 31, 2007 @ 6:10 pm
20. [quote]4321
    Yes
    80
    Yes
    No
    1234[/quote]Comment by alen — January 31, 2007 @ 6:11 pm
21. The scripts were removed by wordpress I think.
    Again, after it took the plain text file, did you factory reset it? If not, and you are sure there’s no physical problem with the cable, and can’t go to web interface, the only possibility should be the plain text file which happened to me once before. If you want, I’ll send the plain text file I used later today.Comment by alen — January 31, 2007 @ 6:19 pm
22. Alen, please email me file at chachoo72ATyahoo.ca and I will try to load it tonight. I will put it in root tftp folder as well as sub folder.Thanks for your help.Comment by Tia — January 31, 2007 @ 7:05 pm
23. OK….. I have setup DNS Server, Web Server and TFTP Server on same machine. When I access it using ****, it says it is Supra 2.xxx. Good so far…. My device took modified plain text xml file. Good again ….. Now I am able to ping my device but still no web interface. I copied the xml text from this site so no error in xml. Also my Supra device has 216.115.x.x DNS enteries which I cannot change via 161#. It asks for password if I try to change it.Mine is stuck at RED light. No luck accessing web interface…..Thanks for you help.Comment by Tia — February 1, 2007 @ 4:01 am
24. There is an error plain text xml file. Here is the correct XML file:4321
    1234
    80
    Yes
    Yes
    No
    SP2K-PAP2.binAdmin_Passwd section was missing ua=”na”. Added it and it did the trick.Comment by TIA — February 1, 2007 @ 6:20 am
25. But the original one was working for me. Since you have this problem, let me change it. Thanks.Comment by alen — February 1, 2007 @ 4:54 pm
26. Need help making sure things are right for the PAP2…
    Can you help me out Alen?Comment by Don — February 7, 2007 @ 3:38 am
27. sorry for that short post…I have started on Diggler’s guide on the PAP2 3.1.9 unlock process. A few things I dont understand or over-analyzing. Setting up HTTP/DNS/DHCP/DNS?? I am on a WRT54G and have the PAP2 adapter. I just add in my IP in the fields of HTTP/DNS/DHCP/DNS on the PC running those?
    my email is doannguyen97@yahoo.com if u have an easier wayComment by Don — February 7, 2007 @ 3:42 am
28. If you have pap2 v1 with firmware higher than 3.1.6(3.1.7+), you have to follow this process. What’s done? What problem do you have? Please show more details. This process guide gives you very detailed steps. Follow it step by step.Comment by alen — February 7, 2007 @ 9:37 pm
29. sorry i took it the easy way out as I spent hours to days reading up on the material…I paid someone to do it over the net. Again, thanks alen. I dont mess with that area too often.Comment by Don — February 8, 2007 @ 1:59 am
30. Like the first comment, I did the following:
    Connect my PC to a switch, PAP2 to the same switch, no internet.Start Simple DNS on my machine, verify that ls.vonage.net & httpconfig.vonage.net resolves to my IP (10.10.1.101) with NSLOOKUPStart IIS, verify that http://httpconfig.vonage.net/+pEO6DOxPTY/PAP-BIN-03-01-09-LSc.bin (looked in the W3SVC logfile to see that the file was grabbed from it via IE, the file did download to my PC)Start 3 instances of TFTPDWIN one running on each port 21, 69, 2400 respectively.Run Ethereal to watch what’s going on.Unplug PAP2 from LAN, power cycle PAP2, use IVR to factory reset the PAP2.Use IVR to set DHCP=0, Static IP 10.10.1.199, Subnet 255.255.255.0, Gateway 10.10.1.1, DNS 10.10.1.101Cycle power to PAP2 with LAN connected.PAP2 broadcasts it’s IP via ARP. Queries my DNS for ls.tftp.vonage.net and proceeds to download XML file from my TFTP server. The TFTP server shows the file was downloaded.Unit then sits there. It doesn’t try to download the modified firmware.This PAP2 has been provisioned for about 3 years. Recently I cancelled service wanting to use this box with something else (still looking to experiment). Maybe that’s where I’m having my problem?Linksys has released new firmware for PAP2. It is 3.1.22-LS and there are warnings about upgrading your device might cause interruption of service. If I’m screwed because of provisioning, I’d like to at least put the Linksys firmware in so that the customized Vonage firmware is out.Got any ideas? Email is amjunk#columbus.r r. com (not bot friendly)

