Linphone Provisioning template

cemotyz09

Member
Apr 23, 2020
40
3
8
Provisioning template for linphone. If anyone has any improvements please share. you'd have to add the directory and correct the permissions. Be aware that secure calling is enabled in this template.

Code:
tree /var/www/fusionpbx/resources/templates/provision/ |grep linphone
├── linphone
│       └── {$mac}-linphone.xml

Code:
<?xml version="1.0" encoding="UTF-8"?>
<config xmlns="http://www.linphone.org/xsds/lpconfig.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.linphone.org/xsds/lpconfig.xsd lpconfig.xsd">
  <section name="misc">
    <entry name="transient_provisioning" overwrite="true">1</entry>
    <entry name="uuid" overwrite="true">317971da-65c4-419f-a0ca-69fe26523e2b</entry>
  </section>
  <section name="sip">
    <entry name="verify_server_certs" overwrite="true">0</entry>
    <entry name="verify_server_cn" overwrite="true">0</entry>
    <entry name="media_encryption" overwrite="true">srtp</entry>
  </section>
  <section name="ui">
    <entry name="exit_on_close" overwrite="true">1</entry>
    <entry name="logs_enabled" overwrite="true">1</entry>
  </section>
  <section name="audio_codec_0">
    <entry name="mime" overwrite="true">opus</entry>
    <entry name="enabled" overwrite="true">1</entry>
  </section>
  <section name="audio_codec_1">
    <entry name="mime" overwrite="true">G722</entry>
    <entry name="enabled" overwrite="true">1</entry>
  </section>
  <section name="audio_codec_2">
    <entry name="mime" overwrite="true">speex</entry>
    <entry name="enabled" overwrite="true">0</entry>
  </section>
  <section name="audio_codec_3">
    <entry name="mime" overwrite="true">speex</entry>
    <entry name="enabled" overwrite="true">0</entry>
  </section>
  <section name="audio_codec_4">
    <entry name="mime" overwrite="true">PCMU</entry>
    <entry name="enabled" overwrite="true">1</entry>
  </section>
  <section name="audio_codec_5">
    <entry name="mime" overwrite="true">PCMA</entry>
    <entry name="enabled" overwrite="true">1</entry>
  </section>
  <section name="audio_codec_6">
    <entry name="mime" overwrite="true">GSM</entry>
    <entry name="enabled" overwrite="true">0</entry>
  </section>
  <section name="audio_codec_7">
    <entry name="mime" overwrite="true">G729</entry>
    <entry name="enabled" overwrite="true">0</entry>
  </section>
  <section name="audio_codec_8">
    <entry name="mime" overwrite="true">speex</entry>
    <entry name="enabled" overwrite="true">0</entry>
  </section>
  <section name="audio_codec_9">
    <entry name="mime" overwrite="true">BV16</entry>
    <entry name="enabled" overwrite="true">0</entry>
  </section>
  <section name="audio_codec_10">
    <entry name="mime" overwrite="true">L16</entry>
    <entry name="enabled" overwrite="true">0</entry>
  </section>
  <section name="audio_codec_11">
    <entry name="mime" overwrite="true">L16</entry>
    <entry name="enabled" overwrite="true">0</entry>
  </section>
  <section name="video_codec_0">
    <entry name="mime" overwrite="true">VP8</entry>
    <entry name="rate" overwrite="true">90000</entry>
    <entry name="enabled" overwrite="true">1</entry>
  </section>
  <section name="video_codec_1">
    <entry name="mime" overwrite="true">H264</entry>
    <entry name="enabled" overwrite="true">1</entry>
  </section>
  <section name="proxy_default_values">
    <entry name="avpf" overwrite="true">0</entry>
  </section>
  <section name="auth_info_0">
    <entry name="username" overwrite="true">{$account.1.user_id}</entry>
    <entry name="ha1" >{$account.1.password}</entry>
