[Asterisk-Users] Phantom problem authenticating with RSA?

Hadar Pedhazur hadar at unorthodox.com
Thu Mar 18 07:03:19 MST 2004 

I have three * servers that are inter-connected, registering with each 
other. Up until yesterday I was authenticating all three with MD5, and 
all was working fine.

Yesterday I switched to RSA, and everything is working as well. I can 
see "AUTHENTICATED" messages on the console if one of the servers is 
restarted and reconnects, etc.

Everything is working fine with calls being passed between them as 
well (which is why I labeled the subject "Phantom problem"). However, 
whenever a call is initiated between the servers I see the following 
"NOTICE" message:

     -- Called local at remote1/2001
     -- Called local at remote2/2001
Mar 18 07:46:19 NOTICE[1150528304]: chan_iax2.c:3507 authenticate: No 
way to send secret to peer 'XX.XX.XX.XX' (their methods: 4)
Mar 18 07:46:19 NOTICE[1150528304]: chan_iax2.c:3507 authenticate: No 
way to send secret to peer 'YY.YY.YY.YY' (their methods: 4)
     -- SIP/sipura-4b82 is ringing
     -- Call accepted by XX.XX.XX.XX (format ULAW)
     -- Format for call is ULAW
     -- IAX2[remote1]/3 stopped sounds
     -- Call accepted by YY.YY.YY.YY (format ULAW)

Method "4" is RSA, which is what I have in all of the iax.conf files 
(below). The call shown above was successfully answered by a sipura 
device connected to remote2, so I am not having an authentication 
problem which is causing a problem at the user experience level, but 
this seems like something is still mis-configured on my part.

Here are the iax.conf entires:

on the "local" machine:
[remote2]
context=remote2-in
type=friend
host=remote2.com       ; not the real name...
auth=rsa
inkeys=remote2
outkey=local

[remote1]
context=remote1-in
type=friend
host=remote1.com       ; not the real name...
auth=rsa
inkeys=remote1
outkey=local

on the "remote1" machine:
[remote2]
context=remote2-in
type=friend
host=remote2.com
auth=rsa
inkeys=remote2
outkey=remote1

[local]
context=local-in
type=friend
host=local.com
auth=rsa
inkeys=local
outkey=remote1

on the "remote2" machine:
[local]
context=from-local
type=friend
auth=rsa
inkeys=local
outkey=remote2
host=dynamic
callgroup=1
pickupgroup=1
qualify=50000

[remote1]
context=from-local
type=friend
auth=rsa
inkeys=remote1
outkey=remote2
host=dynamic
callgroup=1
pickupgroup=1
qualify=50000

Finally, since both local and remote1 are technically behind NAT 
firewalls, and remote2 is on a public IP address, I have register 
statements in both local and remote1 iax.conf files, and that's why 
the entries in remote2 have "host=dynamic" for those machines. I think 
that the "qualify=50000" statements are ignored in the iax.conf file, 
and I will remove them, but since they're in there now, I wanted to 
show the complete entries. Here are the register statements:

on "remote1":
register => remote1:[remote1]@remote2.com

on "local":
register => local:[local]@remote2.com

Any help would be appreciated. Thanks in advance.

More information about the asterisk-users mailing list