    Comment by Alan — February 17, 2007 @ 2:50 pm

31. [quote]… no internet
    …
    Start IIS, verify that http://httpconfig.vonage.net/+pEO6DOxPTY/PAP-BIN-03-01-09-LSc.bin (looked in the W3SVC logfile to see that the file was grabbed from it via IE, the file did download to my PC)
    [/quote]
    Is this the modified firmware? So it already grabbed it? How come the folder is +pEO6DOxPTY? It should be +MAC which should 12digits and each one is 0-F.After that, you factory reset it?Comment by alen — February 19, 2007 @ 3:15 am
32. That file is the modified firmware (PAP2SP2K.BIN renamed to PAP-BIN-03-01-09-LSc.bin) for sure, just double checked. Also, my post was from memory and I did confuse it. The IIS directory is the +MAC (the proper URL is http://httpconfig.vonage.net/+0012175E0389/PAP-BIN-03-01-09-LSc.bin) and I can download the file at my PC to test it and it resolves/downloads properly.I have a WRT54G with DDWRT firmware and the internal DNS running. I’ve forced the DNS to resolve all vonage URL’s to my local machine running the TFTP and HTTP server. They do resolve correctly, verified with NSLOOKUP.Any other ideas?Comment by Alan — February 20, 2007 @ 11:31 am
33. According to IIS log and Ethereal, the PAP2 did not go grab the firmware, it didn’t even try. Unless it tried only to a specific IP instead of relying on DNS, which would fail. I might have to try a direct connect method to verify that.Comment by Alan — February 20, 2007 @ 11:33 am
34. I’m confused by your comments. First you said it grabbed the modified firmware http://httpconfig.vonage.net/+0012175E0389/PAP-BIN-03-01-09-LSc.bin. Then you said it didn’t try to grab it. What do you mean? If it grabbed the modified firmware, you are good. It should SPA2K firmware now and you can feed the plain text xml file. If not, that means you have a provisioned units without GPP_K, you are pretty much stuck.Comment by alen — February 20, 2007 @ 6:38 pm
35. But you could pay for an unlocke service.Comment by alen — February 20, 2007 @ 6:38 pm
36. Problem reported. So we changed the plain text to the new one:
    <flat-profile>
    <Admin_Passwd ua=”na”>4321</Admin_Passwd>
    <Enable_Web_Server ua=”na”>Yes</Enable_Web_Server>
    <Web_Server_Port ua=”na”>80</Web_Server_Port>
    <Enable_Web_Admin_Access ua=”na”>Yes</Enable_Web_Admin_Access>
    <Protect_IVR_FactoryReset ua=”na”>No</Protect_IVR_FactoryReset>
    <User_Password ua=”na”>1234</User_Password>
    </flat-profile>Comment by cunyalen — February 21, 2007 @ 3:11 pm
37. I can run TFTP on my PC, I don’t know how to run an HTTP server (help required here). Then in step 4, how do you “1) Point httpconfig.vonage.net to the LAN IP address running your HTTP server 2) Point ls.tftp.vonage.net to the LAN IP address running your TFTP server. ??PeterComment by Peter — March 18, 2007 @ 1:36 am
38. You could use any http server. google it. What I’m using is a very small server called shttp. Or if you are using Windows 2000 server, that’s also fine.Point the address to LAN IP by domain name server or operating system server version. I use small dns plus.Basically, my computer is running small dns plus as dns server and DHCP server, shttp as http server and klever pumpkin as tftp server. Point all those addresses to my local computer. And I have a crossover cable connecting pc to pap2.Comment by alen — March 18, 2007 @ 2:35 am
39. hello how can i unlock my pap2 is the 3.1.9c versioncan you help me for the i can voipbluster service??please thanksComment by samchamo — March 27, 2007 @ 3:44 pm
40. Please follow this process guide. Any problems, post here. After you unlock it, you’ll be able to use voipbuster.
    Configurations, see here:
    http://nyworldphone.wordpress.com/?s=voipbuster+pap2Comment by Alen — March 29, 2007 @ 2:48 pm
41. 1) Point httpconfig.vonage.net to the LAN IP address running your HTTP server
    2) Point ls.tftp.vonage.net to the LAN IP address running your TFTP serverCan anyone break these two steps down in simpler terms? I understand the idea is to use your offline PC to emulate the online server, but how and exactly where are these two above parameters set up exactly? I have Solar Winds tftp, Simple DNS Plus and Apache 2.02 installed. Appreciate anyone who can help with these two settings.Comment by Jonathan — October 31, 2007 @ 7:11 am
42. Hello, You can unlock a pap2 the vonage 3.1.9(LSc), thanksComment by Alex CAmacho — October 31, 2007 @ 12:57 pm
43. Jonathan, you do these settings in the Simple DNS Plus.
    Let’s say you are running everything on your local computer. It has ip 192.168.0.3.
