The PAP2 is not a router, it's only an ATA (Analog Terminal Adapter). Thus, it can't directly use a PPPoE connection. It can be plugged into a router though, where the router can handle a PPPoE connection.

Diggler

For those of you still using Telepacket/Callpacket (I have to, since I can't cancel without being forced to pay an early termination fee), I'm beginning to think my phone is the problem, and not Telepacket.

I set call forwarding through Telepacket to my cell phone, and now incoming calls seem to be working just fine...

ok, that was scary. i've been trying to upgrade the firmware to 1001 with no success. however, I did manage to screw up and let vonage take over my pap2 for the past 4 hours and turned it almost into a paper weight.

so I tried to upgrade the to 1001 with http://pap2-ip/upgrade?tftp://myserver/filename.bin

the file would be transferred, the device would blink, but wouldn't turn red or signal it flashed. looked like it just rebooted and my firemware # stayed the same.

actually, let me rewind, i was unable to call http://pap2-ip/upgrade directly because it wanted an admin password which i didn't have, but i was able to call http://pap2-ip/admin/upgrade and that worked in the sense the file was downloaded and the pap2 seemed to do something.

so believing that i needed the admin password to use the upgrade function in http://pap2-ip/upgrade, i went ahead and downloaded the SPA0000.xml file and decrypted it with the GPP_K key. the password from that file didn't work which led me to my next thought.

maybe it needs to download this new .xml file for it to work. i tried the plain text xml with the admin password file from my tftp server, but it didn't seem to like it, but that didn't seem to do anything. So I went ahead and did the factory reset and allowed it to download the new xml. turns out it also downloaded the new firmware 3.1.9 LSc. For whatever reason, DO NOT DOWNLOAD THIS NEW FIRMWARE. One of the things is they prevent users from upgrading firmware and requires admin priviledges.

I spent the next few hours trying to undo the damage. I was about to give up. With the new xml file (which I had the password to), the web user interface was disabled. Factory resetting the device left me gave me the web user interface, but wouldn't allow me to upgrade the firmware without the admin password which i didn't have.

I tried to feed it a plain text xml file with my predefined password, but it didn't like that either.

So almost about to give up, I was wondering if they used the same key to encrypt and decrypt. I went ahead and used the same openssl command that decrypted the file to encrypt it with web interface enabled and user/admin passwords blank. BOOM! It worked!

At this point, I could modify anything in that xml file and it'd take it.

But now, I'm left with a 3.1.9 LSc firmware which won't upgrade to the 1001 which was my original plan. I was able get both VoipBuster and TelePacket working so I was back to square 1.

So I went around reading forums and was wondering if it could be that the firmware just isn't compatible... I went ahead used SPATools and made my own PAP2toSPA2000 and SPA2000toPAP2 bin files and actually got my firmware back down to 3.1.6. However, at this stage, I still can't upgrade to 1001 and was wondering if anyone had a clue on what I might need to do? I can upgrade from http://pap2-ip/upgrade? now tho.

Thanks!

//krunk (^_^x)

I'm not sure why you weren't able to upgrade to SPA-1001. I've upgraded 2 PAP2's to SPA1001 w/o issue.

When converting your PAP2 to SPA1001, use firmware file:
spa1001-03-01-08-SE-c_TO_PAP2hardware.bin

If the TFTP transfer occurs, give the PAP2 perhaps 3-5 minutes to let it process the firmware.

Note: I don't recall whether SPA1001 firmware causes any indiactor lights to turn RED during the upgrade process. When it's done, you're left w/ 1 BLUE indicator light (and that's how it remains thereafter while in SPA1001 mode).

Diggler

P.S. You were very lucky to have saved your GPP_K value for your PAP2 connected to the internet and upgraded by Vonage to PAP2 firmware 3.1.9. You could have used the adapter's IVR (integrated voice response) system to re-enable web access (which would have required the ADMIN PW from the downloaded & decrypted XML file).

i'm having some problems with Telepacket and was wondering if you guys hit this problem. With the soft phone, I can make and receive calls. With the PAP2 and my AT&T 900Mhz cordless phone, I can receive calls and conversation works, but seem to have some trouble making outgoing calls.

When I try to make an outgoing call, the destination phone rings, but then immediately it plays the busy signal and the connection with the other party is lost. My cell phone would ring once and then display a missed call message. As I stated, it works fine with the soft phone.

At first, I was thinking it might be the phone or the pap2, but I was able to make outgoing calls with VoipBuster without any problems.

