+- Yealink Forums (http://forum.yealink.com/forum)
+-- Forum: FAQs etc (/forumdisplay.php?fid=38)
+--- Forum: V73 Official Firmware (/forumdisplay.php?fid=41)
+--- Thread: V73 IPV6 missing privacy extensions (/showthread.php?tid=3111)
V73 IPV6 missing privacy extensions - MarioG - 01-08-2015 08:33 AM
I don't know if this is a bug or a missing feature. When using IPV6 the T48G is showing only it global unicast IP address to the SIP server. It should be showing a different address that randomly changes per the IPV6 privacy extension standard. Without that, the global address is exposed to the internet for anyone to access. The privacy address changes so no one can use the address too long to hack into the phone.
Every OS such as Linux, OS X and Windows does this. Also, most devices such as all IOS devices use privacy extensions. A phone system should be made as hack-proof as possible and privacy extensions are very important.
We use prefix delegation to assign the IPV6 address and all our other devices generate privacy addresses that become global but for only the assigned time, usually 24 hours. Privacy extension also are part of the SLAAC assignment standard.
I urge Yealink to implement this if not already done to improve phone security.
RE: V73 IPV6 missing privacy extensions - James_Yealink - 01-08-2015 10:14 AM
Hi MarioG,
As I know this is not supported by our phones and currently don't hear a plan to add this.
Can you please share some documents about this feature? I am not quite aware of this mechnism.
BTW, do you know any IP phoens which have already supported this feature?
Thanks,
James
RE: V73 IPV6 missing privacy extensions - MarioG - 01-10-2015 04:17 AM
Google "IPV6 Privacy extensions" and "IPV6 Temporary addresses" and you will find thousands pf pages on it. The standards are on tools.ietf web site and info on wikipedia, cisco, and many web sites. However, I don't see other SIP phones mention it so it may not be practical for phones since the IP address can change, probably not a good thing.
RE: V73 IPV6 missing privacy extensions - Zeon - 01-30-2015 09:13 AM
Yes this probably is a good idea. I haven't yet been able to get a call through Asterisk 1.8 using IPv6 on T22P but working on it.
Personally I would firewall phones from external connections unless absolutely necessary which is another strong protection in both the IPv4 and IPv6 worlds.