[Asterisk-Users] Connecting 2 * Together-Pulling hair out

Chris listmail at odisok.net
Thu May 5 16:00:59 MST 2005


        I will try it tomorrow.   After I got it to work I didn't pay much attention to the other configurations.


Chris

----- Original Message ----- 
From: "Tim Pushor" <timp at crossthread.com>
To: "Asterisk Users Mailing List - Non-Commercial Discussion" <asterisk-users at lists.digium.com>
Sent: Thursday, May 05, 2005 5:14 PM
Subject: Re: [Asterisk-Users] Connecting 2 * Together-Pulling hair out


> Its scattered and hard to find. Once I understood the relationship 
> between user and peer (and friend, somewhat), it was pretty clear. 
> Actually I find RSA authentication much easier than managing 
> usernames/passwords (but I will have about 10 boxes that need to be able 
> to talk to each other).
> 
> I wouldn't consider 'getting to keys' to be a next step in your plan. I 
> would use RSA keys to authenticate the peers to each other rather than 
> passwords.
> 
> Those config files I included work (with the names changed to protect 
> the guilty). It should work for you ..
> 
> Tim
> 
> 
> Chris wrote:
> 
> >    I haven't gotten to keys yet.
> >The documentation out there doesn't seem to be very good.
> >
> >Chris
> >
> >
> >----- Original Message ----- 
> >From: "Tim Pushor" <timp at crossthread.com>
> >To: "Asterisk Users Mailing List - Non-Commercial Discussion" <asterisk-users at lists.digium.com>
> >Sent: Thursday, May 05, 2005 4:06 PM
> >Subject: Re: [Asterisk-Users] Connecting 2 * Together-Pulling hair out
> >
> >
> >  
> >
> >>Personally, if I owned both boxes and had full control of the dialplan 
> >>on both, I'd stay away from passwords. (but be careful what I say, I'm a 
> >>hack)
> >>
> >>I have a bunch of boxes connected together via IAX and authenticating 
> >>via RSA. The entries in iax.conf are simple, and dialing across the 
> >>connection is simple (no passwords in the dialplan) (thanks again Rich 
> >>for taking the time).
> >>
> >>Tim
> >>
> >>Here is a sample of iax.conf entries on machine a:
> >>
> >>[machineb]
> >>type=user
> >>host=machineb.internal.net
> >>auth=rsa
> >>inkeys=machineb
> >>username=machineb
> >>context=inbound
> >>
> >>[machineb]
> >>type=peer
> >>host=machineb.internal.net
> >>auth=rsa
> >>outkey=machinea
> >>username=machinea
> >>
> >>And an example dialplan entry to dial an extention on machineb (in the 
> >>inbound context):
> >>
> >>exten => 333,1,Dial(IAX2/machineb/333)
> >>
> >>And on machinea, the opposite of machineb:
> >>
> >>[machinea]
> >>type=user
> >>host=machinea.internal.net
> >>auth=rsa
> >>inkeys=machinea
> >>username=machinea
> >>context=inbound
> >>
> >>[machinea]
> >>type=peer
> >>host=machinea.internal.net
> >>auth=rsa
> >>outkey=machineb
> >>username=machineb
> >>
> >>To generate the keys:
> >>
> >>on machinea:
> >>
> >>astgenkey -n machinea
> >>mv machinea.* /var/lib/asterisk/keys
> >>
> >>copy machinea.pub to machineb's /var/lib/asterisk/keys
> >>
> >>on machineb:
> >>
> >>astgenkey -n machineb
> >>mv machineb.* /var/lib/asterisk/keys
> >>
> >>copy machineb.pub to machinea's /var/lib/asterisk/keys
> >>
> >>
> >>Chris wrote:
> >>
> >>    
> >>
> >>>   I have something similar.  Both of my servers are behind a firewall and NAT.  You will need to allow UDP 4569 through the firewall for IAX2. If you have NAT you will need to redirect 4569 to the internal server.  
> >>>
> >>>   I would suggest using AMP and then looking at IAX_ADDITIONAL.CONF to see how it's done. You can modify the IAX.CONf because I don't believe AMP rewrites that file.
> >>>
> >>>   I think the user and passwords are required.   I would suggest using a strong password or someone may decide to make a few phone calls.   After this you will need the routing in Extensions.conf to allow calls to be made on this trunk.