I was wondering if anyone knew what the problem may be. I've attached a screenshot of my pap2 settings for telepacket (senesitive info blacked out):

http://www.krunk4ever.com/gallery/d/4543-1..._telepacket.png

I had the same problem with an AT&T 2.4GHz phone...I tossed the phone, got another cheapo phone, and the problem went away.

interesting...

guess I'll have to find another fone to try. wonder if costco still has that 5.8ghz fone for $30.

//krunk (^_^x)

The phone I replaced my cheapo AT&T phone with was a 5.8ghz phone, for the record.

This is not to suggest that there is some compatibility issue between AT&T phones with the PAP2 and/or Telepacket/Callpacket.

Anyone here still using Telepacket (not Callpacket, even though they are essentially now one and the same)?

I am signed up for the 95c/month "pay per call" plan, and it has been brought to my attention that the wording of the plan details seems to suggest that I am not getting 100 free in/out minutes PER MONTH. Instead, it looks like I'll be getting 100 in/out minutes to start (meaning once I use up the 100 minutes, I'll be paying 2.9c/min out, 1c/min in).

Here are the details of the pay per call plan.



The funny thing is, I have been charged only once ($0.95) since I've had the service, and I've been using Telepacket since December. Also, I have not used up all 100 incoming or outgoing minutes since signing up, so perhaps that's why I'm not being charged any more...

Hi, there,

I just got a 3.1.3 and it shoule be easy to unlock according to others' comments.
And I carefully followed everything in the quick summary,
and it goes through the first upgrade for PAP2-SP2K.bin smoothly and I saw The power LED will turn RED.
But just after I got excited, the problem came:
" Click the "admin login" link near the top-right. Click the PROVISIONING tab and set PROVISION ENABLE=NO."
After I clicked the link, it poped out a window asking for the pass word for "pap2 admin".
And then I got stuck there and couldn't move forward. I even tried to factory reset again using 73738#, and start the whole process all over, but it didn't work either. Can anyone give me a clue?
Thanks a lot, I really appreciate.

If you got that far, then you already changed the user password to "1234."

When that window pops up, leave the username field blank, and type "1234" for the password (unless you used a different user/pass)

Thanks for the reply, but it didn't work for me either.

I also have same problem to log into admin.

Pl. some one reply.

Which firmware version are you using?

Thanks Cron for reply & asking.

But Puzzel is solved.

In first stage, the file was nor trasfered to PAP2. So after booting, again Linksys Menu was coming. After proper trafer of file using tftp, new Sipura Menu came & was able to log in Admin.

Thanks again for your excellent info.

allright, so i was trying to setup this adapter at a friends house and i performed a factory reset while connected to the internet. I just boned myself didnt I? I tried to redo the unlock but its not working.

if you reset it to factory conditions you might be able to get it to work. there's instructions somewhere on this thread on how to get that to work.

//krunk (^_^x)

You've boned yourself in the sense that the original (easy) unlock process won't work anymore as the adapter has now been upgraded to firmware 3.1.9 (assuming you left the adapter powered on for a while after performing the factory reset while connected to the internet). As of firmware 3.1.7, USER MODE firmware upgrades are no longer permitted (which was the security hole permitting the original unlock method).

Now, if you've saved the GPP_K value for this adapter from when you first unlocked it, the easiest and fastest way to re-unlock it is to:

1) Download & decrypt your adapter's INITIAL UPDATE config file from Vonage (use VuckFonage to simplify this process)

2) Inside the decrypted config file will be a USER PASSWORD and an ADMIN PASSWORD

3) Assuming your adapter's web-server is disabled (check first), dial into the adapter's IVR interface, enter the command 7932# (that command toggles the adapter's web-server on/off), follow that command w/ the ADMIN PW (obtained in the previous step), and then hit the # key. If the ADMIN PW isn't purely numeric, here's a conversion chart for entering letters and symbols:

4) Once the web interface is enabled, in a web-browser navigate to the PAP2's IP address. (You can find out the IP address using the IVR command 110#).

5) If prompted to login, you may first need to login as "user" (followed by the USER PASSWORD obtained in step #2). No conversion gets applied to passwords in the web-interface.

6) Once logged in as "user," click the link for "Admin" mode. Enter the username "admin" (followed by the ADMIN PASSWORD obtained in step #2). Again, no conversion gets applied to passwords in the web-interface.

7) Assuming the above is successful, go to the PROVISIONING TAB, turn off automatic provisioning. Go to the SYSTEM tab, remove Vonage's DNS servers. Feel free to DOWNGRADE the firmware to 3.1.6 (or lower) so that USER MODE firmware upgrades can be performed.

8) The adapter is now unlocked.

