Trouble managing phones remotely

FreePBX Distro Stable-3.211.63-10 x64
Asterisk 11.4.0
Mostly Grandstream GXP1405 phones

I’m new to the world of VoIP, so my terminology may be a bit off. We are having problems getting config files out to the phones and we can’t reboot them remotely. They are connected to Asterisk, and things like *65 work, but neither the OSS or commercial endpoint manager can manage them. I can add the phone manually, but nothing happens when I try to do something like reboot the phone. In the OSS EM, the phone of course shows up with a red dot after being added manually. Everything seems to be configured correctly on the phone; it shows that it’s registered.

I’ve been searching around and it seems like we should be having this all done through a VPN, but I’d also like to know if there are any other options. We have used some tools from Grandstream to do this, but we would really like to have as much centrally managed in FreePBX as possible.

Not sure why the SIP notify is not surviving through NAT.

As you pointed out VPN’s would save you an incredible amount of grief.

Why is a VPN not appropriate for his environment?

Generally, if you can’t get a VPN working I would suggest managing the phones via the phones web interface. It doesn’t scale well, but gets you by for a few units.

Even if you can’t reboot the phones, they still should be able to grab the config from tftp over Internet. It’s terribly insecure as no password.

He did say they phone was registered…

Would static IPs on the phones (not through NAT, but provided by ISP) allow them to be managed via EPM from an offsite server via Endpoint Manager in FPBX?

Are ther any other ways anyone has been able to manage remote phones?

The tools that do the reboots and network scans don’t work through NAT.

You also can’t reboot a phone that’s not registered with Asterisk. It won’t take the message.


The Remote site does not currently have a VPN set up… With setting up a VPN, that would require further hardware, would it not? I am working on this with TonkaAB…

Is a VPN the only way to get this part working properly with the seperate locations of the servers and the phones?