If you have access to the remote network, you could watch the network traffic from and to the phone. Chances are, the network has implemented a new firewall rule that wasn't in place before (like access to TFTP through the WAN?) and it's jacking you up.
How is the phone configured to download config files? My experience with Cisco (granted 79xx) phones is that they use TFTP to download all of their settings. If that's the case, the VPN might be hosed up. It's also possible that the network addresses on the customer's network changed (with a DHCP server update, perhaps) and now the phone can't communicate with your provisioning server.