    <entry name="realm" overwrite="true">{$account.1.server_address}</entry>
    <entry name="domain" overwrite="true">{$account.1.server_address}</entry>
    <entry name="algorithm" overwrite="true">MD5</entry>
  </section>
  <section name="proxy_0">
    <entry name="reg_proxy" overwrite="true">&lt;sip:{$account.1.server_address};transport={if $account.1.sip_transport == 'udp'}udp{/if}{if $account.1.sip_transport == 'tcp'}tcp{/if}{if $account.1.sip_transport == 'tls'}tls{/if}&gt;</entry>
    <entry name="reg_identity" overwrite="true">"{$account.1.display_name}" &lt;sip:{$account.1.user_id}@{$account.1.server_address}&gt;</entry>
    <entry name="reg_route" overwrite="true">&lt;sip:{$account.1.server_address};transport={if $account.1.sip_transport == 'udp'}udp{/if}{if $account.1.sip_transport == 'tcp'}tcp{/if}{if $account.1.sip_transport == 'tls'}tls{/if}&gt;</entry>
    <entry name="realm" overwrite="true">{$account.1.server_address}</entry>
    <entry name="reg_expires" overwrite="true">3600</entry>
    <entry name="reg_sendregister" overwrite="true">{if $account.1.enabled == 'true'}1{else}0{/if}</entry>
    <entry name="publish" overwrite="true">1</entry>
    <entry name="dial_escape_plus" overwrite="true">0</entry>
  </section>
    <section name="auth_info_1">
    <entry name="username" overwrite="true">{$account.2.user_id}</entry>
    <entry name="ha1" overwrite="true">{$account.2.password}</entry>
    <entry name="domain" overwrite="true">{$account.2.server_address}</entry>
    <entry name="realm" overwrite="true">{$account.2.server_address}</entry>
    <entry name="algorithm" overwrite="true">MD5</entry>
  </section>
  <section name="proxy_1">
    <entry name="reg_proxy" overwrite="true">&lt;sip:{$account.2.server_address};transport={if $account.2.sip_transport == 'udp'}udp{/if}{if $account.2.sip_transport == 'tcp'}tcp{/if}{if $account.2.sip_transport == 'tls'}tls{/if}&gt;</entry>
    <entry name="reg_identity" overwrite="true">"{$account.2.display_name}" &lt;sip:{$account.2.user_id}@{$account.2.server_address}&gt;</entry>
    <entry name="reg_route" overwrite="true">&lt;sip:{$account.2.server_address};transport={if $account.2.sip_transport == 'udp'}udp{/if}{if $account.2.sip_transport == 'tcp'}tcp{/if}{if $account.2.sip_transport == 'tls'}tls{/if}&gt;</entry>
    <entry name="realm" overwrite="true">{$account.2.server_address}</entry>
    <entry name="reg_expires" overwrite="true">3600</entry>
    <entry name="reg_sendregister" overwrite="true">{if $account.2.enabled == 'true'}1{else}0{/if}</entry>
    <entry name="publish" overwrite="true">1</entry>
    <entry name="avpf" overwrite="true">0</entry>
    <entry name="dial_escape_plus" overwrite="true">0</entry>
  </section>
</config>
 

cemotyz09

Member
Apr 23, 2020
40
3
8
As far as I can tell it doesn't accept authentication. I use a letsencrypt cert so it uses https.
 

bcmike

Active Member
Jun 7, 2018
325
52
28
52
As far as I can tell it doesn't accept authentication. I use a letsencrypt cert so it uses https.
I would be very careful doing this over a public network without authentication. If somebody can guess your mac (or whatever you use as an identifier) then they can download the provisioning file and get your sip credentials (unless there's something I'm missing??). Http auth isn't perfect but it does put up more of a barrier especially if you pair it with fail2ban.

It's too bad, for us that's a deal breaker. Thanks for sharing though!
 

cemotyz09

Member
Apr 23, 2020
40
3
8
This is for a home network in my case so it's less of an issue for me but good info for others.