Provisioning phones in the wild - FreePBX



  • We have several work-from-home folks who will be receiving Yealink T42S phones for use with our company's new FreePBX system (hosted on Vultr). For the initial configuration, I'll provision them here in the office, then ship them to my users. I'm thinking about future configuration updates and pushing out new firmware for these phones.

    Right now I see two possible solutions for this. I'm sure there are others; thus, this thread.

    Option 1: When new firmware needs to be pushed out, temporarily assign HTTPS provisioning to the Internet zone (Connectivity > Fireall > Services > Extra Services), since by default it's assigned to the Local and Other zones.

    Option 2: Get the public IP addresses of these home users and temporarily assign them to Local or Trusted zone (Connectivity > Firewall > Main > Networks).

    For folks who have phones in the wild, how do you handle configuration and firmware updates for these phones?



  • @eddiejennings said in Provisioning phones in the wild - FreePBX:

    We have several work-from-home folks who will be receiving Yealink T42S phones for use with our company's new FreePBX system (hosted on Vultr). For the initial configuration, I'll provision them here in the office, then ship them to my users. I'm thinking about future configuration updates and pushing out new firmware for these phones.

    Right now I see two possible solutions for this. I'm sure there are others; thus, this thread.

    Option 1: When new firmware needs to be pushed out, temporarily assign HTTPS provisioning to the Internet zone (Connectivity > Fireall > Services > Extra Services), since by default it's assigned to the Local and Other zones.

    Option 2: Get the public IP addresses of these home users and temporarily assign them to Local or Trusted zone (Connectivity > Firewall > Main > Networks).

    For folks who have phones in the wild, how do you handle configuration and firmware updates for these phones?

    I can put the MAC addresses in Yealink RPS for you if you like with your provisioning URL. I am assuming you are drop shipping phones to their homes from the vendor and are talking about provisioning in addition to firewall rules.

    Or maybe you are just talking not using responsive firewall and assigning zones?



  • @bigbear said in Provisioning phones in the wild - FreePBX:

    @eddiejennings said in Provisioning phones in the wild - FreePBX:

    We have several work-from-home folks who will be receiving Yealink T42S phones for use with our company's new FreePBX system (hosted on Vultr). For the initial configuration, I'll provision them here in the office, then ship them to my users. I'm thinking about future configuration updates and pushing out new firmware for these phones.

    Right now I see two possible solutions for this. I'm sure there are others; thus, this thread.

    Option 1: When new firmware needs to be pushed out, temporarily assign HTTPS provisioning to the Internet zone (Connectivity > Fireall > Services > Extra Services), since by default it's assigned to the Local and Other zones.

    Option 2: Get the public IP addresses of these home users and temporarily assign them to Local or Trusted zone (Connectivity > Firewall > Main > Networks).

    For folks who have phones in the wild, how do you handle configuration and firmware updates for these phones?

    I can put the MAC addresses in Yealink RPS for you if you like with your provisioning URL. I am assuming you are drop shipping phones to their homes from the vendor and are talking about provisioning in addition to firewall rules.

    Or maybe you are just talking not using responsive firewall and assigning zones?

    No. I will be getting the phones here in the office first, and making sure they're configured right. The potential shipping savings with having them dropped shipped isn't worth the cost of trying to get them to do the initial configuration of the autoprovision URL. What I'm wondering about is handling firmware updates and, if needed, pushing configuration changes.

    Responsive firewall is on and enabled for SIP traffic. From my testing, even though a home user's extension is registered from their home network and their phone has the appropriate autoprovision URL configured (https://pbx.domain.com:1443), their phone will not get config / firmware changes with the default firewall configuration which has the HTTPS provisoning service in the Local and Other zones.



  • I used the EPM module and manage our remote phones firmware via that.
    Edit: I am using FPBX 13, and T46Gs and a few T48Gs.



  • @eddiejennings said in Provisioning phones in the wild - FreePBX:

    @bigbear said in Provisioning phones in the wild - FreePBX:

    @eddiejennings said in Provisioning phones in the wild - FreePBX:

    We have several work-from-home folks who will be receiving Yealink T42S phones for use with our company's new FreePBX system (hosted on Vultr). For the initial configuration, I'll provision them here in the office, then ship them to my users. I'm thinking about future configuration updates and pushing out new firmware for these phones.

    Right now I see two possible solutions for this. I'm sure there are others; thus, this thread.

    Option 1: When new firmware needs to be pushed out, temporarily assign HTTPS provisioning to the Internet zone (Connectivity > Fireall > Services > Extra Services), since by default it's assigned to the Local and Other zones.

    Option 2: Get the public IP addresses of these home users and temporarily assign them to Local or Trusted zone (Connectivity > Firewall > Main > Networks).