    Then you need set up these two URLs pointing to your ip.It should be in Record. Click new, create new zone first with any name. Then you create URLs.
    Check this: http://www.simpledns.com/screen.aspxComment by alen — October 31, 2007 @ 11:20 pm
44. Alex, yes this post is to unlock 3.1.7+ including 3.1.9.
    But it must be a fresh one, not connected to internet yet meaning it’s not provisioned by vonage yet.Comment by alen — October 31, 2007 @ 11:21 pm
45. #Alex, yes this post is to unlock 3.1.7+ including 3.1.9.
    But it must be a fresh one, not connected to internet yet meaning it’s not provisioned by vonage yet.Comment by alen — October 31, 2007 @ 11:21 pm
    ***************************************************So if 3.1.9 was provisioned by vonage then I am sol????Comment by Db — November 9, 2007 @ 11:48 pm
46. @Db, I know of someone can still unlock it with a paid service.Comment by alen — November 10, 2007 @ 2:04 am
47. Hi there,I seem to have the same problem as Alan above. Namely, the unit fetches the XML file via TFTP but never makes an HTTP request for the bin. I was just wondering if anyone was able to get that problem resolved…Thanks!AnthonyComment by Anth — November 13, 2007 @ 8:36 pm
48. If your unit was provisioned, it will take the xml file but not the firmware!People stated that if Vonage change the Xml file to request newer version firmware, then it will work. But I haven’t seen people reported that yet.If you your unit is not provisioned, and it doesn’t grab the .bin file, then what we can do is just repeat the process. Sometimes, we need wait a lttle longer. I tried some units. It never asked for the .bin file. I tried again some time later, and it worked.Sometimes, TFTP/DNS/HTTP servers may also cause problems. People restarted the computer and got it work.Comment by alen — November 14, 2007 @ 4:34 pm
49. Thanks for the response, alen. I’m fairly sure the unit has never been exposed to the net as I took it out of the box myself (unless it’s a refurb???) I’ve tried dozens of times over the last few days and the result is always the same… it takes the xml but never even attempts the DNS query for the HTTP server. Oh well, I guess I’m out of luck. This one is going back to the store and I’m looking for a NA version! Thanks for the help!Comment by Anth — November 14, 2007 @ 8:44 pm
50. @Auth, this happens under in either of two cases. One, something wrong in the whole process. Two, for no reason.I wonder if you checked that httpconfig.vonage.net and your http server were really working. To check the URL, you could do ’search’ if you are using Simple DNS plus, or ‘PING’. To check the http server, you could try http://localhost, maybe with some xxx.html file.In my experience, I had your problem pretty often, which was the second case. The only thing I did was try the whole process again also with restarting the computer and all servers, and FR the pap2.But all this really takes time. So it’s really up to what people want, what they are interested in.Save Money + Gain something else(?)
    G = _____________________________________Spend Time + Lose something else(?)If G>1, do it; if G<1, don’t. Comment by alen — November 15, 2007 @ 11:38 pm
51. By the way, one more thing I have to emphasize which may not be reasonable.From people’s experience, using crossover ethernet cable and put all servers in one computer would be better than using router.Comment by alen — November 15, 2007 @ 11:42 pm
52. Trying to unlock a 3.1.9LSc firmware unit. Never been on the Net. It grabs the xml file from my tftp, and then grabs the firmware from my http, but never flashes it. The power light blinks blue and ethernet light flashes indicating it’s grabbing the file, then it just stops, and both lights go back to blue. I can reset it using one of the passwords to get the web UI back but it still is running the 3.1.9 firmware. How do I get this thing to take the Sipura firmware?…Comment by flint — December 13, 2007 @ 5:22 pm
53. By “grabs the firmware from my http”, do you mean you saw in the http server that it actually transferred the file over? Or you see it requested the firmware, but it actually didn’t take it. Double check if everything is in the right folder.Comment by alen — December 13, 2007 @ 7:44 pm
54. It actually downloaded the firmware, with HTTP 200 OK. I packet sniffed to make sure it was actually transferring data, and it was. I read something on another board about the window size of the HTTP packets being too small or something..someone said they used something called DrTCP on Windows to change the window size, but I’m doing all this on Linux.Comment by flint — December 13, 2007 @ 8:26 pm