If you haven't saved the adapter's GPP_K value (shame on you), and if you can continue to factory reset the adapter, you can still unlock it using an isolated LAN running your own DNS server mimicing Vonage's TFTP & HTTP servers. This is much more involved, so I'll only go through posting those steps if you feel you need to go this route.

Diggler

i have the GPP_K for my other but I never saved it for this adapter, thanks for your help.

Ok, since you don't have the GPP_K value of the adapter which has been upgraded to firmware 3.1.9, before going any further, make sure you can FACTORY RESET THE ADAPTER (while it's disconnected from the internet).

STEP 1: Factory Reset the adapter:

1) Disconnect the adapter from the internet
2) Connect a simple telephone to LINE1
3) Enter IVR mode by dialing: ****
4) Enter the command: 73738# (i.e. R E S E T #)
5) If/when prompted for password, enter one of the 5 "known/common" Vonage USER Passwords:
• 78196365
• 50274537
• 7756112
• 8995523
• 5465866
6) Press the # key after entering a password
7) Repeat the process above until one of the passwords works or you've exhausted the list
8) If prompted to "Press 1 to confirm," do so.

If the adapter successfully factory resets, you may proceed with the next series of steps.
If not, you're pretty much "stuck" at this point and need to find a working Vonage USER Password.


STEP 2: Attempt to access the PAP2's WEB INTERFACE & remove Vonage's DNS settings:

1) Disconnect the internet connection from your BROADBAND ROUTER or BROADBAND MODEM
2) Connect the PAP2 to your ROUTER
3) Connect a PC to the ROUTER
4) In a web-browser, navigate to the PAP2's IP address (if you don't know it, go back into IVR mode and issue command 110#)
5) Go to the "SYSTEM" tab and clear out the "Primary DNS" and "Secondary DNS" entires.

Note: If you can't access the adapter's web interface, so long as the adapter remains disconnected from the internet, the inability to perform this series of steps is not a big deal. The adapter will simply take longer resolving DNS requests (by trying Vonage's IP addresses first, and after failing to reach them, trying DHCP assigned DNS entries next).

STEP 3: Gather/setup the following items:

1) Sipura SPA-2000 Firmware 2.0.9 converted to PAP2 mode firmware and renamed to file: PAP2-bin-03-01-09-LSc.bin (An already converted version of the firmware is availabe in Post #3, Step 3. Use file PAP2-SP2K.bin. If the aforementioned link is down, an alternate location for the files is listed in Post #504).
2) An HTTP Server running on your LOCAL LAN
3) A TFTP Server running on your LOCAL LAN @ Port 69 (for simplicity make this the same PC as the HTTP server)
4) A DNS Server running on your LOCAL LAN (for simplicity make this the same PC as the HTTP & TFTP servers)
5) A DHCP Server running on your LOCAL LAN:
• If you have a BROADBAND ROUTER, this may be used provided you:
  i) Disconnect the INTERNET CONNECTION to the router (i.e. unplug the cable going to the router's WAN port and/or disable any WDS settings)
  ii) Manually configure the PAP2's DNS server to use the IP ADDRESS of your local DNS server (i.e. STEP #4 above). This will need to be done through the PAP2's IVR:
  a) Enter IVR mode by dialing: ****
  b) Enter command 160# to review the current DNS server IP address (if you so desire)
  c) Enter command 161# to set/change the DNS server IP address
  d) Type in the IP address of your LOCAL DNS SERVER, separating octects with an asterisk (*). End input with the # key. Example: if your DNS SERVER's IP address is 192.168.0.50, enter: 192*168*0*50#
  e) Press 1 to SAVE, Press 2 to REVIEW, Press 3 to RE-ENTER, Press * to exit
  f) Upon successfully reviewing the DNS Server IP Address setting, SAVE THE SETTING!
  iii) Remember to clear the PAP2's DNS Server settings after it's been unlocked! (This can be done through the adapter's web interface).
• Internet Connection Sharing (ICS) built into XP may work. Try enabling it on the ETHERNET adapter of your PC (i.e. the same PC running the HTTP, TFTP, and DNS servers)
• 3rd Party DHCP software should work too (for simplicity, make this the same PC as the HTTP, TFTP, and DNS servers)
6) A copy of your adapter's ENCRYPTED Config File (from Vonage's TFTP server) named spa000000000000.xml (where 000000000000 is the MAC ADDRESS of your PAP2)
7) A CROSSOVER Ethernet cable

STEP 4: Configure your LOCAL LAN's DNS Server to mimic Vonage's Servers:

1) Point httpconfig.vonage.net to the LAN IP address running your HTTP server
2) Point ls.tftp.vonage.net to the LAN IP address running your TFTP server
3) (Optional but recommended) Point *.vonage.net to the LAN IP address running your HTTP/TFTP servers
4) (Optional but recommended) Forward UDP ports 21 & 2400 to Port 69 (so that your TFTP server receives traffic on ports 21, 2400, and the default TFTP port of 69). If you don't know how to configure this, setup a 2nd TFTP server listening on PORT 2400. (Vonage seems to use ports 69 & 2400 the most, but they also use 21).

