Here is a clean, consolidated, step-by-step tutorial based on the raw logs and forum guides you provided. This combines the "Long Method" logic (tricking the router with local servers) and the precise Ubuntu commands needed to run it.
?? Critical Precautions

DO NOT connect the adapter to the live internet. It will instantly talk to Vonage, download updates, and lock itself down completely.

Work offline: Connect the router directly to your PC via an Ethernet cable.

Step 1: Gather Your Files & Determine the MAC Address

Before starting, look at the sticker on the bottom of your RT31P2 or WRT54GP2 and find its MAC Address (a 12-character alphanumeric string like 000F66DDF2EA).

The Vonage Config File: Download your unique encrypted config profile from your browser while connected to the internet:
http://httpconfig.vonage.net/spa[YOUR_MAC_ADDRESS].xml

The Unlocking Firmware: Obtain RT31P2_v1.17.02_000_combin_code.bin (or the WRT54GP2 equivalent).

Rename the Firmware: Trick the device into thinking it is downloading an authorized upgrade by renaming it exactly to:

RT31P2: RT31P2_v1.30.01_000_VM_3.1.06_LI_combin_code.bin

WRT54GP2: wrt54gp2_v1.30.01_000_VM_3.1.06_LI_combin_code.bin

Step 2: Configure Your PC & Local Linux Server

This method uses Linux (dnsmasq) to spoof Vonage's servers locally.
1. Set a Static IP on Your PC

Configure your Linux PC's Ethernet port with a static IP:

IP Address: 192.168.1.100 (or 192.168.1.99)

Subnet Mask: 255.255.255.0

2. Set Up the File Directories

Create a dedicated working folder on your PC (e.g., /home/unlock/). Place the following inside it:

Copy your encrypted spa[YOUR_MAC_ADDRESS].xml file directly into /home/unlock/.

Create a sub-folder matching your MAC address preceded by a plus sign: /home/unlock/+[YOUR_MAC_ADDRESS]/. Place your renamed firmware bin file inside this sub-folder.

3. Launch dnsmasq to Spoof DNS, TFTP, and HTTP

Open a terminal on Ubuntu. First, stop systemd's built-in DNS resolver to free up Port 53:
Bash

sudo systemctl stop systemd-resolved

Now, launch dnsmasq. This single command will route all of Vonage's domains to your local PC IP and spin up a TFTP server pointed at your folder:
Bash

sudo dnsmasq -q --enable-tftp --tftp-root=/home/unlock/ --address=/ls.tftp.vonage.net/vonage.net/voncp.com/192.168.1.100

(Ensure an Apache, Nginx, or simple python HTTP server is also serving the /home/unlock/ directory on port 80).
Step 3: Flash the Unlocking Firmware (1.17.02)

Boot the router while connected to your PC's LAN port. Navigate to 192.168.15.1 in your browser.

Log in using admin / admin. If that fails, go to 192.168.15.1/update.html and try these credentials:

User: user | Password: 7756112 (or tivonpw)

Go to Administration -> Firmware Upgrade, select your renamed 1.17.02 firmware file, and flash it.

Once completed, the system firmware version should read 1.17.02 and voice 2.09 LId.

Step 4: Intercept and Re-Open Voice Web Access

The 1.17.02 firmware has a built-in flaw: it accepts unencrypted plain text XML files.

Move or delete the encrypted Vonage xml file out of your /home/unlock/ TFTP directory.

Create a new plain text file named spa[YOUR_MAC_ADDRESS].xml inside your /home/unlock/ directory. Paste the following text into it:

XML

<flat-profile>
<Restricted_Access_Domains ua="na"></Restricted_Access_Domains>
<Enable_Web_Server ua="na">Yes</Enable_Web_Server>
<Web_Server_Port ua="na">80</Web_Server_Port>
<Enable_Web_Admin_Access ua="na">Yes</Enable_Web_Admin_Access>
<Admin_Passwd ua="na"></Admin_Passwd>
<User_Password ua="na"></User_Password>
<Protect_IVR_FactoryReset ua="na">No</Protect_IVR_FactoryReset>
</flat-profile>

Connect the Ethernet cable from your PC to the WAN port of the router.

Power cycle (unplug and replug) the adapter.

Watch your Linux terminal. dnsmasq should log that it successfully pushed the dummy file:
Plaintext

dnsmasq-tftp[1304]: sent /home/unlock/spa000F66DDF2EA.xml to 192.168.1.102

? Troubleshooting Note: If the terminal log reports a FILE NOT FOUND error pointing to a random string directory (e.g., /a12BcdeFgH/spa...xml), simply create that exact sub-folder inside /home/unlock/, move your dummy XML file inside it, and power cycle the router again.

Step 5: Extract the GPP_K Key and Finalize

With the dummy profile accepted, navigate to: http://192.168.15.1/Voice_adminPage.htm

Go to the Provision tab under the Voice section.

Because you have used a local server environment, performing a Factory Reset right now (via the administration tab or physical button) while the encrypted XML is removed will force the router to reveal its Factory Fresh GPP_K encryption key.

Copy this GPP_K string down into a notepad document. You can use tools like VuckFonage alongside this key later if you ever need to decrypt official payloads.

Step 6: Upgrading to a Stable Firmware

The 1.17.02 firmware is highly unstable and should not be used for daily tasks.

Go back to the Firmware Update page.

Flash the final, stable, official firmware version for your device (e.g., 1.00.52 or latest).

Because the administrative restriction domains were cleared by your dummy file, the Voice Admin tab will remain permanently unlocked and open even on the stable firmware.

Disable all provisioning features in the menu to prevent Vonage from ever locking it again.
_________________________
DM8000, DM800se, DM500HD, DM800HD, DM7025, DM7020s, DM7000, DM500s
VU+ Solo, VU+ Uno, VU+ Duo, Kathrein UFS910
Tivusat, TNTSat, Fransat, SSR/TSR, BBC1-2-3/ITV
DE-OpenBlackHole 1.4 image : http://www.openblackhole.com/