55. After it took sipura firmware, before you reset again, you saw pap2 UI? If the sipura2k firmware was taken, there’s no reason that you still get pap2 UI, unless the file is wrong. Did you also try step 7 to get rid of the admin password with the plain text?As long as it really takes the plain text, you’ll have no more headache no matter you get what UI.Make sure you are using PAP2-SP2K.bin, not sp2k-pap2.bin.Comment by alen — December 14, 2007 @ 3:36 am
56. Got it..turned out my copy of the firmware must have been bad or something. Got another copy and it flashed it just fine, then went through re-provisioning with an xml, and got it completely unlocked!..woo hoo! Is it true that if you do a reset via the IVR or even the web UI you’ll reset it to Vonage settings?Comment by flint — December 14, 2007 @ 7:42 am
57. Yes. So always keep the GPP_K key. Then you’ll be safe. Otherwise, once it’s relocked again, you have no way to relock it unless you get a paid service.Or if you want to forward all inbound calls to one line, you could check http://nyworldphone.wordpress.com/2006/09/30/how-to-forward-all-inbound-calls-to-the-other-line-quote-2/. Then you use spa-1001, you will be safe.p.s. Whatever firmware you use, better not do upgrade if you are not sure. Turn off automatic provisioning and upgrade.Comment by alen — December 15, 2007 @ 3:13 pm
58. It follows the steps of this procedure and my PAP2 vonage 3.19 Lsc gets to read the xml, but later in everything he asks for password admin and no it accepts value some. I believe that this is only applied for old versions of the firmware. Mine here is going to the garbage.Comment by Carlos Roberto — December 29, 2007 @ 7:11 pm
59. @Carlos Roberto, when it read the xml file, did it take the firmware .bin file? If yes, it has spa2000 firmware now, and you need feed it with the plain text xml to reset the password.Comment by alen — December 30, 2007 @ 12:11 am
60. Friend,
    Thank you very much for the attention. When he reads the xml I observe for the log of the tftp, but it doesn’t carry the firmware because the version continues 3.1.9 in the web. You can help finding out the steps to do him to record the firmware. I followed the whole steps, I installed IIS, I created the paste +000000000(Mac) I put the file in the paste.crpmoura@bol.com.brComment by Carlos Roberto — December 30, 2007 @ 3:48 am
61. Was your unit connected to internet? If it’s provisioned by vonage, it will not request the .bin file. Otherwise, you need make sure nothing wrong in any step, check if all the domains like httpconfig.vonage.net are really working.Comment by alen — January 1, 2008 @ 1:58 am
62. it was in the sealed packing. I removed of the packing and I called in HUB with access the internet and I tried to access to configure, but it didn’t accept password of the admin as it explains in the manual. As I can be checked httpconfig.vonage.net it is working, therefore problem is in this point once in the log he only appears ls.tftp.vonage.net operating.Comment by Carlos Roberto — January 1, 2008 @ 5:36 am
63. “I removed of the packing and I called in HUB with access the internet…”. So it’s connected to internet? If so, it may have been provisioned by vonage now. It has to be stay away from internet before it’s unlocked.What’s the firmware version number now? If it’s higher than 3.1.9, there’s no doubt it has been provisioned and automatically updated.Comment by alen — January 1, 2008 @ 7:57 pm
64. As soon as I tied the PAP2 noticed that the version was 3.19 Lsc and it didn’t change ties today. Only that in the it paginates 16 of the manual is registered that the password for admin is admin, but the PAP2 not accepts.Comment by Carlos Roberto — January 2, 2008 @ 11:51 am
65. My ATA PAP2 v 3.19 was manufactured with the firmware of the vonage then it is impossible to do him to work. I am one more than it was wrong and it lost for the powerful of this world.Comment by Carlos Roberto — January 2, 2008 @ 2:18 pm
66. @Carlos, for unlocked 3.1.9, username/password is admin/admin. Of course, it has to be unlocked. I don’t understand what’s really happening. Again, you connected it to your HUB with internet access, right? So it is possible it’s provisioned by vonage.If it’s still unprovisioned, then it’ll be very strange. If it takes the xml file, it should take the .bin file. Even though there’s anything wrong with http server or the .bin file, at least you should see the request in the http server.Comment by alen — January 3, 2008 @ 1:01 am
67. By the way, this post was created to unlock pap2 for vonage originally.Comment by alen — January 3, 2008 @ 1:02 am