STEP 5: Prepare your local file structure:

1) In your TFTP ROOT directory (or directories if running mulitple TFTP servers), copy your adapter's ENCRYPTED config file to that directory as spa000000000000.xml (where 000000000000 is the MAC ADDRESS of your PAP2)
2) In your HTTP ROOT directory, create sub-directory: +000000000000 (where 000000000000 is the MAC ADDRESS of your PAP2)
3) Copy the modified SPA-2000 v2.0.9 firmware to the HTTP-ROOT/+000000000000/ directory (where 000000000000 is the MAC ADDRESS of your PAP2) as filename PAP2-bin-03-01-09-LSc.bin

STEP 6: Start the UNLOCK PROCESS (i.e. load SPA2000 2.0.9 firmware into your PAP2):

1) Disconnect the ethernet cable from the PC running the HTTP/TFTP/DNS servers
2) Disconnect the POWER cable from the PAP2
3) Connect the PAP2 and the PC to each other:
If using a PC as your DHCP server:
Connect the CROSSOVER Ethernet cable to the PAP2 (on one end) and to the PC running the DNS, TFTP, and HTTP servers (on the other end).
If using a BROADBAND ROUTER as your DHCP server:
• Using a standard ethernet cable, connect the PAP2 to a LAN PORT on your Broadband Router
• Using a standard ethernet cable, connect the PC (running the DNS, TFTP, and HTTP servers) to a LAN PORT on your Broadband Router
• Make sure NOTHING is connected to the WAN PORT of the Broadband Router!
• Make sure any WDS (Wireless Distribution System) settings have been disabled on the Broadband Router! If you don't know what a WDS is and/or haven't set one up, chances are there is nothing to disable.
4) Make sure the PC is powered up and that the DNS, TFTP and HTTP servers are running
5) Power on the PAP2
6) If all goes well, your TFTP server's log will show the PAP2 grabbing the encrypted file.
7) Shortly thereafter, the HTTP server's log should show the PAP2 grabbing the modified SPA2000 v2.0.9 firmware file.
8) Once the PAP2 has loaded the SPA-2000 firmware, one of the indicator lights on the PAP2 should turn RED

STEP 7: (Re-)Open WEB access and configure known USER & ADMIN pws:

1) Create a TEXT FILE called spa000000000000.xml (where 000000000000 is the MAC ADDRESS of your PAP2) as follows:

CODE
<flat-profile>
    <Admin_Passwd ua="na">4321</Admin_Passwd>
    <Enable_Web_Server ua="na">Yes</Enable_Web_Server>
    <Web_Server_Port ua="na">80</Web_Server_Port>
    <Enable_Web_Admin_Access ua="na">Yes</Enable_Web_Admin_Access>
    <Protect_IVR_FactoryReset ua="na">No</Protect_IVR_FactoryReset>
    <User_Password ua="na">1234</User_Password>
</flat-profile>
If creating the file above in NOTEPAD, when SAVING it, it must be saved with ANSI encoding, not UNICODE!!!
2) Copy the new spa000000000000.xml (where 000000000000 is the MAC ADDRESS of your PAP2) file to your TFTP ROOT directory (or directories if running multiple TFTP servers)
3) Power cycle the PAP2
4) Check your TFTP Server's log to see when the file has been grabbed
If the TFTP Server's log shows a FILE NOT FOUND error message, and if the file attempting to be grabbed was requested from an obscurely named sub-directory (i.e. /a12BcdeFgH/spa000000000000.xml), create that sub-directory (a12BcdeFgH) underneath the TFTP Root and move (or copy) the spa000000000000.xml file to that sub-directory. Then re-Power Cycle the PAP2 and re-check the TFTP Server's log.
5) After it's been grabbed & loaded, the adapter's USER password is "1234" and the ADMIN password is "4321"

Note: Sipura SPA-2000 2.0.9 firmware allows PLAIN TEXT config files to be loaded and processed. That is why this unlock "trick" works.