> >>>
> >>>   Asterisk will handle the SIP > IAX.    All my clients are SIP and they have no trouble going over a IAX trunk to other SIP devices on the other server.
> >>>
> >>>This is what my IAX_ADDITIONAL.CONF looks like
> >>>
> >>>SiteA - Dynamic IP
> >>>--------------
> >>>[boxb-peer]
> >>>username=boxa-user
> >>>type=peer
> >>>trunk=yes
> >>>secret=mypassword
> >>>host=thehost.dyndns.org
> >>>
> >>>[boxb-user]
> >>>type=user
> >>>secret=mypassword2
> >>>host=thehost.dyndns.org
> >>>context=from-internal
> >>>
> >>>---------------
> >>>Site b - Static IP
> >>>----------------
> >>>
> >>>[boxa-peer]
> >>>username=boxb-user
> >>>type=peer
> >>>trunk=yes
> >>>secret=mypassword2
> >>>host=xxx.xxx.xxx.xxx
> >>>
> >>>[boxa-user]
> >>>type=user
> >>>secret=mypassword
> >>>host=xxx.xxx.xxx.xxx
> >>>context=from-internal
> >>>
> >>>
> >>>Regards,
> >>>
> >>>Chris
> >>>
> >>>
> >>>----- Original Message ----- 
> >>>From: "mr. barker" <cabalitomb at shaw.ca>
> >>>To: "'Asterisk Users Mailing List - Non-Commercial Discussion'" <asterisk-users at lists.digium.com>
> >>>Sent: Thursday, May 05, 2005 1:58 PM
> >>>Subject: RE: [Asterisk-Users] Connecting 2 * Together-Pulling hair out
> >>>
> >>>
> >>> 
> >>>
> >>>      
> >>>
> >>>>Yes trying to connect to boxes together.
> >>>>
> >>>>One sits outside the internal firewall and is on the inside.
> >>>>
> >>>>I am using AMP.  However I can just put whatever I need in the custom.conf
> >>>>sections.
> >>>>The users agents are SIP .. can SIP call go over a IAX trunk ? if so great.
> >>>>To create the trunk do I need to use a users name and password ? or ?
> >>>>
> >>>>I need to have the *box that is behind the firewall to be able to place a
> >>>>call out through the *box that has a public ip.
> >>>>
> >>>>Thank you
> >>>>
> >>>>-----Original Message-----
> >>>>From: asterisk-users-bounces at lists.digium.com
> >>>>[mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Chris
> >>>>Sent: Thursday, May 05, 2005 8:20 AM
> >>>>To: Asterisk Users Mailing List - Non-Commercial Discussion
> >>>>Subject: Re: [Asterisk-Users] Connecting 2 * Together-Pulling hair out
> >>>>
> >>>>   I am not sure what you are trying to do.    I have created an IAX2 trunk
> >>>>between the servers over an internet connection.
> >>>>Then all you have to do is put in call routing on the trunks to forward the
> >>>>call to the right place.  Are you using AMP or trying to do it manually.
> >>>>I found everything a little confusing as well, but it is simple now that I
> >>>>understand it.
> >>>>
> >>>>
> >>>>Chris
> >>>>
> >>>>----- Original Message ----- 
> >>>>From: "mr. barker" <cabalitomb at shaw.ca>
> >>>>To: "'Asterisk Users Mailing List - Non-Commercial Discussion'"
> >>>><asterisk-users at lists.digium.com>
> >>>>Sent: Thursday, May 05, 2005 4:43 AM
> >>>>Subject: [Asterisk-Users] Connecting 2 * Together-Pulling hair out
> >>>>
> >>>>
> >>>>   
> >>>>
> >>>>        
> >>>>
> >>>>> _____  
> >>>>>
> >>>>>Subject: [Asterisk-Users] Connecting 2 * Together-Pulling hair out
> >>>>>
> >>>>>
> >>>>>
> >>>>>I have read the docs on connecting 2* together but am unsure of a few
> >>>>>     
> >>>>>
> >>>>>          
> >>>>>
> >>>>things
> >>>>   
> >>>>
> >>>>        
> >>>>
> >>>>>Do I need a different account for each number that will be called from one
> >>>>>box to the other ? ie. Do I set up a user account on one and then have the
> >>>>>other box log into that account when it whats to make a call ?
> >>>>>
> >>>>>
> >>>>>
> >>>>>I have 2 asterisk boxes and only one of them has the ability to access a
> >>>>>VoipAccount and PSTN connections.(*box 1). The other holds the SIP
> >>>>>extensions for the internal SIP users/exten(*box2)
> >>>>>