by cron Link

Please note these are example setups i have found on the internet. You may have to adjust them to work perfectly for your setup.

CallPacket Setup Instructions:

Callpacket web page

Line1 or Line2
Proxy: voip.callpacket.com
User ID: cpxxxxxxxx (sip username)
Password: xxxxxx (sip password)

Dial Plan: (*xx|<:1aaa>[2-9]xxxxxx|1[2-9]xx[2-9]xxxxxxS0|<:1>[2-9]xx[2-9]xxxxxxS0|011xx.)

Replace aaa with your area code.

This dial plan handles three types of calling:

Local : xxx-xxxx or xxx xxx-xxxx
Long distance : 1 xxx xxx-xxxx or xxx xxx-xxxx
International : 011 + country code + area code + number

Regional:
Remove Call Back Deact Code: *86, this way you could use *86 to check your VM

FreeWorldDialup Setup Instructions:

Link to FreeWorldDialup

Line Enable: YES
NAT Mapping Enable: YES; NAT Keep Alive Enable: YES
SIP Port: 5061

Proxy: fwd.pulver.com; Use Outbound Proxy: YES

Outbound Proxy: fwdnat.pulver.com:5082

Display Name: (Your name); User ID: (Your FWD number)
Password: (Your FWD password)

Preferred Codec: You must choose 711u
Use Pref Codec Only: NO

Dial Plan: (xxx|xxxx|xxxxx|xxxxxx|1xxxxxxxxxx|*1xxxxxxxxxx|**1xxxxxxxxxx|*xx*xx.)

GizmoProject Setup Instructions:

Link to GizmoProject

SIP Proxy: proxy01.sipphone.com:5060
STUN server: stun01.sipphone.com:3478
Username: Your SIP number, found by dialing ** in Gizmo
Password: Your password

Stanaphone Setup Instructions:

Link to Stanaphone

1) Follow unlock instructions above.
2) Log into your adapter, click on ADMIN link, click on Advanced View link, go to Line 1 tab (or Line 2) and enter the following values in each parameter:

Line enable : yes
nat mapping enable : yes
Username : XXXXXXXXXX (use your StanaPhone telephone number)
Authorization User : XXXXXXXXXX (use your StanaPhone telephone number)
Password : UUUUUUUUUUUU (use your Stanaphone password - different from your StanaPhone account password - login to Stanaphone and click Account Information link, then Config SIP link to get this)
Domain/Realm SIP Proxy : sip.stanaphone.com
Outbound Proxy : (leave empty)
DTMF : RFC-2833

Dial Plan: (<:1aaa>[2-9]xxxxxx|1[2-9]xx[2-9]xxxxxxS0|<:1>[2-9]xx[2-9]xxxxxxS0|011xx.)

Replace aaa with your area code.

This dial plan handles three types of calling:

Local : xxx-xxxx or xxx xxx-xxxx
Long distance : 1 xxx xxx-xxxx or xxx xxx-xxxx
International : 011 + country code + area code + number

Alternate Dial Plan: (08xxxxxxS0|<:1AAA>[2-9]xxxxxx|1[2-9]xx[2-9]xxxxxxS0|<:1>[2-9]xx[2-9]xxxxxxS0|011xx.)

Adds Stana-to-Stana : 08xxxxxx

Other parameters use default values.

SIP tab:

Handle VIA received: Yes Handle VIA rport: Yes
Insert VIA received: Yes Insert VIA rport: Yes

STUN Enable: Yes
STUN Server: stun.fwdnet.net:3478

Line 1 Tab:

NAT Mapping Enable: Yes
SIP Port: 5061
Proxy: sip.stanaphone.com
Register Expires: 400
Preferred Codec: G.711a

VBuzzer Setup Instructions:

Link to VBuzzer

Line Enable: YES
SAS Enable: NO
SIP Port: 5080
Proxy: vbuzzer.com
Outbound Proxy: vbuzzer.com:80
Use Outbound Proxy: YES
User ID: (my vbuzzer user name)
Password: (my vbuzzer PW)
Dial Plan: (*xx|[3469]11|0|00|[2-9]xx xxxx|[0]xxx xxx xxxx|xxxxxxxxxx|xx xxx xxx xxxx.|*xx*xx.)

