[asterisk-users] Iax bug ?

Marco Mouta marco.mouta at gmail.com
Fri Oct 27 03:11:42 MST 2006 

Hi,

I think i found your problem, look that in your debug you have, -
Accepting UNAUTHENTICATED call from 10.0.0.160:

Take a look on incoming call authentication, and how asterisk handles this:

http://www.voip-info.org/wiki/view/Asterisk+IAX+authentication

Incoming Connections
When Asterisk receives an incoming IAX connection, the initial call
information can include a username (in the IAX2 USERNAME field) or
not. In addition, the incoming connection has a source IP address that
Asterisk can use for authentication as well.

If a username is supplied, Asterisk does the following:

    * Search iax.conf for a "type=user" entry with a section name (eg
[username]) matching the supplied username; if no matching entry is
found, refuse the connection.
    * If the found entry has allow and/or deny settings, compare the
IP address of the caller to these lists. If the connection is not
allowed, refuse the connection.
    * Perform the desired secret checking (plaintext, md5 or rsa); if
it fails, refuse the connection.
    * Accept the connection and send the caller to the context
specified in the "context" setting for this iax.conf entry.

If a username is not supplied, Asterisk does the following:

    * Search for a "type=user" entry in iax.conf with no secret
specified and also allow and/or deny restrictions that do not restrict
the caller from connecting. If such an entry is found, accept the
connection, and use the name of the found iax.conf entry as the
connecting username.
    * Search for a "type=user" entry in iax.conf with no secret
specified and no allow and/or deny restrictions at all. If such an
entry is found, accept the connection. and use the name of the found
iax.conf entry as the connecting username.
    * Search for a "type=user" entry in iax.conf with a secret (or RSA
key) specified and also allow and/or deny restrictions that do not
restrict the caller from connecting. If such an entry is found,
attempt to authenticate the caller using the specified secret or key,
and if that passes, accept the connection, and use the name of the
found iax.conf entry as the connecting username.
    * Search for a "type=user" entry in iax.conf with a secret (or RSA
key) specified and no allow and/or deny restrictions at all. If such
an entry is found, attempt to authenticate the caller using the
specified secret or key, and if that passes, accept the connection,
and use the name of the found iax.conf entry as the connecting
username.


Hope this helps!

I didn't read all, but what i guess is: the incoming call isn't being
correctly authenticated, so can't go to VOIP1 as you desire, then as
is mention above:

"Search for a "type=user" entry in iax.conf with no secret specified
and no allow and/or deny restrictions at all. If such an entry is
found, accept the connection. and use the name of the found iax.conf
entry as the connecting username."


Pls give some feedback if you solved the problem.









