Can FreePBX configure VOIP phones remotely?

Hello there,

I’d like to know if FreePBX can configure VOIP phones remotely when you add a new user to the system. For example the Linksys SPA942, instead of opening the phone’s http web interface and manually making the changes, does FreePBX take care of that?

FreePBX does not as of yet (I do not think so)
But You can create the config file and use tftp to do it.

I have not messed with those phones so I do not have a config file to share

I think there may be a security concern with doing that. If you expose your TFTP server to the Internet, there is nothing to stop a would be hacker from spoofing your phone’s MAC address and downloading one of your configs, giving them a fully configured extension on your system.

Wojtek, FreePBX does not, but many of the distros that bundle with FreePBX might. Many due for local subnet based phones, remote phones are real hard as how does the system know about them?

Almost always when doing a remote phone I’d hope it was behind a firewall so that the phones web interface is not open to hackers, which would also then stop a remote configure from happening.

TFTP is not a secure protocol and I’d not use it over the open and wild internet as you are setting yourself up to get hacked or worse, spoofed. It happens and there are posts on this site about it. IT’s so easy for somebody to figure out how to get your extension info and then wait for a Friday evening when they can connect to your phone system as that phone and quikly rack up 100,000 dollars of phone calls in a few hours that you’d be stuck paying for.

We have remote phones and do a minimum secure config on each phone we have as a remote. We take the phone, reset to factory defaults, go into the phone interface and change the protocol to http (from tftp), program the URL and directory name for where it get’s it’s config from. Our phones support a encrypted config format so we post them up on a specific website in a random generated directory name, then send the phones out to the remote location. They plug it in and as long as it can get to the internet it come up and is online. For most phones we even lock down the extension via FreePBX to a given IP or IP range. Unfortunately there are those ISP’s that love to change IP’s every 4 hours and own huge IP blocks so those become a challenge. For those few we’ve gone to having the remote sites using a decent firewall that can VPN and let the VPN protocol deal with IP changes tunneling the phone over it to keep it locked down.

It’s about as secure as you can get with the least amount of provisioning work.

Thank you for your replies guys, be it’s a bit offtopic :slight_smile:
All our phones are on an intranet and not accessible from the outside so I’m not worried about the security.

I just wanted to know if FreePBX could configure those phones or I’ll still have to manually pull up each one’s web interface to modify info as needed after asterisk’s sip/voicemail conf files have been reloaded.

I knew what you where asking for.
tftp is what you are looking for

Which phones were you trying to configure?
The Linksys phones use TFTP
The SPC tool will help you generate the files to dump into your TFTP Folder:
Use option 66 on your DHCP server to tell your phones to grab the provisioning information from your TFTP server.
If you are a linux newb (and not using a distro that does TFTP natively), you can use pumpkin as your TFTP server:

But the best advice is to use a distro that has some of this gear rolled up into it… PIAF ot TB :slight_smile:

paior, I don’t think any one is suggesting using tftp in this scenario. HTTP/S or SFTP is the best way to go(what fskrotzki is talking about.) That coupled with MAC.cfg ( or whatever a config file is for your brand) that is uploaded to the handset and contains the PBX, lines, etc…

This has a brand specific learning curve. Aastra, Snom and Polycom (in that order) are probably the best supported.

Otherwise, you need a remote VPN connection to the other LAN and/or some real firewall rules to do the remote config.

The OP was not asking about the phones being remote from his location
his post was about phones on the same lan, just worded wrong.

Remote as in not have to go to each phone and open the web gui for each phone