> >>>>>I would like to be able to have the box with the Sip UA(*box2) on it to be
> >>>>>able to place a call using the box that has the VoipAccount and PSTN
> >>>>>connection.  I am able to make multiple UA calls on the VoipAccount and 3
> >>>>>     
> >>>>>
> >>>>>          
> >>>>>
> >>>>on
> >>>>   
> >>>>
> >>>>        
> >>>>
> >>>>>the PSTN lines (only have 3 lines coming in).  I can get it to work if I
> >>>>>create a user exten on *box1 and map a trunk(which is really only an
> >>>>>     
> >>>>>
> >>>>>          
> >>>>>
> >>>>exten)
> >>>>   
> >>>>
> >>>>        
> >>>>
> >>>>>using the user/password login to that exten from *box2.  However when I
> >>>>>     
> >>>>>
> >>>>>          
> >>>>>
> >>>>try
> >>>>   
> >>>>
> >>>>        
> >>>>
> >>>>>to place a second call when the VOIP line is in use it gives me error (
> >>>>>basically saying can't use the trunk because it is in use)  I would like
> >>>>>     
> >>>>>
> >>>>>          
> >>>>>
> >>>>to
> >>>>   
> >>>>
> >>>>        
> >>>>
> >>>>>be able to have this exten/trunk to be able to use multiple connections on
> >>>>>it.
> >>>>>
> >>>>>
> >>>>>
> >>>>>There must be an easier way to do this I am just not sure how.  I looked
> >>>>>     
> >>>>>
> >>>>>          
> >>>>>
> >>>>at
> >>>>   
> >>>>
> >>>>        
> >>>>
> >>>>>creating IAX trunks but still come up with the Trunk is really an Exten
> >>>>>name/password .  
> >>>>>
> >>>>>
> >>>>>
> >>>>>Any help would be appreciated. (my brain is boiling eggs)
> >>>>>
> >>>>>
> >>>>>
> >>>>>Thank you.
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>     
> >>>>>
> >>>>>          
> >>>>>
> >>>>----------------------------------------------------------------------------
> >>>>----
> >>>>
> >>>>
> >>>>   
> >>>>
> >>>>        
> >>>>
> >>>>>_______________________________________________
> >>>>>Asterisk-Users mailing list
> >>>>>Asterisk-Users at lists.digium.com
> >>>>>http://lists.digium.com/mailman/listinfo/asterisk-users
> >>>>>To UNSUBSCRIBE or update options visit:
> >>>>>  http://lists.digium.com/mailman/listinfo/asterisk-users
> >>>>>     
> >>>>>
> >>>>>          
> >>>>>
> >>>>_______________________________________________
> >>>>Asterisk-Users mailing list
> >>>>Asterisk-Users at lists.digium.com
> >>>>http://lists.digium.com/mailman/listinfo/asterisk-users
> >>>>To UNSUBSCRIBE or update options visit:
> >>>>  http://lists.digium.com/mailman/listinfo/asterisk-users
> >>>>
> >>>>------------------------------------------------------------------------
> >>>>
> >>>>_______________________________________________
> >>>>Asterisk-Users mailing list
> >>>>Asterisk-Users at lists.digium.com
> >>>>http://lists.digium.com/mailman/listinfo/asterisk-users
> >>>>To UNSUBSCRIBE or update options visit:
> >>>>  http://lists.digium.com/mailman/listinfo/asterisk-users
> >>>>
> >>>>        
> >>>>
> >>_______________________________________________
> >>Asterisk-Users mailing list
> >>Asterisk-Users at lists.digium.com
> >>http://lists.digium.com/mailman/listinfo/asterisk-users
> >>To UNSUBSCRIBE or update options visit:
> >>   http://lists.digium.com/mailman/listinfo/asterisk-users
> >>
> >>------------------------------------------------------------------------
> >>
> >>_______________________________________________
> >>Asterisk-Users mailing list
> >>Asterisk-Users at lists.digium.com
> >>http://lists.digium.com/mailman/listinfo/asterisk-users
> >>To UNSUBSCRIBE or update options visit:
> >>   http://lists.digium.com/mailman/listinfo/asterisk-users
> >>
> _______________________________________________
> Asterisk-Users mailing list
> Asterisk-Users at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-users
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users
> 


More information about the asterisk-users mailing list