    For folks who have phones in the wild, how do you handle configuration and firmware updates for these phones?

    I can put the MAC addresses in Yealink RPS for you if you like with your provisioning URL. I am assuming you are drop shipping phones to their homes from the vendor and are talking about provisioning in addition to firewall rules.

    Or maybe you are just talking not using responsive firewall and assigning zones?

    No. I will be getting the phones here in the office first, and making sure they're configured right. The potential shipping savings with having them dropped shipped isn't worth the cost of trying to get them to do the initial configuration of the autoprovision URL. What I'm wondering about is handling firmware updates and, if needed, pushing configuration changes.

    Responsive firewall is on and enabled for SIP traffic. From my testing, even though a home user's extension is registered from their home network and their phone has the appropriate autoprovision URL configured (https://pbx.domain.com:1443), their phone will not get config / firmware changes with the default firewall configuration which has the HTTPS provisoning service in the Local and Other zones.

    The Yealink service makes this Zero touch and is free. So no entering URL. It's turn key.

    Whoever you got phones from should have this.

    If you have a phone I can show you how to test it. Also is amazing if you ever have to default a phone that is remote.

    Also for real time changes the EPM does this. If you're using @JaredBusch method I think you have to reboot the phones for changes to take effect, which can also be done from FreePBX.



  • @bigbear said in Provisioning phones in the wild - FreePBX:

    The Yealink service makes this Zero touch and is free. So no entering URL. It's turn key.

    Not as simple as that. Yealink's RPS is designed for resellers. not individual companies.

    Also even if he had access to the RPS, all that does it tell the phone where the real config server is and that doe snot solve his problem of the phones not getting access to the config.



  • @bigbear said in Provisioning phones in the wild - FreePBX:

    Also for real time changes the EPM does this.

    It does not do real time changes over HTTP with remote phones. At least I have not witness this.



  • @bigbear said in Provisioning phones in the wild - FreePBX:

    If you're using @JaredBusch method I think you have to reboot the phones for changes to take effect, which can also be done from FreePBX.

    All my phones are set to auto provision on power up as well as nightly about 3am or so.

    It is rare that a phone needs updated so badly that instant is needed.



  • Forgot to add this earlier, something else I can do (with the SysAdmin Pro module) is setup credentials for HTTPS provisioning, so could put HTTPS provisioning in the Internet zone and use a complex username / password combination (which I'd configure before shipping out the phones).



  • @eddiejennings said in Provisioning phones in the wild - FreePBX:

    Forgot to add this earlier, something else I can do (with the SysAdmin Pro module) is setup credentials for HTTPS provisioning, so could put HTTPS provisioning in the Internet zone and use a complex username / password combination (which I'd configure before shipping out the phones).

    Yes



  • I'm just always surprised at the lack of Yealink RPS use. Who is the Yealink reseller?

    I'm gonna post some screen shots to hopefully give a better explanation.

    @JaredBusch good thought but I have seen t4 phones occasionally need defaulted or become defaulted after a stalled boot. Maybe 1 per 1,000 phones but it happens. RPS is great for this and for drop shipping.



  • @bigbear said in Provisioning phones in the wild - FreePBX:

    I'm just always surprised at the lack of Yealink RPS use. Who is the Yealink reseller?

    I buy from Baltic Networks mostly.

    I contact Yealink directly and asked about getting access to RPS.

    This was the response. Remember, I do not sell hardware. I assist clients with purchases or recommend locations to purchase.
    0_1507323055223_dc34b370-c8a3-47f3-8f47-9d494b3d1641-image.png



  • @jaredbusch said in Provisioning phones in the wild - FreePBX:

    @bigbear said in Provisioning phones in the wild - FreePBX:

    I'm just always surprised at the lack of Yealink RPS use. Who is the Yealink reseller?

    I buy from Baltic Networks mostly.

    I contact Yealink directly and asked about getting access to RPS.

    This was the response. Remember, I do not sell hardware. I assist clients with purchases or recommend locations to purchase.
    0_1507323055223_dc34b370-c8a3-47f3-8f47-9d494b3d1641-image.png

    Yeah it has to be opened through a distributor. You have to have a sale with them but then you can add used or existing Yealinks to your account and it works too.

    I dont think Baltic can do it, but the company they purchase from can.

    You also have to have V80 firmware to start, which all T4 and T5 series do. Some T2 have it, no T3 models do.



  • The resellers used to do it manually and charged $1 a phone, which is why I think adoption stalled. Plus documentation is horrible. Once you are in the portal its pretty obvious what can be done.

    I have linked my GUI so that when you add a phone's mac address to my service it uses Yealink API to automatically configured RPS.