Zeroconfig - Giving out WAN IP to Internal Phones


#1

We are running 10.20.17 and just realized that Zeroconfig is giving our phones the external WAN interface from our PBX.

(It is configured in route mode)

It should be giving the 192.168.. address out as the SIP server but has stopped doing so, it was never an issue before this update.

Its not the end of the world, there is no firewalling etc between them but it is a hop thats not needed.

(Also just saw that a new phone is given the External WAN IP during Zeroconfig as its config source)

THoughts? I checked everywhere, LANs are all configured correctly etc.


#2

Can you explain the network topology? Is there a reason to be in route mode?


#3

It sits on the internet so it can talk SIP to the providers, and the LAN is on the internal phone only VLAN.

Right now with it giving out the Internet side IP, traffic is going out the firewall and back in the PBX.

We have some external phones too but they are configured manually to talk to the outside interface.


#4

If I understand correctly, the UCM is directly connected to the Internet on the WAN port?
If so, this is a very risky setup as you are inviting attacks. I encourage you to get a decent router so you can set up firewall rules to prevent unwanted IPs from reaching the PBX and put the device behind it and run the UCM in switch mode.

I have not heard of this specific issue, but if it were me, I would delete the settings and then set them up again.


#5

It is this way due to some bugs in the firewall. We have it locked down pretty hard, as best as we can.

This seems to be only since the newest OS. And phones cannot be reset, because when they do the SIP provision gives them the URL with the external IP which will not work.


#6

I am not suggesting reseting per se, but changing the mode to switch for a few minutes and then changing back to route. Anything that might cause the entries to be re-written.

Otherwise, I can only suggest:

  1. Submitting a ticket
  2. Revert firmware and restoring the backup that was taken just before the upgrade.

#7

I can do that but will have to be out of hours, we are a Fire and Police station so they dont like that happening during business hours, especially now we locked the building down from public access LOL


#8

Good luck and thanks for all you do for us.


#9

Best thing about this is that we had to downgrade to stop it… then they release the security patch and we do that… now we have no phones unless i program the SIP server into them all manually.

Still waiting on GS to respond to the ticket.


#10

Confirmed bug with Grandstream. The Zeroconfig server and firmware server are also wrong.

So their answer is login to each phone and change all three settings, then disable zeroconfig and wait a month or more until next version.

Far from ideal.


#11

I ran into this same problem as well. After the upgrade to 1.0.20.23, ZC started giving out the IP of the “wrong” interface for SIP server and config server. Had been working fine for years before that.


#12

version 1.0.20.23, ucm 6208, i seem to have found this bug after adding a static ip to the wan interface, next thing all the phones have the wan ip for the sip server, the zero config file is causing the issue, you can go into each config file and override the account information, but you will forget it has been over ridden, then it will take you 2 hours to figure out why you cant change the name on the phone because they had their config file account settings over ridden. lots of fun.

totally agree that the crappy patches they release for security fixes also include things that make you go, wtf, huh why


#13

Unfortunately they said today a couple of months until the fix for the version they had us go to for the security patch…

It was fun redoing every phone, by hand … cant wait to undo it all


#14

Hello,
I’m facing the same issue.
Is there an workaround ?


#15

it seems the GDMS.cloud doenst have the issue of changing config settings, so its an alternative if the phones can get to the internet, otherwise you can turn off zero config and manually program the phones(a lot of fun), it also seems you may be able to use zero config, but you have to go to every device under advanced and override all the IP settings, the zero config also causes other odd issues, good luck with it


#16

GS, When will the problem be resolved?