STEP 8: Revert back to PAP2 firmware:

1) Use PAP2 firmware 3.1.6 or LOWER!!!
2) Follow the directions here: Basic Firmware Update Instructions

STEP 9: Obtain the FACTORY FRESH GPP_K key (OPTIONAL but recommended)

1) In STEP 6, the encrypted Vonage Config File got loaded into the adapter. This caused the adapter's FACTORY FRESH GPP_K value to be overwritten w/ one supplied by Vonage.
2) With the adapter disconnected from the internet and loaded w/ PAP2 firmware 3.1.6 or lower, FACTORY RESET THE ADAPTER. This will cause the FACTORY FRESH GPP_K value to be re-loaded, but it will also re-lock the adapter. Before FACTORY RESETTING the adapter though, delete your Vonage Encrypted spa000000000000.xml file from your TFTP ROOT! Otherwise, upon performing a FACTORY RESET, your adapter will request and process this file, a file which DISABLES THE ADAPTER'S WEB INTERACE!
3) Repeat the ORIGINAL (easy) UNLOCK process (i.e. perform the entire series of steps listed in POST #4 of this thread)
4) After the adapter has been re-unlocked, extract the GPP_K value and save it! This value is located in the "Provisioning" tab of the adapter's web-interface (i.e login as "admin," switch to "advanced" mode and click on the "Provisioning" tab).

How do you tell the difference beween the FACTORY FRESH GPP_K value and a Vonage assigned one?

Attributes of the FACTORY FRESH GPP_K value:
• 44 characters long
• Comprised of alpha (A-Z, a-z), numeric (0-9), and symbols
• Ends with an EQUAL SIGN (=)
• Example: n6KClGUoMXzIQ/JmmuSFBE1GOu+M8335eHfPeYHeRAs=

Attributes of a Vonage Assigned GPP_K value:
• 64 characters long
• Comprised of HEX characters (A-F, a-f, 0-9) only!
• Example: 9190ca44e4cffb893c2ae43c4bca57fb18f04482a84dcce30d28017e7715a8a0

Diggler

P.S. For a flow-chart summary of most of the above, download pap2-318unl.zip which is also contained in the 4th post here:
http://www.dslreports.com/forum/remark,144...9999~start=1520

wow for complicated. I gave up. Not worth spending any more time when I can just buy a new one for 60.00. Thanks for the help though.

What options does one have with Linksys WRTP54P after doing the required service plan for the $60 rebate? TIA

Diggler! How can I thank you!?!?
I spent the whole sunday trying to unlock my 3.1.9c vonage PAP2.
I read through forums most of the day, and after seing that nobody seemed to have a way to unlock the 3.1.9c firmware, I came to the conclusion that I had to set up a packet sniffer and see what the unit was requesting, give it to it and see what it did next. I had managed to get the unit to swallow the encrypted xml file and the SPA1001 firmware, doing exactly what you described up to step 6 of your procedure. Then I was stuck, because I had no web access and could't reset the unit via IVR (no password worked).
That was last night. Today, after doing some more research (Google is my personal best friend!), I stumbled upon your post, and it all worked perfectly! After 15 minutes of easy work I now have the PAP2 unlocked, with firmware 3.1.3, no admin password requiered, both the factory and the vonage GPP_K values, provisioning disabled... the world is now open to my little PAP2!!!
Actually, this is my second PAP2 unit. I connected the first one to the net right away, ignorant of the whole vonage lock affair, and since I didn't activate a vonage account, the unit was completely deaf (no IVR, no web). I returned it thinking it was defective and got a new one. Only this time I did my homework.
And I learned a lot about networks in the process! What else could I wish?
Thank you SO MUCH!!!!

I'm amazed that you were able to proceed w/ my instructions for unlocking 3.1.9 given that you loaded SPA1001 firmware onto the adapter!

If that firmware never actually loaded onto the adapter, then my instructions would have worked. You could have also modified SPA2000 2.0.9 firmware to contain an SPA1001 header (so that you'd convert the adapter from SPA1001 mode to SPA2000 mode).

At any rate, glad to see my instructions were helpful to somebody.
Now if only DrZoidberg will be willing to try as hard!

Diggler

See this thread @ BroadbandReports for possible firmware hacks which may be compatible w/ that device.

You're right, it was a SPA2000, with Sipura 2.0.9 firmware. I was in a bit of a surmenage after reading so many posts about it In any case, it worked exactly as you described: after getting that fw, the unit it was locked but the clear-text xml file opened it up (that was the missing step I was searching for).



