[Asterisk-Users] Connecting 2 * Together-Pulling hair out

Chris listmail at odisok.net
Thu May 5 16:08:59 MST 2005 

    It's easy.    NAT has to have redirection.      However IAX uses UDP 4569.
If you include Trunk=yes in your IAX.CONF you will only need one trunk configured.

You can also do "TCPDUMP -i eth0 udp and port 4569"

This will show you the traffic.  You should see bidirectional traffic when the SIP or IAX tries to communicate.   I had trouble with SIP over the internet.    Sip would see the internal address of the Router's WAN.   (static NAT)  I haven't figured a way around it.


Chris

----- Original Message ----- 
From: "mr. barker" <cabalitomb at shaw.ca>
To: "'Asterisk Users Mailing List - Non-Commercial Discussion'" <asterisk-users at lists.digium.com>
Sent: Thursday, May 05, 2005 5:35 PM
Subject: RE: [Asterisk-Users] Connecting 2 * Together-Pulling hair out


> Thank you to both Chris and Tim
> 
> I could not get my head around this .. after seeing the examples it now
> makes sense what needs to be done.  I will give both a whirl tonight.
> 
> I do like the RSA key idea.
> 
> One question is this, will I need multiple accounts on the Static IP
> machines so the Dynamic machine has the ability to make more then one
> concurrent SIP call through the Static IP machine ?
> 
> If I could get the Static IP box to go through the my SMC router it would be
> great.  I tried opening the ports. 5060udp/tcp, 10000-20000udp/tcp.
> Tried even setting the machine in the DMZ zone.  I think the VOIP provider
> just has problems translating through the NAT or something.
> The linux box is running *@home no firewall setting that I know of.
> To much of a Newbie at linux .. lol and I have been at it for almost 1 year
> now and still have soooo much to learn.
> 
> 
> -----Original Message-----
> From: asterisk-users-bounces at lists.digium.com
> [mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Chris
> Sent: Thursday, May 05, 2005 4:46 PM
> To: Asterisk Users Mailing List - Non-Commercial Discussion
> Subject: Re: [Asterisk-Users] Connecting 2 * Together-Pulling hair out
> 
>     I haven't gotten to keys yet.
> The documentation out there doesn't seem to be very good.
> 
> Chris
> 
> 
> ----- Original Message ----- 
> From: "Tim Pushor" <timp at crossthread.com>
> To: "Asterisk Users Mailing List - Non-Commercial Discussion"
> <asterisk-users at lists.digium.com>
> Sent: Thursday, May 05, 2005 4:06 PM
> Subject: Re: [Asterisk-Users] Connecting 2 * Together-Pulling hair out
> 
> 
> > Personally, if I owned both boxes and had full control of the dialplan 
> > on both, I'd stay away from passwords. (but be careful what I say, I'm a 
> > hack)
> > 
> > I have a bunch of boxes connected together via IAX and authenticating 
> > via RSA. The entries in iax.conf are simple, and dialing across the 
> > connection is simple (no passwords in the dialplan) (thanks again Rich 
> > for taking the time).
> > 
> > Tim
> > 
> > Here is a sample of iax.conf entries on machine a:
> > 
> > [machineb]
> > type=user
> > host=machineb.internal.net
> > auth=rsa
> > inkeys=machineb
> > username=machineb
> > context=inbound
> > 
> > [machineb]
> > type=peer
> > host=machineb.internal.net
> > auth=rsa
> > outkey=machinea
> > username=machinea
> > 
> > And an example dialplan entry to dial an extention on machineb (in the 
> > inbound context):
> > 
> > exten => 333,1,Dial(IAX2/machineb/333)
> > 
> > And on machinea, the opposite of machineb:
> > 
> > [machinea]
> > type=user
> > host=machinea.internal.net
> > auth=rsa
> > inkeys=machinea
> > username=machinea
> > context=inbound
> > 
> > [machinea]
> > type=peer
> > host=machinea.internal.net
> > auth=rsa
> > outkey=machineb
> > username=machineb
> > 
> > To generate the keys:
> > 
> > on machinea:
> > 
> > astgenkey -n machinea
> > mv machinea.* /var/lib/asterisk/keys
> > 
