DPMA: Fireware upgrade from external phone

Hello guy,

I’m using FreePBX 13.0.197

We mainly use Digium phones (D40, D50 and D70).

Using the “Digium Phones” modules (DPMA).

While using a phone from outside, I just input the IP of the FreePBX server, and since I’m forwarding the port 5060 to it, the phones can provision themselves, no problem !

However, the firmware update keeps failing.

Is there another port used for firmrware update? I’ve been looking around the documentation and can’t find anything.


Firmware and other things are pulled from the file_url_prefix as defined in that item. So, phones make a cURL request to an http address defined by that file_url_prefix.

So it’s via HTTP on port 80?

Any way to change that?

It doesn’t have to be http, it could be https. I’d recommend not doing https though because, where I suspect you’re using the Digium Phones Add-On for FreePBX (this is not the same thing as “DPMA”) it doesn’t do any in-lining of any privately-signed server certificates, which means https is going to fail (unless the server has a valid, publicly-signed SSL certificate) with all phone firmwares newer than 2_3_4 (not D80) or 1_5_2 (D80) unless allow_insecure_ssl is set, which isn’t something that the Digium Phones Add-On sets…but can be set individually on each telephone from the phone’s boot config menu under the option “Allow Dangerous Insecure SSL?”

It doesn’t have to be port 80, but most people don’t run http on anything other than port 80. If a port isn’t defined, port 80 is assumed. The phone doesn’t care, it’ll connect to whatever port you tell it to use.

Phones configured from the Digium Phones Add-on for FreePBX respond to the File URL Prefix option as configured for the phone’s network in the Advanced Options for that network.

If you’re not using the Digium Phones Add-on for FreePBX, or if you’re handy enough to hack things yourself, DPMA versions 2.2 and greater (https://wiki.asterisk.org/wiki/display/DIGIUM/Changes#Changes-Changesfor2.2) allow file_url_prefix prefixed options, like the firmware file from the firmware type, to be replaced with a full URL instead of just the relative / local file name/path. That’d allow for individual control over the firmware location as opposed to any other DPMA file_url_prefix-controlled item.

And, of course, if you’re rolling your own phone configs (https://wiki.asterisk.org/wiki/display/DIGIUM/Advanced+DPMA+Configuration) you can specify whatever URL you want.

We don’t allow the phone to retrieve the firmware file itself across DPMA as a message transport because it’s too large to be efficiently marshaled. The phone has to cURL it down.

What I’m trying to accomplish is to allow remote firmware update.

But my 80 and 443 ports are already used at this IP address.

Right now I’m trying to see if I could push the firmware update through VPN.

Thank you @malcolmd for your explanations and links, it helped a LOT!