They are surely helpfull to anybody with a 3.1.9c fw, willing to spend a few hours reading through the forums to get the hang of it. Of course, knowing a bit about networks helps a lot, otherwise the learning time increases. I believe that writing a complete, fool-proof guide, that anybody can use without any previous knowledge, would require at least a small book. Hmm, here's an idea: "PAP2 Unlocking for Dummies"!

hi everyone

Nice guide Diggler
i need so much
but u can explain a little more step4 please
if u want

thankz again

i have 3 severs on my pc (http, tftp, dns)
but i dont understand what i do ? then some tips please

Hey! Diggler,
You are great, your instructions for PAP2 fw 3.1.9 have been very helpful in cracking my PAP2 that came with fw 3.1.9(LSc). I just want to add my experience to your great instructions.

At STEP 6:
I observed that after grabbing spa000000000000.xml from TFTP-ROOT folder, PAP2 generates another TFTP request and tries to read spa000000000000.xml from a strange folder name (I would refer it as "AXBYCD" in the following text).

(Note: This folder would be different for everybody, in fact after completing the unlock process I can I came to know that this is GPP_D value sent through the ENCRYPTED Config File (from Vonage's TFTP server) named spa000000000000.xml)

I created that folder under my TFTP-ROOT and copied the same ENCRYPTED Config File (from Vonage's TFTP server) named spa000000000000.xml (where 000000000000 is the MAC ADDRESS of your PAP2)to this folder.

Then I power cycled the PAP2 again. This time I observed that PAP2 grabbed spa000000000000.xml from TFTP-ROOT folder as before and then grabbed spa000000000000.xml again from TFTP-ROOT/AXBYCD folder.

At STEP 7:
I was almost stuck because the xml file was not working for me. With ether net cable connected IVR (Telephone) interface was not working and web interface was completely inaccessible. Then Sukru Bey helped me and sent me a little modified plain text xml file spaPAP2MAC.zipthat contained following code.

I had to copy this file in my TFTP-ROOT/AXBYCD folder instead of TFTP-ROOT folder.
I also copied SP2K-PAP2.bin from our ORIGINAL (easy) UNLOCK process in HTTP-ROOT/+000000000000/ directory.

Power cycled the PAP2 once again. It grabbed the plain test xml file from TFTP-ROOT/AXBYCD then it grabbed SP2K-PAP2.bin from HTTP-ROOT/+000000000000/ directory.

Now the PAP2 had a solid BLUE LED and it was unlocked.

I hope this description might help some novice hacker like myself.

Best of Luck!!!!

Ok, here's what STEP 4 says:


Steps 4.1 - 4.3 are instructions for configuring your DNS server. A DNS (Domain Name Services) server converts "domain names" (i.e. httpconfig.vonage.net, www.yahoo.com, ftp.microsoft.com, etc.) into IP addresses. Step 4.3 above is a suggestion for setting up a WILDCARD DNS ENTRY for "vonage.net" so that "[anything].vonage.net" resolves to the same IP address. If you do STEP 4.3, you should be able to skip steps 4.1 and 4.2 as they'll be implicitly handled by 4.3.

Step 4.4 is perhaps a bit more complex. If you don't know how to setup PORT FORWARDING, the easier solution is to setup 2 different TFTP Server Programs, where one program runs on PORT 69 (the default TFTP port), the other on PORT 2400. If you can find yet a 3rd TFTP server program, feel free to set it up to run on PORT 21. Vonage runs TFTP servers on all 3 ports.

Hope the above helps.

Diggler

thanks for the fast answer but im very stuck on step 6 coz my ftp server grabbing the xml file but dont grabbing the fake 3.1.9 file and my web interface re block again and i have to reset again all, i follow the roxy metod but nothin happend dont grabbing the fake file

please help

thnx

Disconnect the ethernet cable from the PAP2. Then try factory resetting it 5 or 6 times. Then re-connect the Ethernet cable and repeat STEP 6. Hopefully it'll attempt to grab the firmware file. If it doesn't, you're basically stuck until Vonage updates their XML config files to request an upgrade to firmware 3.1.10.

Diggler

voipcheap.com is yet another voipbuster variant. They offer a lot of the free countries that voipbuster used to.

They offer a new feature of Web-Activated Calls when you buy credit. There are more restrictions where credit expires in less than 90 days and the minimum credit is now 10 Euros(~$13) to get unlimited calling.

PAP2 settings are pretty much the same as the others. Just make the changes mentioned here: http://www.voipcheap.com/en/sip.html

Hi, I am a bit unclear about this procedure - Will this leave the ATA as a linksys factory default router or will it still be locked in any way? (following a factory restore?)

If so is there anyway to completely flash the default linksys firmware over the modified vonage version?

TIA
Rich

The standard unlock method leaves the adapter prone to being re-locked upon a TRUE Factory Reset.

