Panasonic offers analog, DECT, Digital IP, and SIP phones. Here, we concentrate on the Open-SIP aka generic VoIP/SIP offerings, which can be used with Digium Asterisk for example. Panasonic delivers impressive hardware, advanced technology, for a reasonable price. Nevertheless, Panasonic has many business units that do not relate: For example, the KX-TPA, KX-UDT, and KX-TGQ series are CAT-iq 2.x enabled DECT handsets but have nothing common, because the whole KX-TGQ (including its software) was bought somewhere in China. What about the software of the KX-TPA and KX-UDT? Let us have a look!
08.102
retested in Oct. 2019 with 11.000
retested in May 2020 with 11.112
| Password: | admin/adminpass has to be changed after first use |
| HTTPS: | not available |
| Update: | Web → Maintenance → Firmware HTTPs client does not support TLS-SNI. In the KX-HDV series, the filename has to end with ‘.fw’ and you have to enter the version, otherwise the update does not start. |
| Trust Anchors: | Web → Maintenance → Provisioning → Master File URL: http://www.traud.de/voip/panasonic/sip.cfg That example file contains SIP_TLS_ROOT_CERT_PATH, which must be Base64 encoded certificate(s). The KX-HDV series does not allow a certificate file larger than 6 KB. Otherwise you get [CERT]File download failure by "file size error" in the event log. Therefore, just 4 certificates are possible. |
| SIP-URI User: | Web → VoIP → SIP → Line 1 → Phone Number Web → VoIP → SIP → Line 1 → Authentication ID |
| SIP-URI Host: | Web → VoIP → SIP → Line 1 → Registrar Server Address Web → VoIP → SIP → Line 1 → Proxy Server Address |
| SIP-over-TLS: | Web → VoIP → SIP → Line 1 → Transport Protocol: TLS |
| SDES-sRTP: | Web → VoIP → SIP → VoIP 1 → Advanced → SRTP Mode: SRTP/RTP which is RTP/AVP with crypto |
| SHA-2 Digest: | does not pick MD5, continues without header Authorization, therefore is not able to register; therefore incompatible with Linphone |
| Audio: | AMR-WB octet-aligned mode but not signaled in SDP |
| SIP-URI Dialing: | proxy domain is appended, always |
| SIP-over-TLS: | large SIP messages are ignored or return SIP status 488 (larger than 2 kB) |
| SIP connection: | phone sends TCP-RST after two sometimes four hours, with the default 3600 seconds Mitigation: Web → VoIP → SIP → Line 1 → (Advanced) REGISTER Expires Timer: 3480 (phone takes half, therefore phone re-registers at 29 minutes) |
| Signaling DiffServ: | Web → VoIP → SIP → Line 1 → SIP Packet QoS (DSCP): 40 in IPv6, SIP stays at 0x00 (works for IPv4; works for RTP in IPv4 and IPv6) |
| Audio DiffServ: | not enabled on default Mitigation: Web → VoIP → SIP → VoIP 1 → RTP Packet QoS (DSCP): 46 |
| Video DiffServ: | phone uses the same class for audio and video |
| Video: | own control image is not mirrowed |
| STUN: | does not work with the server stun.1und1.de, I went for stun.gigaset.net; and resolves not before but after the first REGISTER, therefore SIP registration fails with sip.1und1.de |
| SIP Keep-Alive: | works via IPv4, does not work via IPv6 |
| Cipher Suites: | missing TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384; questions its AES-256 sRTP support |
| IP Port Source | not the actual port but SIP_SRC_PORT_n in the SIP header Contact (TCP and TLS affected; works with UDP) Mitigation for TCP: unknown; service has to ignore it and re-use the TCP based connection instead Mitigation for TLS: Web → VoIP → SIP → TLS Port random: No and optionally: Web → VoIP → SIP → Line 1 → Local SIP Port: any value |
| Bugs: | |
| Privacy: | on default, SIP messages contain MAC Mitigation: Web → VoIP → SIP Setting → User Agent → remove {mac} on default, HTTP messages contain MAC Mitigation: Web → Network → HTTP Setting → User Agent → remove {mac} device phones home to https://provisioning.e-connecting.net:443/redirect/conf/{MAC}.cfg Mitigation: avoid IPv4, use IPv6 only |
| Responsible Disclosure: | via E-mail |
| Firmware Update: | missing Automation missing Newsletter |
6.5 V 0.5 A, Coaxial: 4.8 mm × 1.7 mm