[Asterisk-Users] RE: IAX Incoming/Outgoing

Douglas Garstang dgarstang at oneeighty.com
Sat Mar 25 12:23:23 MST 2006 

I could ask why it can't authenticate against the key, but we've already been there.

So, if I have 5 asterisk systems, and I want to have a different key on each, and each system has a user and a peer section, and I have to use different usernames... oh boy... this sounds like a horrible mess.


> -----Original Message-----
> From: Joshua Colp [mailto:joshnet at nbnet.nb.ca]
> Sent: Saturday, March 25, 2006 12:19 PM
> To: Asterisk Users Mailing List - Non-Commercial Discussion
> Subject: RE: [Asterisk-Users] RE: IAX Incoming/Outgoing
> 
> 
> It still needs to know the username so it knows what entry in 
> iax.conf to use for that information, such as the key to use.
> 
> Joshua Colp
> 
> ----- Original Message -----
> From: Douglas Garstang
> [mailto:dgarstang at oneeighty.com]
> To: Asterisk Users Mailing List -
> Non-Commercial Discussion [mailto:asterisk-users at lists.digium.com]
> Sent:
> Sat, 25 Mar 2006 15:15:24 -0400
> Subject: RE: [Asterisk-Users] RE: IAX
> Incoming/Outgoing
> 
> 
> > Why do I need a username at all if I am doing rsa 
> authentication? Why
> > doesn't it match against the key?
> > 
> > > -----Original Message-----
> > > From: Joshua Colp [mailto:joshnet at nbnet.nb.ca]
> > > Sent: Saturday, March 25, 2006 12:11 PM
> > > To: Asterisk Users Mailing List - Non-Commercial Discussion
> > > Subject: RE: [Asterisk-Users] RE: IAX Incoming/Outgoing
> > > 
> > > 
> > > You do realize you're not sending along a username so it's 
> > > using another method to try to discover the username you're 
> > > trying to authenticate as on the server side? Apparently not.
> > > 
> > > IAX2/username_to_use at peer_entry_to_use/extension at context
> > > 
> > > Joshua Colp
> > > 
> > > ----- Original Message -----
> > > From: Douglas Garstang
> > > [mailto:dgarstang at oneeighty.com]
> > > To: Asterisk Users Mailing List -
> > > Non-Commercial Discussion [mailto:asterisk-users at lists.digium.com]
> > > Sent:
> > > Sat, 25 Mar 2006 14:55:28 -0400
> > > Subject: RE: [Asterisk-Users] RE: IAX
> > > Incoming/Outgoing
> > > 
> > > 
> > > > Well, I just tried your approach. I broke them all up into 
> > > users/peers. Now
> > > > it makes even LESS sense. The pbx1 system is connecting to 
> > > the pbx2 system,
> > > > and according to the iax debug, is sending a username of 
> > > 'pbx3_in'. *lol* 
> > > > 
> > > > [pbx1_in]
> > > > type=user
> > > > auth=rsa
> > > > inkeys=pbx1
> > > > context=global_pbx_transfer
> > > > deny=0.0.0.0
> > > > permit=xxx.187.142.203
> > > > 
> > > > [pbx1_out]
> > > > type=peer
> > > > auth=rsa
> > > > outkey=pbx1
> > > > host=pbx1.ipt.yyy.com
> > > > 
> > > > [pbx2_in]
> > > > type=user
> > > > auth=rsa
> > > > inkeys=pbx2
> > > > context=global_pbx_transfer
> > > > deny=0.0.0.0
> > > > permit=xxx.187.142.204
> > > > 
> > > > [pbx2_out]
> > > > type=peer
> > > > auth=rsa
> > > > outkey=pbx1
> > > > host=pbx2.ipt.yyy.com
> > > > 
> > > > [pbx3_in]
> > > > type=user
> > > > auth=rsa
> > > > inkeys=pbx3
> > > > context=global_pbx_transfer
> > > > deny=0.0.0.0
> > > > permit=xxx.187.142.234
> > > > 
> > > > [pbx3_out]
> > > > type=peer
> > > > auth=rsa
> > > > outkey=pbx1
> > > > host=pbx3.ipt.yyy.com
> > > > 
> > > > Here's how I connect:
> > > > exten =>
> > > > 
> s-CHANUNAVAIL,1,Dial(IAX2/pbx2_out/${ARG1}@global_pbx_transfer,25,g)
> > > > 
> > > > and here's the IAX debug:
> > > > Tx-Frame Retry[000] -- OSeqno: 000 ISeqno: 000 Type: IAX    
> > >  Subclass: NEW  
> > > >  
> > > >    Timestamp: 00003ms  SCall: 00001  DCall: 00000 
> > > [xxx.187.142.204:4569]
> > > >    VERSION         : 2
> > > >    CALLED NUMBER   : 2944099
> > > >    CODEC_PREFS     : (ulaw|g729)
> > > >    CALLING NUMBER  : 2944093
> > > >    CALLING PRESNTN : 0
> > > >    CALLING TYPEOFN : 0
> > > >    CALLING TRANSIT : 0
