So I’ve had this come up a couple times and work and I just wanted to add a post here so that I won’t have to go hunting down how to do this again 🙂
So, in Cisco’s documentation, it says to do the following to unlock the phone conifguration (which is locked by default so that it cannot be changed by an over-zealous user):
Step 1 Press **#.
Step 2 Press the settings key.
Step 3 Highlight Network Configuration.
Step 4 Press the Select soft key. The Network Configuration menu is displayed. The lock symbol in the upper right corner of your LCD should be in an unlocked state. The unlocked symbol indicates that you can modify the network settings.
Unfortunately, on newer (or perhaps older? I don’t know, I hate dealing with these phones and only do so when necessary at work) firmwares, that key combination does NOT work. You’ll need to scroll down in the settings menu to #9 and select “Unlock Config”. You’ll then need to enter the password, which is “cisco” by default.
Though I use Linux on most my workstations, I use FreeBSD on my servers. I love it compared to Linux, and I’d use it on my workstations if there was better hardware support. So I wanted to create this post highlight how to setup disk encryption with FreeBSD using GELI (as opposed to Luks, which is what I’m used to on Linux).
First, if needed, remove any partition table on the disk that you’ll be setting up the encryption on and replace it with a GPT partition table. Not a totally necessary step, as you can easily encrypt individual partitions, however this will setup full disk encryption. Keep in mind the devices in the examples should be replaced with whatever is on your system:
gpart destroy -F da0
Now, create a GPT partition table on the disk:
gpart create -s gpt da0
Next create your partition (in this case, I was setting up for a ZFS partition, substitute “freebsd-zfs” for whichever partition type you’d like to use):
gpart add -t freebsd-zfs da0
Generate your encryption key, I placed it in my /boot folder:
dd if=/dev/random of=/boot/encryption.key bs=4096 count=1
Now we’ll actually setup encryption on the device (obviously you can use different options, check out the man page if interested, however these should do well for most cases):
geli init -b -B /boot/da0p1.eli -e AES-XTS -K /boot/encryption.key -l 256 -s 4096 /dev/da0p1
To open the disk. Doing so will create a new device at /dev/[disk].eli:
geli attach -k /boot/encryption.key /dev/da0p1
Now that the disk is open, you can add it to your zfs pool or simply begin using it if you are using UFS:
zpool create [pool] /dev/da0p1.eli
You’ll need to add the following to /boot/loader.conf in order to have it mounted properly on boot:
geli_da0p1_keyfile0_load=”YES”
geli_da0p1_keyfile0_type=”da0p1:geli_keyfile0″
geli_da0p2_keyfile0_name=”/boot/encryption.key”
That’s it! Enjoy your encrypted disk.
I’m more used to the older “route” command with linux, so using the commands that come with iproute2 were a bit different. To add a default gateway using “ip route”, perform the following:
ip route add default via 192.168.1.254
As opposed to this which is from the old route command:
route add default gw 192.168.1.254