On 10/27/06, Marco Mouta <marco.mouta at gmail.com> wrote:
> Hi,
>
> Unfortunately i'm not able to debug this with you now :( I'm busy.
>
> [VOIP1]
> type=friend
> host=10.0.0.160
> auth=rsa
> secret=
> >>This secret empty is this allowed?
> inkey=voip3
> outkey=voip1
> context=CONTEXT_VOIP1
> allow=all
> ipaddr=10.0.0.160
> port=4569
> qualify=yes
> trunk=yes
>
> Try a simple test with this, and then step by step go to rsa authentication.
>
> http://astrecipes.net/index.php?n=204
>
> If in troubles, post here i'll try to help you
>
> By the way, to understand much better what's going on i would
> recommend you to not use type=friend and use type=user and type=peer.
>
>
>
> On 10/27/06, Jean-Baptiste Bellet <jbb at lucyde.com> wrote:
> > Here the .160's iax.conf file :
> > [general]
> > bandwidth=high
> > tos=reliability
> > bandwidth=low
> > disallow=all                    ; Icky sound quality...  Mr. Roboto.
> > allow=alaw                      ; Always allow GSM, it's cool :)
> > jitterbuffer=no
> > forcejitterbuffer=no
> > tos=lowdelay
> > autokill=yes
> >
> > [VOIP1]
> > type=friend
> > host=10.0.0.184
> > auth=rsa
> > inkey=voip3
> > outkey=voip1
> > context=VOIPLINK3
> > qualify=10000
> > trunk=yes
> > allow=all
> >
> > How .160 call .184 :
> >
> > exten => _1XXX,1,Dial(IAX2/VOIP1/${EXTEN:1:4})
> >
> > How .184 call .160 :
> >
> > exten => _1XXX,1,Dial(IAX2/VOIP1/${EXTEN:1:4})
> > (the same)
> >
> > Thanks,
> > jb
> >
> >
> > Marco Mouta a écrit :
> > > pls post iax.conf of Both machines , as well as your dial() string on
> > > both servers to connect each other.
> > >
> > > That way would be easier to help you.
> > >
> > > On 10/27/06, Jean-Baptiste Bellet <jbb at lucyde.com> wrote:
> > >> Hello,
> > >>
> > >> I'm french, so excuse my poor English.
> > >> I'm face to a terrible thing, with has stole a lot of my time.
> > >> On the .184 machine, I've the following iax.conf :
> > >>
> > >> [general]
> > >> rtcachefriends=yes
> > >> bandwidth=high
> > >> tos=reliability
> > >> jitterbuffer=no
> > >> autokill=yes
> > >>
> > >> #include "iax.voip1.conf"
> > >> #include "iax.renoir.conf"
> > >>
> > >> The iax.voip1.conf file contains :
> > >>
> > >> [VOIP1]
> > >> type=friend
> > >> host=10.0.0.160
> > >> auth=rsa
> > >> secret=
> > >> inkey=voip3
> > >> outkey=voip1
> > >> context=CONTEXT_VOIP1
> > >> allow=all
> > >> ipaddr=10.0.0.160
> > >> port=4569
> > >> qualify=yes
> > >> trunk=yes
> > >>
> > >>
> > >> The iax.renoir.conf file contains :
> > >>
> > >> [VOIP_RENOIR]
> > >> type=friend
> > >> host=renoir.lucyde
> > >> auth=rsa
> > >> inkey=key_184
> > >> outkey=key_Renoir
> > >> context=CONTEXT_RENOIR
> > >> trunk=yes
> > >> allow=gsm
> > >>
> > >> Thanks to the variable context, when .184 receive a call from .160, this
> > >> call should be executed in the CONTEXT_VOIP1. In fact the call is
> > >> executed in the CONTEXT_RENOIR. Exactly (with a lot of test and debug),
> > >> the call is executed in the context of the last section's context of the
> > >> iax.conf file (e.g. CONTEXT_RENOIR here).
> > >>
> > >> Anyone who has any idea ?
> > >> Thanks,
> > >> jb
> > >>
> > >>
> > >> PS :
> > >> (The debug in the .184 machine :
> > >>
> > >>    -- Accepting UNAUTHENTICATED call from 10.0.0.160:
> > >>         > requested format = ulaw,
> > >>         > requested prefs = (alaw),
> > >>         > actual format = gsm,
> > >>         > host prefs = (gsm),
> > >>         > priority = mine
> > >>      -- Executing NoOp("IAX2/10.0.0.160:4569-1", "I'm in
> > >> CONTEXT_RENOIR") in new stack
> > >>      -- Executing Macro("IAX2/10.0.0.160:4569-1", "check_forward|106")
> > >> in new stack
> > >>
> > >> with the following extensions.conf :
> > >>
> > >> [CONTEXT_VOIP1]
> > >> exten => _X.,1,NoOp(I'm in CONTEXT_VOIP1)
> > >> exten => _X.,2,Macro(check_forward,${EXTEN})
> > >>
> > >> [CONTEXT_RENOIR]
> > >> exten => _X.,1,NoOp(I'm in CONTEXT_RENOIR)
> > >> exten => _X.,2,Macro(check_forward,${EXTEN})
> > >> )
> > >>
> > >>
> > >> _______________________________________________
> > >> --Bandwidth and Colocation provided by Easynews.com --
> > >>
> > >> asterisk-users mailing list
> > >> To UNSUBSCRIBE or update options visit:
> > >>    http://lists.digium.com/mailman/listinfo/asterisk-users
> > >>
> > >
> > >
> >
> > --
> > Jean-Baptiste Bellet
> > Ingénieur Développpement
> > Lucyde SAS
> > Prologue 1 - La Pyrénéenne BP 27201 LABEGE cedex
> > +33 (0)5 34 31 86 36
> > http://www.lucyde.com
> > _______________________________________________
> > --Bandwidth and Colocation provided by Easynews.com --
> >
> > asterisk-users mailing list
> > To UNSUBSCRIBE or update options visit:
> >    http://lists.digium.com/mailman/listinfo/asterisk-users
> >
>
>
> --
> Com os melhores cumprimentos,
>
> Marco Mouta
>


-- 
Com os melhores cumprimentos,

Marco Mouta

More information about the asterisk-users mailing list