ViaTalk Setup Instructions:

Link to ViaTalk

User 1:
VMWI Ring Splash Len: 0.5–>0

Line 1:
Register Expires: 3600–>600
Dial Plan:
Proxy: Jupiter.vtnoc.net (choose your closest server)
Display Name: xxx
User ID: xxx
Password: xxx

Regional:
Ring Waveform: –>Trapezoid

System:
DHCP: no
Static IP: 192.168.1.100 (my pap2 IP)

ViaTalk Default Dial Plan:
(*xx|*xxxxxxxxx|*xxxxxxxxxxxxx|*xxx|xxx|xxxx|[3469]11|0|00|[2-9]xxxxxx|1xxx[2-9]xxxxxxS0
|xxxxxxxxxxxx.|011xxxxxxxxxx.|011xxxxxxxxxx)

Alternate Dial Plan:
(*xx|[3469]11S0|0|00|[2-9]xxxxxx|[2-9]xxxxxxxxxS0|1[2-9]xx[2-9]xxxxxxS0|xxxxxxxxxxxx.|011xxxxxxxxxx)

VoiceStick Setup Instructions:

Voicestick web page

1) Follow unlock instructions above.
2) Log into your adapter, click on ADMIN link, click on Advanced View link, go to Line 2 tab and enter the following values in each parameter:

You must use line 2/SIP port 5061

Line enable : yes
nat mapping enable : yes
Username : XXXXXXXXXXX (use your Voicestick telephone number, including the 1 prefix, no dashes, no parenthesis)
Authorization User : XXXXXXXXXXX (use your Voicestick telephone number, including the 1 prefix, no dashes, no parenthesis)
Password : UUUUUUUUUUUU (use your Voicestick password)
Domain/Realm SIP Proxy : i2telecom.com
Use Outbound Proxy : Yes
Outbound Proxy : 206.165.50.116
Preferred Codec: G711u
Dial Plan: (<:001aaa>[2-9]xxxxxx|<:00>1[2-9]xx[2-9]xxxxxxS0|<:001>[2-9]xx[2-9]xxxxxxS0|<011:00>xx.)

Replace aaa with your area code.

This dial plan handles three types of calling:

Local : xxx-xxxx or xxx xxx-xxxx
Long distance : 1 xxx xxx-xxxx or xxx xxx-xxxx
International : 011 + country code + area code + number

Other parameters use default values.

Leave everything else as is.

Voipbuster Setup Instructions:

Link to Voipbuster

1) Follow unlock instructions above.
2) Log into your adapter, click on ADMIN link, click on Advanced View link, go to Line 1 tab (or Line 2) and enter the following values in each parameter:

Line enable : yes
nat mapping enable : yes
proxy : stun.voipbuster.com
outbound proxy : nat.voiptalk.org:5065
use outbound proxy : yes
register : yes
display name : voipbuster username
user id : voipbuster username
password : voipbuster password

For USA residents, add the following line to Dial Plan field:
(<:001aaa>[2-9]xxxxxx|<:00>1[2-9]xx[2-9]xxxxxxS0|<:001>[2-9]xx[2-9]xxxxxxS0|<011:00>xx.)

Replace aaa with your area code.

This dial plan handles three types of calling:

Local : xxx-xxxx or xxx xxx-xxxx
Long distance : 1 xxx xxx-xxxx or xxx xxx-xxxx
International : 011 + country code + area code + number

VoipStunt/VoipCheap/InternetCalls (Betamax/Finarea Companies) Setup Instructions:

• www.internetcalls.com
• www.netappel.com
• www.poivy.com
  
• www.sparvoip.de
• www.voipbuster.com
• www.voipcheap.com
• www.voipcheap.co.uk (careful, different “free” list from voipcheap.com, and rates listed in Sterling Pence instead of Euro Cents!)
• www.voipdiscount.com
• www.voipstunt.com
• www.freecall.com (launched 29 June 2006)
• www.voiparound.com (launched 29 June 2006) - redirects to www.freecall.com now
• www.sipdiscount.com

Use the same instructions as VoipBuster, but change the settings mentioned in the “Sip Calls” page of the corresponding Betamax company web page.

by cron Link

Why do I need the GPP_K value?

(Linked Post for Details)

The basic reason: Your voip company could start pushing an update that makes your device unlockable. If you accidentally factory reset your device and the device remains on the internet, it may take up such an update. In that case, the GPP_K value may be the only thing that can get you back into the device.

How do you tell the difference beween the FACTORY FRESH GPP_K value and a Vonage assigned one?

Attributes of the FACTORY FRESH GPP_K value:

• 44 characters long
• Comprised of alpha (A-Z, a-z), numeric (0-9), and symbols
• Ends with an EQUAL SIGN (=)
• Example: n6KClGUoMXzIQ/JmmuSFBE1GOu+M8335eHfPeYHeRAs=

Attributes of a Vonage Assigned GPP_K value:

• 64 characters long
• Comprised of HEX characters (A-F, a-f, 0-9) only!
• Example: 9190ca44e4cffb893c2ae43c4bca57fb18f04482a84dcce30d28017e7715a8a0

How do I use VuckFonage?

