Notice: Some of the information below might help you use another VOIP provider, but that doesn't mean that you are legally entitled to. The License Agreement between you, the product owner, and Vonage may legally prevent you from using this device with another provider. Additionally, the following information is provided as is. Certain actions, such as loading new firmware can turn your expensive home router into a useless brick if not done properly. Use of the following information is at your own risk: First, this all started when I tried to use my router and found its performance sucked more than a 'Hoover'. After looking into upgraded firmware (and not getting anywhere), it found that setting the MTU on the router to a lower number was all I need do (and yes, if pays to RTFM: the manual clearly states that the default is 1500 but that they recommend a lower number). So, happy router, happy user... or so it would seem. When the web admin interface failed to load in a timely manner (due to the MTU settings), I tried both telnet and SSH. I did find that SSH is open on the router by default, but I wasn't allowed in... if I'm not then who is??? So I started to look around: SSH Attempts: 1. download and setup a syslog program (such as kiwisyslog.com) 2. login to the web interface to your router and go to admin\log 3. set all logs to go to the IP of the machine running syslog (static is best) 4. attempt to SSH into your router... 5. hit head repeatedly when you can't figure out user/password 6. Notice that "Admin" is accepted as a user 7. Still hit head repeatedly when you can't figure out the password 8. Take a nap, come back later and try a different approach. NOTE: You can also view some of the previous log entries by visiting: http://192.168.15.1/cgi-bin/webcm?getpage=../html/status/syslog.html (after you have logged in) Interesting Web Interface Findings: First thing to notice is that every page (after you have logged in) is actually retrieved by 'webcm': http://192.168.15.1/cgi-bin/webcm?getpage=../html/status/syslog.html What is "webcm?" It is the gatekeeper. It is guarding all the doors. It is holding all the keys, which means that sooner or later, someone is going to have to fight it. Let's break down the above url: http://192.168.15.1 -- your router IP /cgi-bin/ -- path to gatekeeper webcm? --the gatekeeper getpage= --the procedure ../html/status/syslog.html -- the requested page So, the first thing that I noticed is the "../html/" I tried http://192.168.15.1/html/ and was greeted with the standard logon page... This really didn't shock me as it simply presented me with an index page. Next I tried http://192.168.15.1/html/status/ and was presented with a nice directory listing of all the files in status. Being able to see the file is half the battle. If you try and open any of the files you will notice that they show garbage or rather they aren't interpreted. So, any page you want to see must be passed to the 'gatekeeper' (as was done in the above 'syslog.html' URL) With this knowledge I logged in normally to the router and found all the possible html/ directories that I could. Here is a list of the directories (no doubt I've missed some): http://192.168.15.1/html/adv/ http://192.168.15.1/html/admin/ http://192.168.15.1/html/voice/ *-good stuff http://192.168.15.1/html/status/ http://192.168.15.1/html/security/ http://192.168.15.1/html/wireless http://192.168.15.1/html/tools/ And now for the meat .... Here are some of the more interesting pages, including those used to dealing with the SIP settings of the router. Some of them (the voice settings) will try to kick you out by using JS... simply press ESC a few (dozen) times when the page is done loading to prevent your browser from sending you away (this is one case where I found IE to be better as it was slower to try and send me away). http://192.168.15.1/cgi-bin/webcm?getpage=../html/adv/sysinfo.html http://192.168.15.1/cgi-bin/webcm?getpage=../SetupWizard.htm http://192.168.15.1/cgi-bin/webcm?getpage=../html/tools/update_result.html http://192.168.15.1/cgi-bin/webcm?getpage=../html/voice/Provision.html http://192.168.15.1/cgi-bin/webcm?getpage=../html/voice/voiceSip.html And to do another take on the movie: webcm is not the only hope, there is another: http://192.168.15.1/cgi-bin/webcm?getpage=../../ should list not only 'webcm', but 'firmwarecfg' as well. You can view this binary by visiting: http://192.168.15.1/cgi-bin/webcm?getpage=../../firmwarecfg of course you van view the 'gatekeeper' himself by visiting: http://192.168.15.1/cgi-bin/webcm?getpage=../../webcm Back to my firmware issue. I never could update my firmware as the 'user/tivonpw' account was 'not allowed this level of access' or something like that. I did find a page that seemed to deal with flashing the firmware, but didn't seem to work for me: http://192.168.15.1/html/tools/update_result.html and thus: http://192.168.15.1/cgi-bin/webcm?getpage=../html/tools/update_result.html Anyway, I hope these findings are a step in the right direction to actually allowing open firmware to be loaded on this brick. BTW My brick's firmware is version 1.00.18.