OpenVPN Connects but phones won't pull down config

P315 phones
I can get them to connect without VPN through EPM with DPMA no problem.

Set up OpenVPN server, Turn on VPN permissions in user manager, Statically assign the VPN IP in the VPN server UI, Assign the VPN profile to the phone in EPM, update save and push the config to the phone.

The phone updates and then reboots, connects to the VPN (Shows connected in VPN Server) and then won’t get it’s settings from EPM.

it just stalls out on contacting sip:[email protected]:XXXX;Transport=udp

Any idea what I’m missing???

There was an EPM update. I applied it and now SOME phones are connecting.

Others however will not, no matter what I do. I’ve done everything except totally delete their user manager profile and re-create.

This is driving me nuts. EPM will simply not talk to SOME of these VPN’d phones… VPN server shows the phones connected. They connect fine without VPN but won’t pull down the config from EPM when VPN’d. Other phones however will. Same network…

I’ve deleted the user from user manager and recreated
made sure vpn permissions are set under user mgr
deleted the vpn server profile for the phone and let it re-create
Rebuilt the EPM profile for the phone… deleted and re-created the EPM profile for the phone.

Nothing seems to work

Ok… After enabling TFTP provisioning other phones are now connecting. Does this seem right? Should TFTP provisioning need to be enabled for phones to provision over VPN?