Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
ISO/IEC 29341-12-2 RemoteAccess Device Configuration Service
ISO/IEC 29341-12-2 — UPnP RemoteAccess — Part 12-2: Device Configuration Service
1. Introduction to the RemoteAccess Device Configuration Service
ISO/IEC 29341-12-2 defines the Device Configuration Service (DCS), the companion service to the RemoteAccess Device Template (29341-12-1) that provides the configuration management plane for remote access gateways. While the Device Template specifies the communication architecture and tunnel mechanics, the DCS defines how the remote access system is configured, how access policies are managed, how credentials are provisioned and revoked, and how the system reports its operational status.
The DCS is implemented on the Remote Access Gateway and exposes a comprehensive set of configuration actions and state variables that enable both local and remote administration. This dual-administration capability is critical because it allows users to configure their remote access system from within the home network during initial setup, while also enabling remote management for ongoing maintenance and policy updates.
The DCS supports configuration locking to prevent conflicting updates. Before making configuration changes, a management client should acquire a configuration lock using the
LockConfig action. This prevents two administrators from simultaneously modifying different parts of the configuration in ways that could produce inconsistent state.A key design principle of the DCS is that all configuration changes are transactional. The BeginConfigTransaction and CommitConfig action pair enables management clients to group multiple related configuration changes into a single atomic operation. If any individual change within the transaction fails, the entire transaction is rolled back, preventing partial configuration updates that could leave the gateway in an inconsistent or non-functional state.
2. Configuration Data Model and Key Variables
The DCS defines a structured configuration data model organized into functional groups: network configuration (WAN and LAN interface settings), tunnel configuration (TLS parameters, keep-alive intervals, port allocations), access policy configuration (client authorization rules, device access permissions), credential management (certificate enrollment, renewal, revocation), and system configuration (logging levels, time synchronization, firmware update settings).
Each configuration parameter is exposed as a UPnP state variable with defined data types, allowed values, and access permissions (read-only, read-write, or write-only for sensitive fields like passwords). The ConfigChangeCounter variable increments each time the configuration is modified, providing a simple mechanism for management clients to detect configuration drift. The PendingConfigChanges variable indicates whether there are uncommitted changes that require a gateway restart to take effect.
| Configuration Group | Key Variables | Modifiable | Impact |
|---|---|---|---|
| Network | WANInterface, LANInterface, DNSOverride | Yes | Connectivity |
| Tunnel | TLSCertificate, KeepAliveInterval, MaxTunnels | Yes | Security + performance |
| Access Policy | AllowedClients, DeviceACL, TimeRestrictions | Yes | Security |
| Credential | CertExpiryDate, CertRenewalStatus | No (read-only) | Security monitoring |
| System | LogLevel, NTPConfig, FirmwareVersion | Yes | Operations |
| Status | ConnectionStatus, TunnelHealth, Uptime | No (read-only) | Monitoring |
Configuration backup files contain sensitive information including access policies, authorized client lists, and network topology data. The
ExportConfig action encrypts the backup using a user-provided passphrase, but the security of the backup ultimately depends on the passphrase strength. Encourage users to deploy a password manager to generate and store a strong, unique passphrase for each gateway’s configuration backup.4. Frequently Asked Questions
Q: Can the DCS be used to configure multiple gateways from a single management console?
A: The DCS operates on a single gateway instance. For multi-gateway management, a higher-level management application would interact with each gateway’s DCS independently, using the standard UPnP control interface.
A: The DCS operates on a single gateway instance. For multi-gateway management, a higher-level management application would interact with each gateway’s DCS independently, using the standard UPnP control interface.
Q: How are factory reset and configuration restore related?
A: Factory reset (
A: Factory reset (
FactoryReset action) clears all configuration including certificates and returns the gateway to its out-of-box state. Configuration restore (ImportConfig action) applies a previously exported configuration file — the gateway must first be in a factory-reset state or have matching certificate trust anchors for the restore to succeed.Q> Does the DCS support role-based access control?
A: Yes. The DCS defines three administrative roles: Administrator (full access including configuration changes and certificate management), Operator (can view configuration and monitor status but cannot modify critical parameters), and Auditor (read-only access to logs and configuration, intended for compliance monitoring).
A: Yes. The DCS defines three administrative roles: Administrator (full access including configuration changes and certificate management), Operator (can view configuration and monitor status but cannot modify critical parameters), and Auditor (read-only access to logs and configuration, intended for compliance monitoring).
Q: What happens if a configuration change causes the gateway to lose connectivity?
A: The DCS implements a commit-rollback mechanism. After applying critical configuration changes (especially network parameters), the gateway starts a commit timer. If the management client does not explicitly confirm the change within the timer period (default: 5 minutes), the gateway automatically reverts to the previous configuration, preventing lockout.
A: The DCS implements a commit-rollback mechanism. After applying critical configuration changes (especially network parameters), the gateway starts a commit timer. If the management client does not explicitly confirm the change within the timer period (default: 5 minutes), the gateway automatically reverts to the previous configuration, preventing lockout.
