TFTP not working

I’ve been beating my head over this for a week now. I’m trying to get a config and firmware update on a Polycom IP6000 phone using End Point Manager and TFTP. The End Point Manager is pushing the config file out to the tftpboot directory, I can see it from the console and reviewed it in nano to confirm that it’s built for the phone. But I cannot get the server to respond to tftp requests, even from the console itself. NMap shows port 69 as “open|filtered”. I’ve confirmed that disabled is set to no. I’ve removed and re-added tftp. I’ve stopped iptables.

At this point I’m baffled; everything looks okay, except it’s not working.

The only unusual thing about this install is that it was originally done on a different network, so the FreePBX host originally had a different IP on a different subnet.

Everything else is working as expected: The management GUI, phones, IVR, inbound/outbound, etc.


What DHCP server? Is it setup correctly?

The DHCP server is what’s built into Win Server 2008 R2. Option 66 isn’t the problem: I can’t connect the the tftp server from the command line in CentOS or using the TFTP tool in Windows. Both result in “Connection Refused”. I’ve also tried specifying the config server manually on the phone with the same result (“Could not contact configuration server”).

Did you set disabled to ‘no’ in the tftp configuration file? This is required.

Yes. That was in my original post.

Ok and how are you starting tftp?

It’s set to start automatically and I’ve confirmed that it’s running in CentOS. I’ve also uninstalled and reinstalled it several times (always changing disable to ‘no’), NMap shows port 69 open and listening. Doesn’t work with IPTables stopped.

I have the tftp client installed on the Win2k8 server and am attempting to connect using tftp x.x.x.x get test.txt

This file existing in the root of the tftpboot directory and is 777. The result of this command is “Connection Refused”.

Update to add: I can actually use tftp to transfer a file within CentOS/FreePBX, so something is blocking UDP 69 from non-localhost. There is nothing in the hosts.allow or hosts.deny files other than the default remarked-out lines.

what if you stop iptables ‘service iptables stop’

Posting an update so that perhaps others can learn from my folly.

  • I installed the tftp client on the FreePBX server and used it to test access to the server. That was successful, so I went back to the Windows server, where I also had a tftp client installed.
  • Still didn’t work. Turned out (after a lot of head-scratching) to be the Windows Firewall blocking tftp.exe. Discovered this when I disabled the firewall and it worked. Then set an exception for tftp.exe, reenabled the firewall, and it worked.
  • The Polycom phone still didn’t work. It’s in a remote office connected with an IPSec VPN, so we questioned whether the routers were passing the UDP traffic correctly through the VPN. But the Bria softphone app on my iPhone works, so we ruled that out.
  • Manually set the boot server on the phone to IP:69 (where IP is the addy of the FreePBX server). Bingo. Turns out that the Polycom phone needs the port (":69") at the end of the IP address. It picked up the bootrom update, the firmware update, and the correct config from the tftp server (all had been placed there by End Point Manager).

At this point I could make calls out, but there was no audio at the speakerphone. This turned out to be the SIP ALG on the remote router (the one in front of the Polycom). This needs to be off in all locations in our design (FreePBX is behind NAT, but it has a full 1:1 mapping with a public IP and ports 5060 and 10000-20000 are open to it).

Of course, most of this frustration would have been avoided (or at least deferred) if the web GUI on the Polycom actually worked (it doesn’t).

Thanks to those who chimed in. Hopefully this helps others work through the problem with less headache.