The only TRUE Factory Reset "Safe" method I'm aware of is by installing SPA1001 firmware onto the adapter (as discussed in post #86 of this thread).

Diggler

P.S. A new PSEUDO Factory Reset method was recently posted at BBR. The technique discussed in that post allows you to perform the equivalent of a factory reset w/o the adapter phoning home to Vonage thereafter (thus remaining unlocked).

Hi Guys.

I've got a PAP2 FW 3.1.9 that I'm trying to unlock with the guide provided on page 4.

After I made a reset (73738) and removed the DNS entries into the PAP2 (actually I also tried to fill the DNS with my IP address), I can see that the PAP2 is requesting the encrypted spa.xml file from my tftp server, but it seems to freeze on requesting to my DNS server a time server (time.vonage.net which is also redirected to my computer).

Since then, I do not receive any request for downloading the sipura modified fw from my httpd.

Can somebody help me?

Hi Everyone.

This forum is a great resource. A big thank-you to all who devoted their time to such an informative forum. I am in the process of unlocking a PAP2 which has 3.1.9LSc firmware. I am stuck on step 4 trying to set up my DNS server. I am a little over my head and am not quite sure how to to this. I am trying to use Simple DNS Plus, and don't really know how to POINT or Forward the "*.vonage.net" to my PC's IP. Can someone give me some pointers on how and were to set this up on the Simple DNS Plus program. I also am using a Dlink DI-604 router. will this work? I read somewhere here that you must also setup DNS forwarding on your router and that with Dlink you can't have DNS forwarding. Is this the case, Do I need another router? Thanks for any help you can give.

It sounds like you should setup an Network Time Protocol (NTP) server on your computer. If it's a Win2K / WinXP machine, according to this page, you can tweak the Windows Registry to turn your PC into an NTP server. Since you've already pointed time.vonage.net to the IP address of your PC, upon coverting the PC into an NTP server, hopefully your PAP2 will get past the part where it's currently freezing.


If you can't figure out how to point "*.vonage.net," just point the various known fully qualified domain names to your PC instead.

When running a DNS server on a PC, do not use your router! Instead, directly connect your PAP2 to your PC using a crossover ethernet cable.

Diggler

Thanks Diggler,

I understand now that I don't need the router in the picture an to use the crossover cable. What I still don't know how to setup is how to point or forward domain names to my PCs IP address. Where in Simple DNS do I configure this?

Thanks

I'm not familiar w/ Simple DNS; however, the on-line help for "Simple DNS Plus" is available here:
http://www.simpledns.com/help/

It looks like very detailed help information, so I suggest you start there.
If "Simple DNS" is different than "Simple DNS Plus," hopefully the configuration of the two programs is similar.

Diggler

Diggler,

I hope you can help me on this one. I have unlocked my RTP300 as per http://www.dslreports.com/forum/remark,15847480 and everything is running great. I have VoipStunt for outgoing calls on Line 1 and StanaPhone for incoming calls on Line to 2. I am now trying to foward calls from line 2 to line 1 as per this forum and when I add the fowarding in User2 config page(username@myexternalipaddress:line1port#) and reboot I just get a fax sound when calling my stanaphone from my cell??? Not sure why this is happening. I also tried configuring it with the internal IP address as well as a loopback address. I am behind another linksys router WRTP54G but have the DMZ pointing to the RTP300. Any help on this would be GREATLY appriciated as I don't want to go and spend another $150 on a 2 line cordless phone. THANKS!!!

Sorry, I know nothing about the RTP300 as I don't have one. Have you posted your assistance request in that DSL Reports thread? If not, try asking there.

Diggler

Hello, thank you for your instructions, I finally unlocked my PAP2 3.1.9(LsC) and now is with Firmware 3.1.3, I will, post the enterely configuration of my Linux server, all scripts, DHCP, TFTP, IPTABLES(For Port Redirection) NTP HTTP, and also IFCONFIG, again Thank You, you are the best, also lovely_roxy, your script Rocks!

I have a little problem, the last I hope to make this done,
when I connect PAP2 I got a busy signal!! I can not dial other extensions but I can dial FROM other extensions to the PAP2 and work nicely.

When I pick up the phone, and wait, it has a busy tone, then I got a fast busy tone, what can it be? Please Help me,

I will write the enterily guide to how to unlock, please help me in that very last config.

Thank You again, some research in the Google friend, tell me that, the Dial Plan was the problem!!!!

http://forums.whirlpool.net.au/forum-repli...m?t=354154&p=-1

I put that Dial plan, and that Busy Tone NOISE STOPS!!!!