> > > >    CALLING NAME    : Foo
> > > >    LANGUAGE        : en
> > > >    CALLED CONTEXT  : global_pbx_transfer
> > > >    FORMAT          : 4
> > > >    CAPABILITY      : 65535
> > > >    ADSICPE         : 2
> > > >    DATE TIME       : 2006-03-25  11:54:36
> > > > hestia*CLI> 
> > > >     -- Called pbx2_out/2944099 at global_pbx_transfer
> > > > Rx-Frame Retry[ No] -- OSeqno: 000 ISeqno: 001 Type: IAX    
> > >  Subclass: ACK  
> > > >  
> > > >    Timestamp: 00003ms  SCall: 00002  DCall: 00001 
> > > [xxx.187.142.204:4569]
> > > > Rx-Frame Retry[ No] -- OSeqno: 000 ISeqno: 001 Type: IAX    
> > >  Subclass:
> > > > AUTHREQ
> > > >    Timestamp: 00005ms  SCall: 00002  DCall: 00001 
> > > [xxx.187.142.204:4569]
> > > >    AUTHMETHODS     : 4
> > > >    CHALLENGE       : 129428696
> > > >    USERNAME        : pbx3_in           <---- WHAT THE HELL 
> > > IS THIS DOING
> > > > HERE?
> > > > 
> > > > 
> > > > 
> > > > 
> > > > > -----Original Message-----
> > > > > From: Brian Capouch [mailto:brianc at palaver.net]
> > > > > Sent: Saturday, March 25, 2006 11:46 AM
> > > > > To: Asterisk Users Mailing List - Non-Commercial Discussion
> > > > > Subject: Re: [Asterisk-Users] RE: IAX Incoming/Outgoing
> > > > > 
> > > > > 
> > > > > Douglas Garstang wrote:
> > > > > > This is INSANE! My calling system has this iax.conf:
> > > > > >  
> > > > > 
> > > > > Search the archives for mails about separating 
> > > > > originations/terminations 
> > > > > by removing all friends and setting up the various 
> > > > > interoperating boxes 
> > > > > in a peer-user arrangement.
> > > > > 
> > > > > I am pretty certain there are archived mails that urge 
> > > people who use 
> > > > > IAX to do that, and indicating that the various possible 
> > > ambiguities 
> > > > > with IAX friends is not a Good Thing.
> > > > > 
> > > > > That would seem borne out by your experiences.
> > > > > 
> > > > > I would also follow the time-honored programming technique of 
> > > > > removing 
> > > > > many of your constraints (keys, allow/disallows, etc.) in 
> > > order to 
> > > > > remove as many causes of uncertainty as possible.  Then once 
> > > > > the boxes 
> > > > > are talking those things can be added back in a controlled 
> > > > > manner.  To 
> > > > > my eyes your configurations have an awful lot of 
> variable factors.
> > > > > 
> > > > > Just where the insanity lies is another issue, which I don't 
> > > > > care to get 
> > > > > into at the present time :-)
> > > > > 
> > > > > B.
> > > > > _______________________________________________
> > > > > --Bandwidth and Colocation provided by Easynews.com --
> > > > > 
> > > > > Asterisk-Users mailing list
> > > > > To UNSUBSCRIBE or update options visit:
> > > > >    http://lists.digium.com/mailman/listinfo/asterisk-users
> > > > > 
> > > > _______________________________________________
> > > > --Bandwidth and Colocation provided by Easynews.com --
> > > > 
> > > > Asterisk-Users mailing list
> > > > To UNSUBSCRIBE or update options visit:
> > > >    http://lists.digium.com/mailman/listinfo/asterisk-users
> > > > 
> > > _______________________________________________
> > > --Bandwidth and Colocation provided by Easynews.com --
> > > 
> > > Asterisk-Users mailing list
> > > To UNSUBSCRIBE or update options visit:
> > >    http://lists.digium.com/mailman/listinfo/asterisk-users
> > > 
> > _______________________________________________
> > --Bandwidth and Colocation provided by Easynews.com --
> > 
> > Asterisk-Users mailing list
> > To UNSUBSCRIBE or update options visit:
> >    http://lists.digium.com/mailman/listinfo/asterisk-users
> > 
> _______________________________________________
> --Bandwidth and Colocation provided by Easynews.com --
> 
> Asterisk-Users mailing list
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users
>

More information about the asterisk-users mailing list