[Asterisk-Users] Re: IAX Incoming/Outgoing
Noah Miller
noah at rosecompanies.com
Mon Mar 27 07:59:41 MST 2006
> I could ask why it can't authenticate against the key, but we've already been
> there.
>
> So, if I have 5 asterisk systems, and I want to have a different key on each,
> and each system has a user and a peer section, and I have to use different
> usernames... oh boy... this sounds like a horrible mess.
I've been using a setup of one user for "incoming" and many outgoing peers.
I'm not sure what the other poster meant that you can't do this. It works
just fine. One thing I'll mention, and maybe if the developers are reading
they can comment if this has changed, but in 1.0.x, and versions of CVS up
to at least 05/2005, changes to the users and peers in iax.conf would often
require a full restart to take effect.
I don't use RSA since my IAX links all go over IPSec tunnels, but here's
what my users and peers look like:
[iax-in]
type=user
secret=XXXX
context=extensions
trunk=no
tos=0x04
disallow=all
allow=gsm
[ast551-out]
type=peer
secret=XXXX
username=ast551
host=XX.XX.XX.XX
qualify=1000
disallow=all
allow=gsm
trunk=no
tos=0x04
[ast129-out]
type=peer
secret=XXXX
username=ast129
host=YY.YY.YY.YY
qualify=1000
disallow=all
allow=gsm
trunk=no
tos=0x04
etc....
- Noah
>> -----Original Message-----
>> From: Joshua Colp [mailto:joshnet at nbnet.nb.ca]
>> Sent: Saturday, March 25, 2006 12:19 PM
>> To: Asterisk Users Mailing List - Non-Commercial Discussion
>> Subject: RE: [Asterisk-Users] RE: IAX Incoming/Outgoing
>>
>>
>> It still needs to know the username so it knows what entry in
>> iax.conf to use for that information, such as the key to use.
>>
>> Joshua Colp
>>
>> ----- Original Message -----
>> From: Douglas Garstang
>> [mailto:dgarstang at oneeighty.com]
>> To: Asterisk Users Mailing List -
>> Non-Commercial Discussion [mailto:asterisk-users at lists.digium.com]
>> Sent:
>> Sat, 25 Mar 2006 15:15:24 -0400
>> Subject: RE: [Asterisk-Users] RE: IAX
>> Incoming/Outgoing
>>
>>
>>> Why do I need a username at all if I am doing rsa
>> authentication? Why
>>> doesn't it match against the key?
>>>
>>>> -----Original Message-----
>>>> From: Joshua Colp [mailto:joshnet at nbnet.nb.ca]
>>>> Sent: Saturday, March 25, 2006 12:11 PM
>>>> To: Asterisk Users Mailing List - Non-Commercial Discussion
>>>> Subject: RE: [Asterisk-Users] RE: IAX Incoming/Outgoing
>>>>
>>>>
>>>> You do realize you're not sending along a username so it's
>>>> using another method to try to discover the username you're
>>>> trying to authenticate as on the server side? Apparently not.
>>>>
>>>> IAX2/username_to_use at peer_entry_to_use/extension at context
>>>>
>>>> Joshua Colp
>>>>
>>>> ----- Original Message -----
>>>> From: Douglas Garstang
>>>> [mailto:dgarstang at oneeighty.com]
>>>> To: Asterisk Users Mailing List -
>>>> Non-Commercial Discussion [mailto:asterisk-users at lists.digium.com]
>>>> Sent:
>>>> Sat, 25 Mar 2006 14:55:28 -0400
>>>> Subject: RE: [Asterisk-Users] RE: IAX
>>>> Incoming/Outgoing
>>>>
>>>>
>>>>> Well, I just tried your approach. I broke them all up into
>>>> users/peers. Now
>>>>> it makes even LESS sense. The pbx1 system is connecting to
>>>> the pbx2 system,
>>>>> and according to the iax debug, is sending a username of
>>>> 'pbx3_in'. *lol*
>>>>>
>>>>> [pbx1_in]
>>>>> type=user
>>>>> auth=rsa
>>>>> inkeys=pbx1
>>>>> context=global_pbx_transfer
>>>>> deny=0.0.0.0
>>>>> permit=xxx.187.142.203
>>>>>
>>>>> [pbx1_out]
>>>>> type=peer
>>>>> auth=rsa
>>>>> outkey=pbx1
>>>>> host=pbx1.ipt.yyy.com
>>>>>
>>>>> [pbx2_in]
>>>>> type=user
>>>>> auth=rsa
>>>>> inkeys=pbx2
>>>>> context=global_pbx_transfer
>>>>> deny=0.0.0.0
>>>>> permit=xxx.187.142.204
>>>>>
>>>>> [pbx2_out]
>>>>> type=peer
>>>>> auth=rsa
>>>>> outkey=pbx1
>>>>> host=pbx2.ipt.yyy.com
>>>>>
>>>>> [pbx3_in]
>>>>> type=user
>>>>> auth=rsa
>>>>> inkeys=pbx3
>>>>> context=global_pbx_transfer
>>>>> deny=0.0.0.0
>>>>> permit=xxx.187.142.234
>>>>>
>>>>> [pbx3_out]
>>>>> type=peer
>>>>> auth=rsa
>>>>> outkey=pbx1
>>>>> host=pbx3.ipt.yyy.com
>>>>>