> > copy machinea.pub to machineb's /var/lib/asterisk/keys
> > 
> > on machineb:
> > 
> > astgenkey -n machineb
> > mv machineb.* /var/lib/asterisk/keys
> > 
> > copy machineb.pub to machinea's /var/lib/asterisk/keys
> > 
> > 
> > Chris wrote:
> > 
> > >    I have something similar.  Both of my servers are behind a firewall
> and NAT.  You will need to allow UDP 4569 through the firewall for IAX2. If
> you have NAT you will need to redirect 4569 to the internal server.  
> > >
> > >    I would suggest using AMP and then looking at IAX_ADDITIONAL.CONF to
> see how it's done. You can modify the IAX.CONf because I don't believe AMP
> rewrites that file.
> > >
> > >    I think the user and passwords are required.   I would suggest using
> a strong password or someone may decide to make a few phone calls.   After
> this you will need the routing in Extensions.conf to allow calls to be made
> on this trunk.
> > >
> > >    Asterisk will handle the SIP > IAX.    All my clients are SIP and
> they have no trouble going over a IAX trunk to other SIP devices on the
> other server.
> > >
> > >This is what my IAX_ADDITIONAL.CONF looks like
> > >
> > >SiteA - Dynamic IP
> > >--------------
> > >[boxb-peer]
> > >username=boxa-user
> > >type=peer
> > >trunk=yes
> > >secret=mypassword
> > >host=thehost.dyndns.org
> > >
> > >[boxb-user]
> > >type=user
> > >secret=mypassword2
> > >host=thehost.dyndns.org
> > >context=from-internal
> > >
> > >---------------
> > >Site b - Static IP
> > >----------------
> > >
> > >[boxa-peer]
> > >username=boxb-user
> > >type=peer
> > >trunk=yes
> > >secret=mypassword2
> > >host=xxx.xxx.xxx.xxx
> > >
> > >[boxa-user]
> > >type=user
> > >secret=mypassword
> > >host=xxx.xxx.xxx.xxx
> > >context=from-internal
> > >
> > >
> > >Regards,
> > >
> > >Chris
> > >
> > >
> > >----- Original Message ----- 
> > >From: "mr. barker" <cabalitomb at shaw.ca>
> > >To: "'Asterisk Users Mailing List - Non-Commercial Discussion'"
> <asterisk-users at lists.digium.com>
> > >Sent: Thursday, May 05, 2005 1:58 PM
> > >Subject: RE: [Asterisk-Users] Connecting 2 * Together-Pulling hair out
> > >
> > >
> > >  
> > >
> > >>Yes trying to connect to boxes together.
> > >>
> > >>One sits outside the internal firewall and is on the inside.
> > >>
> > >>I am using AMP.  However I can just put whatever I need in the
> custom.conf
> > >>sections.
> > >>The users agents are SIP .. can SIP call go over a IAX trunk ? if so
> great.
> > >>To create the trunk do I need to use a users name and password ? or ?
> > >>
> > >>I need to have the *box that is behind the firewall to be able to place
> a
> > >>call out through the *box that has a public ip.
> > >>
> > >>Thank you
> > >>
> > >>-----Original Message-----
> > >>From: asterisk-users-bounces at lists.digium.com
> > >>[mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Chris
> > >>Sent: Thursday, May 05, 2005 8:20 AM
> > >>To: Asterisk Users Mailing List - Non-Commercial Discussion
> > >>Subject: Re: [Asterisk-Users] Connecting 2 * Together-Pulling hair out
> > >>
> > >>    I am not sure what you are trying to do.    I have created an IAX2
> trunk
> > >>between the servers over an internet connection.
> > >>Then all you have to do is put in call routing on the trunks to forward
> the
> > >>call to the right place.  Are you using AMP or trying to do it manually.
> > >>I found everything a little confusing as well, but it is simple now that
> I
> > >>understand it.
> > >>
> > >>
> > >>Chris
> > >>
> > >>----- Original Message ----- 
> > >>From: "mr. barker" <cabalitomb at shaw.ca>
> > >>To: "'Asterisk Users Mailing List - Non-Commercial Discussion'"
> > >><asterisk-users at lists.digium.com>
> > >>Sent: Thursday, May 05, 2005 4:43 AM
> > >>Subject: [Asterisk-Users] Connecting 2 * Together-Pulling hair out
> > >>
> > >>
> > >>    
> > >>
> > >>> 
> > >>>
> > >>>  _____  
> > >>>
