[Asterisk-Users] Phantom problem authenticating IAX2 with RSA

[Jon Lewis]

I'm getting exactly the same behavior as was posted about in
http://lists.digium.com/pipermail/asterisk-users/2004-March/040380.html

I've upgraded (both ends) to CVS stable (CVS-v1-0-06/17/05-13:15:49).

Jun 17 13:46:17 NOTICE[15942]: chan_iax2.c:4053 authenticate: No way to
send secret to peer 'a.b.c.d' (their methods: 4)

Immediately after that, I'll see frames go by with
Tx-Frame Retry[000] Subclass: NEW
Rx-Frame Retry[ No] Subclass: AUTHREQ
Tx-Frame Retry[000] Subclass: AUTHREP
Rx-Frame Retry[ No] Subclass: ACCEPT
that make it look very much like rsa authentication is being done, and the
call is accepted.

I noticed this while cleaning up my IAX config...moving away from
type=friend entries to a type=user and a type=peer entry for each system I
send/receive calls to/from.

i.e. on the remote end, I have:

[my.system.name]
username=my.system.name
type=user
auth=rsa
inkeys=my.system.name
context=my.system.name-iax
qualify=no
disallow=all
allow=g729
allow=gsm
deny=0.0.0.0/0.0.0.0
permit=[IP of my.system.name]

On the end I'm calling from:

[remote.system.name]
type=peer
username=my.system.name
auth=rsa
outkey=my.system.name
qualify=no
disallow=all
allow=g729
allow=gsm
host=remote.system.name

The test call is dialed as IAX2/remote.system.name/${EXTEN}
Is there a problem with my config, or is this just an iax2 cosmetic bug?
Each end does have appropriate rsa keys (readable by asterisk) in
/var/lib/asterisk/keys.

BTW, if I'm reading the docs correctly, there are multiple errors in the
wiki:
http://www.voip-info.org/tiki-index.php?page=Asterisk%20IAX%20authentication#comments
where "allow" is incorrectly used [in the context of allowing an IP] where
"permit" was meant.

----------------------------------------------------------------------
 Jon Lewis                   |  I route
 Senior Network Engineer     |  therefore you are
 Atlantic Net                |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________