>>>>> Here's how I connect:
>>>>> exten =>
>>>>>
>> s-CHANUNAVAIL,1,Dial(IAX2/pbx2_out/${ARG1}@global_pbx_transfer,25,g)
>>>>>
>>>>> and here's the IAX debug:
>>>>> Tx-Frame Retry[000] -- OSeqno: 000 ISeqno: 000 Type: IAX
>>>> Subclass: NEW
>>>>>
>>>>> Timestamp: 00003ms SCall: 00001 DCall: 00000
>>>> [xxx.187.142.204:4569]
>>>>> VERSION : 2
>>>>> CALLED NUMBER : 2944099
>>>>> CODEC_PREFS : (ulaw|g729)
>>>>> CALLING NUMBER : 2944093
>>>>> CALLING PRESNTN : 0
>>>>> CALLING TYPEOFN : 0
>>>>> CALLING TRANSIT : 0
>>>>> CALLING NAME : Foo
>>>>> LANGUAGE : en
>>>>> CALLED CONTEXT : global_pbx_transfer
>>>>> FORMAT : 4
>>>>> CAPABILITY : 65535
>>>>> ADSICPE : 2
>>>>> DATE TIME : 2006-03-25 11:54:36
>>>>> hestia*CLI>
>>>>> -- Called pbx2_out/2944099 at global_pbx_transfer
>>>>> Rx-Frame Retry[ No] -- OSeqno: 000 ISeqno: 001 Type: IAX
>>>> Subclass: ACK
>>>>>
>>>>> Timestamp: 00003ms SCall: 00002 DCall: 00001
>>>> [xxx.187.142.204:4569]
>>>>> Rx-Frame Retry[ No] -- OSeqno: 000 ISeqno: 001 Type: IAX
>>>> Subclass:
>>>>> AUTHREQ
>>>>> Timestamp: 00005ms SCall: 00002 DCall: 00001
>>>> [xxx.187.142.204:4569]
>>>>> AUTHMETHODS : 4
>>>>> CHALLENGE : 129428696
>>>>> USERNAME : pbx3_in <---- WHAT THE HELL
>>>> IS THIS DOING
>>>>> HERE?
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>> -----Original Message-----
>>>>>> From: Brian Capouch [mailto:brianc at palaver.net]
>>>>>> Sent: Saturday, March 25, 2006 11:46 AM
>>>>>> To: Asterisk Users Mailing List - Non-Commercial Discussion
>>>>>> Subject: Re: [Asterisk-Users] RE: IAX Incoming/Outgoing
>>>>>>
>>>>>>
>>>>>> Douglas Garstang wrote:
>>>>>>> This is INSANE! My calling system has this iax.conf:
>>>>>>>
>>>>>>
>>>>>> Search the archives for mails about separating
>>>>>> originations/terminations
>>>>>> by removing all friends and setting up the various
>>>>>> interoperating boxes
>>>>>> in a peer-user arrangement.
>>>>>>
>>>>>> I am pretty certain there are archived mails that urge
>>>> people who use
>>>>>> IAX to do that, and indicating that the various possible
>>>> ambiguities
>>>>>> with IAX friends is not a Good Thing.
>>>>>>
>>>>>> That would seem borne out by your experiences.
>>>>>>
>>>>>> I would also follow the time-honored programming technique of
>>>>>> removing
>>>>>> many of your constraints (keys, allow/disallows, etc.) in
>>>> order to
>>>>>> remove as many causes of uncertainty as possible. Then once
>>>>>> the boxes
>>>>>> are talking those things can be added back in a controlled
>>>>>> manner. To
>>>>>> my eyes your configurations have an awful lot of
>> variable factors.
>>>>>>
>>>>>> Just where the insanity lies is another issue, which I don't
>>>>>> care to get
>>>>>> into at the present time :-)
>>>>>>
>>>>>> B.
>>>>>> _______________________________________________
>>>>>> --Bandwidth and Colocation provided by Easynews.com --
>>>>>>
>>>>>> Asterisk-Users mailing list
>>>>>> To UNSUBSCRIBE or update options visit:
>>>>>> http://lists.digium.com/mailman/listinfo/asterisk-users
>>>>>>
>>>>> _______________________________________________
>>>>> --Bandwidth and Colocation provided by Easynews.com --
>>>>>
>>>>> Asterisk-Users mailing list
>>>>> To UNSUBSCRIBE or update options visit:
>>>>> http://lists.digium.com/mailman/listinfo/asterisk-users
>>>>>
>>>> _______________________________________________
>>>> --Bandwidth and Colocation provided by Easynews.com --
>>>>
>>>> Asterisk-Users mailing list
>>>> To UNSUBSCRIBE or update options visit:
>>>> http://lists.digium.com/mailman/listinfo/asterisk-users
>>>>
>>> _______________________________________________
>>> --Bandwidth and Colocation provided by Easynews.com --
>>>
>>> Asterisk-Users mailing list
>>> To UNSUBSCRIBE or update options visit:
>>> http://lists.digium.com/mailman/listinfo/asterisk-users
>>>
>> _______________________________________________
>> --Bandwidth and Colocation provided by Easynews.com --
>>
>> Asterisk-Users mailing list
>> To UNSUBSCRIBE or update options visit:
>> http://lists.digium.com/mailman/listinfo/asterisk-users
More information about the asterisk-users
mailing list