[Asterisk-Users] incomming call rejected using IAX2 with FWD

Sat Aug 28 08:55:57 MST 2004

Storm D. J. Petersen wrote:

>I cannot seem to accept incoming calls
>from FWD using IAX2. I followed the
>directions posted at
>www.fwd.pulver.com/advanced/iax
>I can make outgoing calls fine using
>IAX via FWD.  When someone calls me
>from FWD I get the following message:
>Chan_iax2.c:5251 socket_read: Reject
>connect attempt from 65.39.205.121

First, the instructions on the FWD site are no good.

I have just written a tool that configures FWD via IAX and
I, too, ran into some issues with the way the folks at FWD
think IAX should be configured.

Anyway, for inbound you will need this in iax.conf ...

in section [general]

register => 70707:blah at iax2.fwdnet.net

assuming your FWD number was 70707 and your password was
"blah".

further ...

[iaxfwd] ; inbound connections from FWD
; it's got to be 'iaxfwd' or it won't work
type=user
auth=rsa
inkeys=freeworlddialup
disallow=all
allow=ulaw
context=fwd-inbound

You need to make sure that you actually have FWD's public
key.

ls -l /var/lib/asterisk/keys | grep freeworlddialup

shoud return something like ...

-rw-r--r--  1 root  wheel  273 17 Jul 00:36
freeworlddialup.pub

The next thing to watch out for is the context. Make sure
you have a matching context in your extensions.conf. For
the above example it would be something like this ...

[fwd-inbound] ; context for incoming calls from FWD
;
exten => 70707,1,NoOp(Incoming call for FWD #70707)
exten => 70707,2,Dial(SIP/6001,60,r)
exten => 70707,3,Hangup

again assuming your FWD number was 70707 and you wanted
the call to come to a SIP phone with login 6001.

In general, you can see what's going on when you make a
test call by switching on IAX debugging on the Asterisk
console ...

*CLI> iax2 debug

or if you run a server whose default is IAX2 then it would
be iax (without the 2).

this will tell you when the call comes in from FWD, which
username is being used and what context it is being sent
to. Verify this with your configuration and make sure it
all matches up.

You can turn the debugging off again using the command
"iax2 no debug" (or "iax no debug" depending on what you
used to turn it on).

Finally, although you say your outbound FWD is working, I
recommend you change the settings and not use FWD's
recommended settings.

In particular, it is extremely bad style to use a dial
command that contains the password, like so ...

Dial(IAX2/${FWDNUMBER}:${FWDPASSWORD}@iax2.fwdnet.net ...

This should only be used for trouble shooting but never
ever in production. It is very unfortunate that FWD is
showing this on their website leading many newbies to
learn things the improper way.

What you should be doing instead is put the password into
an outbound peer definition and then use a reference to
that in your dial command. Here is how this looks like ...

in iax.conf

[fwd-70707] ; outbound connections to FWD
type=peer
auth=md5
secret=blah
username=70707
qualify=yes
host=iax2.fwdnet.net
disallow=all
allow=ulaw
context=fwd-outbound
callerid="John Doe"<70707>

and in extensions.conf

[fwd-70707] ; context for outcoming calls via FWD #70707
;
exten => _**393[1-9]X.,1,NoOp(Outgoing call to FWD
#${EXTEN:5})
exten => _**393[1-9]X.,2,SetCIDNum(70707)
exten => _**393[1-9]X.,3,SetCIDName(John Doe)
exten =>
_**393[1-9]X.,4,Dial(IAX2/70707 at fwd-70707/${EXTEN:5},60,r)
exten => _**393[1-9]X.,5,Hangup

again, assuming your FWD number was 70707 and you password
was "blah".

This is the proper way to configure outbound connections.

Of course you can stick various bits into global
variables, but the password *doesn't* belong into the dial
command nor into a global variable.

hope this helps
rgds
benjk

--
Sunrise Telephone Systems Ltd
9F Shibuya Daikyo Bldg., 1-13-5 Shibuya, Shibuya-ku, Tokyo, Japan

__________________________________________________
GANBARE! NIPPON!
Yahoo! JAPAN JOC OFFICIAL INTERNET PORTAL SITE
http://mail.ganbare-nippon.yahoo.co.jp/