> > >>>Subject: [Asterisk-Users] Connecting 2 * Together-Pulling hair out
> > >>>
> > >>> 
> > >>>
> > >>>I have read the docs on connecting 2* together but am unsure of a few
> > >>>      
> > >>>
> > >>things
> > >>    
> > >>
> > >>> 
> > >>>
> > >>>Do I need a different account for each number that will be called from
> one
> > >>>box to the other ? ie. Do I set up a user account on one and then have
> the
> > >>>other box log into that account when it whats to make a call ?
> > >>>
> > >>> 
> > >>>
> > >>>I have 2 asterisk boxes and only one of them has the ability to access
> a
> > >>>VoipAccount and PSTN connections.(*box 1). The other holds the SIP
> > >>>extensions for the internal SIP users/exten(*box2)
> > >>>
> > >>>I would like to be able to have the box with the Sip UA(*box2) on it to
> be
> > >>>able to place a call using the box that has the VoipAccount and PSTN
> > >>>connection.  I am able to make multiple UA calls on the VoipAccount and
> 3
> > >>>      
> > >>>
> > >>on
> > >>    
> > >>
> > >>>the PSTN lines (only have 3 lines coming in).  I can get it to work if
> I
> > >>>create a user exten on *box1 and map a trunk(which is really only an
> > >>>      
> > >>>
> > >>exten)
> > >>    
> > >>
> > >>>using the user/password login to that exten from *box2.  However when I
> > >>>      
> > >>>
> > >>try
> > >>    
> > >>
> > >>>to place a second call when the VOIP line is in use it gives me error (
> > >>>basically saying can't use the trunk because it is in use)  I would
> like
> > >>>      
> > >>>
> > >>to
> > >>    
> > >>
> > >>>be able to have this exten/trunk to be able to use multiple connections
> on
> > >>>it.
> > >>>
> > >>> 
> > >>>
> > >>>There must be an easier way to do this I am just not sure how.  I
> looked
> > >>>      
> > >>>
> > >>at
> > >>    
> > >>
> > >>>creating IAX trunks but still come up with the Trunk is really an Exten
> > >>>name/password .  
> > >>>
> > >>> 
> > >>>
> > >>>Any help would be appreciated. (my brain is boiling eggs)
> > >>>
> > >>> 
> > >>>
> > >>>Thank you.
> > >>>
> > >>> 
> > >>>
> > >>> 
> > >>>
> > >>> 
> > >>>
> > >>>
> > >>>      
> > >>>
> >
> >>--------------------------------------------------------------------------
> --
> > >>----
> > >>
> > >>
> > >>    
> > >>
> > >>>_______________________________________________
> > >>>Asterisk-Users mailing list
> > >>>Asterisk-Users at lists.digium.com
> > >>>http://lists.digium.com/mailman/listinfo/asterisk-users
> > >>>To UNSUBSCRIBE or update options visit:
> > >>>   http://lists.digium.com/mailman/listinfo/asterisk-users
> > >>>      
> > >>>
> > >>_______________________________________________
> > >>Asterisk-Users mailing list
> > >>Asterisk-Users at lists.digium.com
> > >>http://lists.digium.com/mailman/listinfo/asterisk-users
> > >>To UNSUBSCRIBE or update options visit:
> > >>   http://lists.digium.com/mailman/listinfo/asterisk-users
> > >>
> > >>------------------------------------------------------------------------
> > >>
> > >>_______________________________________________
> > >>Asterisk-Users mailing list
> > >>Asterisk-Users at lists.digium.com
> > >>http://lists.digium.com/mailman/listinfo/asterisk-users
> > >>To UNSUBSCRIBE or update options visit:
> > >>   http://lists.digium.com/mailman/listinfo/asterisk-users
> > >>
> > _______________________________________________
> > Asterisk-Users mailing list
> > Asterisk-Users at lists.digium.com
> > http://lists.digium.com/mailman/listinfo/asterisk-users
> > To UNSUBSCRIBE or update options visit:
> >    http://lists.digium.com/mailman/listinfo/asterisk-users
> 
> _______________________________________________
> Asterisk-Users mailing list
> Asterisk-Users at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-users
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users
>

More information about the asterisk-users mailing list