[Asterisk-Users] RE: IAX Incoming/Outgoing

Douglas Garstang dgarstang at oneeighty.com
Sat Mar 25 12:15:24 MST 2006 

Why do I need a username at all if I am doing rsa authentication? Why doesn't it match against the key?

> -----Original Message-----
> From: Joshua Colp [mailto:joshnet at nbnet.nb.ca]
> Sent: Saturday, March 25, 2006 12:11 PM
> To: Asterisk Users Mailing List - Non-Commercial Discussion
> Subject: RE: [Asterisk-Users] RE: IAX Incoming/Outgoing
> 
> 
> You do realize you're not sending along a username so it's 
> using another method to try to discover the username you're 
> trying to authenticate as on the server side? Apparently not.
> 
> IAX2/username_to_use at peer_entry_to_use/extension at context
> 
> Joshua Colp
> 
> ----- Original Message -----
> From: Douglas Garstang
> [mailto:dgarstang at oneeighty.com]
> To: Asterisk Users Mailing List -
> Non-Commercial Discussion [mailto:asterisk-users at lists.digium.com]
> Sent:
> Sat, 25 Mar 2006 14:55:28 -0400
> Subject: RE: [Asterisk-Users] RE: IAX
> Incoming/Outgoing
> 
> 
> > Well, I just tried your approach. I broke them all up into 
> users/peers. Now
> > it makes even LESS sense. The pbx1 system is connecting to 
> the pbx2 system,
> > and according to the iax debug, is sending a username of 
> 'pbx3_in'. *lol* 
> > 
> > [pbx1_in]
> > type=user
> > auth=rsa
> > inkeys=pbx1
> > context=global_pbx_transfer
> > deny=0.0.0.0
> > permit=xxx.187.142.203
> > 
> > [pbx1_out]
> > type=peer
> > auth=rsa
> > outkey=pbx1
> > host=pbx1.ipt.yyy.com
> > 
> > [pbx2_in]
> > type=user
> > auth=rsa
> > inkeys=pbx2
> > context=global_pbx_transfer
> > deny=0.0.0.0
> > permit=xxx.187.142.204
> > 
> > [pbx2_out]
> > type=peer
> > auth=rsa
> > outkey=pbx1
> > host=pbx2.ipt.yyy.com
> > 
> > [pbx3_in]
> > type=user
> > auth=rsa
> > inkeys=pbx3
> > context=global_pbx_transfer
> > deny=0.0.0.0
> > permit=xxx.187.142.234
> > 
> > [pbx3_out]
> > type=peer
> > auth=rsa
> > outkey=pbx1
> > host=pbx3.ipt.yyy.com
> > 
> > Here's how I connect:
> > exten =>
> > s-CHANUNAVAIL,1,Dial(IAX2/pbx2_out/${ARG1}@global_pbx_transfer,25,g)
> > 
> > and here's the IAX debug:
> > Tx-Frame Retry[000] -- OSeqno: 000 ISeqno: 000 Type: IAX    
>  Subclass: NEW  
> >  
> >    Timestamp: 00003ms  SCall: 00001  DCall: 00000 
> [xxx.187.142.204:4569]
> >    VERSION         : 2
> >    CALLED NUMBER   : 2944099
> >    CODEC_PREFS     : (ulaw|g729)
> >    CALLING NUMBER  : 2944093
> >    CALLING PRESNTN : 0
> >    CALLING TYPEOFN : 0
> >    CALLING TRANSIT : 0
> >    CALLING NAME    : Foo
> >    LANGUAGE        : en
> >    CALLED CONTEXT  : global_pbx_transfer
> >    FORMAT          : 4
> >    CAPABILITY      : 65535
> >    ADSICPE         : 2
> >    DATE TIME       : 2006-03-25  11:54:36
> > hestia*CLI> 
> >     -- Called pbx2_out/2944099 at global_pbx_transfer
> > Rx-Frame Retry[ No] -- OSeqno: 000 ISeqno: 001 Type: IAX    
>  Subclass: ACK  
> >  
> >    Timestamp: 00003ms  SCall: 00002  DCall: 00001 
> [xxx.187.142.204:4569]
> > Rx-Frame Retry[ No] -- OSeqno: 000 ISeqno: 001 Type: IAX    
>  Subclass:
> > AUTHREQ
> >    Timestamp: 00005ms  SCall: 00002  DCall: 00001 
> [xxx.187.142.204:4569]
> >    AUTHMETHODS     : 4
> >    CHALLENGE       : 129428696
> >    USERNAME        : pbx3_in           <---- WHAT THE HELL 
> IS THIS DOING
> > HERE?
> > 
> > 
> > 
> > 
> > > -----Original Message-----
> > > From: Brian Capouch [mailto:brianc at palaver.net]
> > > Sent: Saturday, March 25, 2006 11:46 AM
> > > To: Asterisk Users Mailing List - Non-Commercial Discussion
> > > Subject: Re: [Asterisk-Users] RE: IAX Incoming/Outgoing
> > > 
> > > 
> > > Douglas Garstang wrote:
> > > > This is INSANE! My calling system has this iax.conf:
> > > >  
> > > 
> > > Search the archives for mails about separating 
> > > originations/terminations 
> > > by removing all friends and setting up the various 
> > > interoperating boxes 
> > > in a peer-user arrangement.
> > > 
> > > I am pretty certain there are archived mails that urge 
> people who use 
> > > IAX to do that, and indicating that the various possible 
> ambiguities 
> > > with IAX friends is not a Good Thing.
> > > 
> > > That would seem borne out by your experiences.
> > > 
> > > I would also follow the time-honored programming technique of 
> > > removing 
> > > many of your constraints (keys, allow/disallows, etc.) in 
> order to 
> > > remove as many causes of uncertainty as possible.  Then once 
> > > the boxes 
> > > are talking those things can be added back in a controlled 
> > > manner.  To 
> > > my eyes your configurations have an awful lot of variable factors.
> > > 
> > > Just where the insanity lies is another issue, which I don't 
> > > care to get 
> > > into at the present time :-)
> > > 
> > > B.
> > > _______________________________________________
> > > --Bandwidth and Colocation provided by Easynews.com --
> > > 
> > > Asterisk-Users mailing list
> > > To UNSUBSCRIBE or update options visit:
> > >    http://lists.digium.com/mailman/listinfo/asterisk-users
> > > 
> > _______________________________________________
> > --Bandwidth and Colocation provided by Easynews.com --
> > 
> > Asterisk-Users mailing list
> > To UNSUBSCRIBE or update options visit:
> >    http://lists.digium.com/mailman/listinfo/asterisk-users
> > 
> _______________________________________________
> --Bandwidth and Colocation provided by Easynews.com --
> 
> Asterisk-Users mailing list
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users
>

More information about the asterisk-users mailing list