• Download and install the software (Link)
• Domain Name is ls.tftp.vonage.net
• MAC address is the one on the adapter
• GPP_K value is the one that you saved in the text file
• Select a folder to output the decrypted files
• Click Download and Decrypt
• That’s it. You should save the decrypted file just in case

by TheDiggler Link

The GPP_K and GPP_D values stored in your Vonage PAP2 are for use by Vonage and no one else. The adapter, by default, does not have a GPP_D value stored in it. It receives one of these values if/when the adapter “phones home” to Vonage.

Should your adapter “phone home” to Vonage, it will receive a new set of adapter settings, among which include a new GPP_K value, a populated GPP_D value, new user & admin passwords, and will re-lock your adapter & turn off its web interface! Furthermore, it will likely perform a firmware upgrade to the latest version of the PAP2 firmware (which now makes it extremely difficult to unlock the adapter w/o knowing your adapter’s admin pw).

By storing your “factory fresh” GPP_K value off to the side, you can use it to download and decrypt your Vonage XML Provisioning file(s) at will. A very slick Windows program posted @ BBR, VuckFonage, has been written to automate this process as much as possible.

Since the unlocking process instructs you to disable automatic provisioning, in theory your adapter should never “phone home” to Vonage. HOWEVER, if you perform a FACTORY RESET on the adapter while it’s connected to the internet… POOF! It will immediately “phone home,” change its settings, lock itself, and upgrade its firmware. Without your FACTORY FRESH GPP_K value saved off to the side, you won’t be able to download and decrypt your PRIMARY XML provisioning file (which will contain your admin pw at that time).

If you perform a FACTORY RESET while the PAP2 is NOT connected to the internet, the adapter will still get re-locked; however, you can repeat the standard unlocking process to re-unlock it.

Note: If you switch your adapter over to SPA-1001 firmware, there is no chance of it re-locking even if it “phones home” to Vonage. This is because the PAP2 XML config files aren’t compatible w/ SPA-1001 firmware. Also, performing a FACTORY RESET w/ the adapter in SPA-1001 mode wipes out all configured settings (including the Vonage settings) and keeps the adapter UNLOCKED.

by TheDiggler Link

The GPP_K string (in the PROVISIONING MENU) is the ENCRYPTION KEY used to decrypt the adapter’s individual Vonage update config XML file. Each adapter has a unqiue FACTORY DEFAULT GPP_K key.

The PRIMARY Vonage config file is available via TFTP at:
ls.tftp.vonage.net (ports 21, 69, and 2400)

as filename:
/<GPP_D VALUE>/spa<MAC ADDRESS>.xml
(the default GPP_D value is blank, so the PRIMARY Vonage config XML file is actually: //spa<MAC ADDRESS>.xml)

and decryptable using:
<FACTORY DEFAULT GPP_K key>

The PRIMARY Vonage XML config file sets a few pieces of important info:
1) An ADMIN PASSWORD (different than the FACTORY DEFAULT admin password)
2) A populated GPP_D (directory) value (the default value is blank)
3) A replacement GPP_K (key) vaue

After a PAP2 has been provisioned with its PRIMARY Vonage config XML file, subsequent provisions will assign new pairs of GPP_D/GPP_K values. Thus, each /GPP_D/spa<MAC ADDRESS>.xml file can only be decrypted using the GPP_K key assigned in the prior provisioning file update.

How is the above useful?
1) Currently Vonage only assigns an ADMIN PASSWORD in the PRIMARY config XML FILE. If you decrypt that file (using your adapter’s FACTORY DEFAULT GPP_K key), you’ll have the ADMIN PASSWORD.

2) If Vonage decides to change the ADMIN PASSWORD in a subsequent config file update, you can propogate the various /GPP_D/spa<MAC ADDRESS>.xml config files to obtain the appropriate GPP_K keys for decrypting each subsequent update file.

With the ADMIN PASSWORD, should your PAP2 get re-connected to the internet, assuming you’ve extracted the most current ADMIN PASSWORD assigned, you should be able to UNLOCK your PAP2 by merely going into the IVR interface (i.e. dialing **** on a phone connected to LINE1 of the adapter) and entering the ENABLE WEB INTERFACE COMMAND (7932# I believe) followed by the ADMIN PASSWORD.