I can now dial the extensions, well It takes 4 to 6 seconds to connect, but I am very Happy!!

Thank you all, thank for your efforts!

Wow, it worked !
Thank you, thank you.
After messing for quite some time (orig. FW2.0.12) and accidently provsioning the damn PAP 2, damn...,
which caused one of those passwords for reset to work ?!?, (did they have another one back then?)
I finally succeded into the 4th day !
Biggest obstacle was the reset password, cause none of them worked, while I had the device unprovisioned...

I did it just on principle and hobby.
There is more than just a satisfying result, it is a call for an open policy,
don't just dump those 60bucks, guys ! Personally, I really don't see why to support these companies.

frosh

bottom line: the reset passwords listed somewhere work as soon the device had loaded its foanage spa...xml

Were you able to factory reset the adapter using one of the 5 passwords listed in the first quote above or did you need to use a new password? If you used a new one, please provide it so that it may be added to the list. Thanks.

Diggler

7756112 was the one. sorry, no news here...
Just let me repeat, none of the provided ones worked, when I unpacked the device,
but it worked after I downloaded spa...xml and provisioned the device.(on my own tftp server)
I had bought it in April 2005, FW 2.0.12,
certainly I messed around a lot, and was ready to give up more than once.

I have another pap2 in use with vonage, no password works on that one.
Probably somebody experienced in digital signalling could use a modem to crack it down ?
sure, it takes a lot onger than just cracking http access.

But, I think, that's an idea!

Also, one of my observations was, that you NEED to hang up after reset or reboot,
otherwise it never starts asking for a tftp address.
(I've been getting lazy hanging up, since the menu **** still comes up, even if you don't)
You could stress that out a little better in your instructions

frosh

Need help!

I just got a new pap2 from circuitcity in May. It's fresh from unopenned box, never been connected to internet. However, I can't start the unlocking cuz I can't http to it. it's a fw 3.1.3

I tried to 73738#, it lets me reset it without asking me any passwd.
I also tried to 7932#, now it asked me the passwd, but none of the 5 passwd mentioned in this tread works. So I now stucked it.

What can I do?

If it's truly got firmware 3.1.3 on it, upon performing a FACTORY RESET, the adapter's web web-interface should be ENABLED. Try the following:

1) Disconnect your router from the broadband modem (i.e. disconnect the router from the internet)

2) Make sure your router has DHCP enabled

3) Connect a PC to a LAN port on your router. Verify that the PC gets assigned an IP Address from the router. You can do this by running ipconfig from a COMMAND PROMPT. If your PC has an IP Address of 192.168.xxx.xxx, it's got a router assigned IP address.

4) Now connect the PAP2 to a LAN port on your router.

5) Plug a phone into PHONE PORT 1 of PAP2

6) FACTORY RESET the PAP2 via IVR mode (and then HANG UP after doing so). If you're not prompted for a password, that's fine. You may need to dial "1" to confirm the FACTORY RESET.

7) Query the PAP2 for its IP address by going back into IVR mode (i.e. dial ****) and issuing command 110#. Record the IP address.

8) Open up a web browser on your PC and navigate to http://IP_ADDRESS_RECORDED_IN_STEP_7

At this point, if your adapter truly has firmware 3.1.3 on it, and if you were able to FACTORY RESET IT, you should be viewing the web interface of the PAP2. You should now proceed with the original easy unlock method to unlock the adapter.

As I wrote above, w/ firmware 3.1.3 a FACTORY RESET should leave the web interface ENABLED. Make sure you're connecting the PAP2 to a device running DHCP (i.e. a broadband ROUTER); however, make sure that DHCP device (i.e. router) is not connected to the internet!

The reason why 7932# isn't working for you is that the adapter has a Factory Fresh ADMIN pw stored in it. The 5 passwords mentioned in this thread are Vonage Assigned USER pws. You need to use an ADMIN password for the 7932# command. Thus, until you've unlocked your adapter, this command won't be of use to you.

Diggler

I got the same problem that PAP2 asks for NTP and did not try to get the new firmware from httpd. Setting NTP server did not help. The PAP2 even did not bother to send a DNS query for httpconfig.vonage.net. Any hint?

well,
pap2 asks for a time server,
but its services don't depend on it.
one hint : HANG UP, after reset.
try this, or
you could upgrade through tftp server using this line,
if the pap2 does not ask for an upgrade...

http://your-pap2/upgrade?tftp://your-pc/firmware.file

ofcourse you replace your-pap2, your-pc and firmware.file
with your values...
use your pap2 user password, when asked for

frosh