• Numeric characters in the admin password are entered as their corresponding numbers.
• Letters are entered as letters on a phone dialpad (i.e. ABC/abe = ‘2′, DEF/def = ‘3′, etc.)
• Non alpha-numeric characters are entered as ZERO (i.e. ‘0′)

by cron Link

Method 1: Convert PAP2 Firmware into a Sipura SPA-1001

By TheDiggler Link

For those wanting to run 2 VoIP services off of ONE PHONE PORT on their PAP2, there’s a great new solution posted at BBR:
Configure Line1 on your PAP2 with two VoSPs

The first post on the 2nd page of the thread contains the following ZIP FILE:
NOTHING TO SEE HERE.ZIP

This ZIP file contains a firmware file to convert the PAP2 into a Sipura SPA-1001 as well as another firmware file to revert the SPA-1001 back into a PAP2. Somebody please host a copy of this ZIP file for B$ because it’ll likely get yanked off of BBR once Linksys/Sipura gets wind of this!

The SPA-1001 is a SINGLE PHONE PORT VoIP adapter providing bi-directional configuration capabilities of 2 VoIP “services” (i.e. phone lines). Both services work for INCOMING & OUTGOING calls on the single phone port. To dial out on the “2nd line”, you simply preceed calls with the “#” key.

With SPA-1001 firmware loaded onto the PAP2:

1) Only one indicator light funtions on the PAP2: ETHERNET indicator

2) The PHYSICAL PORT for LINE2 no longer works (as the SPA-1001 is a SINGLE PORT adapter)

3) The adapter is no longer susceptible to being re-locked by Vonage even if you perform a FACTORY RESET!!! Loading this firmware truly converts the adapter into an UNLOCKED DEVICE.

4) You no longer need to configure any CALL FORWARDING settiings to have 2 VoIP services working off of one phone port!

Diggler

Method 2: Manual Config Using Existing PAP2 Firmware

This is VERY USEFUL, because it either lets you have a TWO VoIP accounts that both “ring” the same phone, OR lets you use one account for all incoming, and a 2nd account for all outgoing (by putting the “phone” on the line with the outgoing VoIP service, and then forwarding all incoming calls on that other VoIP line to that one)!

NOTE: This theory was tested earlier this evening, by forwarding my SPA-2000’s “Line 1″ (setup for FWD) to “Line 2″ (setup for DialPad.com), and then calling my FWD number from Packet8. After I finally got all the pieces in place, my “Line 2″ was happy to “ring”, and when I picked up that phone 2-way talking worked fine! So this appears to work (at least for me). But naturally YMMV. Here are the needed pieces:

1) As in the previous “trick”, you need unique SIP ports and unique userids for the two lines. NOTE: It’s quite OK to use whatever “userid” the provider on that line supplied (for logging into their SIP proxy). You don’t need the UserId set to any specific value, just something unique!2) Again, the line you are forwarding from will need “Make call without reg: Yes”, and the line you want to forward to will need “Ans Call Without Reg: Yes”.3) If you are behind a router (I am), you will need to forward the SIP port of the line you want to ring (the line you are forwarding to) to the SPA. This is probably much easier if you program the SPA for a “static LAN IP” (instead of using DHCP).

4) Your external address will need to either be “static”, _OR_ you will need to use a dynamic DNS service (btw: I’m happy with the free dynamic DNS service from »www.no-ip.com ). This is necessary, as you will need to always know the internet address of your SPA-2000 (not the LAN address, the “external address”) for forwarding to work.

5) Turn on “Cfwd All Serv: yes” on the line you are forwarding “from” (i.e. if you want calls to the VoIP on “Line 1″ to ring “Line 2″, than you set this on “Line 1″).

6) Go over to the “user” tab for the line you are forwarding from, and setup the “Cfwd All Dest:” field as “userid@external_address:sip_port”. For example, if your dynamic DNS entry is “dummy.no-ip.com”, your target line’s userid is “testing”, and the target line’s SIP port is 5063, than you would want to “Cfwd All Dest:” to “testing@dummy.no-ip.com:5063″.

NOTE: I was NOT successful in getting the loopback address (127.0.0.1) working for call forwarding (even though it worked for calling one line from the other, above). I had to use the “external address” for the SPA, to get forwarding to work (even between one line and the other on the same Sipura adapter)!

7) Test the setup. The easiest way is to get a friend to call the VoIP number you are forwarding from, and see if the forwarded to line “rings”. In my case, I verified the setup by using my Packet8 account (and the Packet8 to FWD Gateway) to call my FWD line (line 1 of my SPA-2000), and have the DialPad.com line (Line 2) ring! I then picked up the phones, and verified that two-way talking was working. Success!!!

Link here

Use serial port to do unlocking.