[asterisk-users] Iax bug ?

Jean-Baptiste Bellet jbb at lucyde.com
Fri Oct 27 05:48:35 MST 2006 

Thanks a lot.
I think UNAUTHENTICATED call is the source of my problems.
How I can solve it ?
Because allowguest is a sip.conf option ...
jb

Marco Mouta a écrit :
> Hi,
> 
> I think i found your problem, look that in your debug you have, -
> Accepting UNAUTHENTICATED call from 10.0.0.160:
> 
> Take a look on incoming call authentication, and how asterisk handles this:
> 
> http://www.voip-info.org/wiki/view/Asterisk+IAX+authentication
> 
> Incoming Connections
> When Asterisk receives an incoming IAX connection, the initial call
> information can include a username (in the IAX2 USERNAME field) or
> not. In addition, the incoming connection has a source IP address that
> Asterisk can use for authentication as well.
> 
> If a username is supplied, Asterisk does the following:
> 
>    * Search iax.conf for a "type=user" entry with a section name (eg
> [username]) matching the supplied username; if no matching entry is
> found, refuse the connection.
>    * If the found entry has allow and/or deny settings, compare the
> IP address of the caller to these lists. If the connection is not
> allowed, refuse the connection.
>    * Perform the desired secret checking (plaintext, md5 or rsa); if
> it fails, refuse the connection.
>    * Accept the connection and send the caller to the context
> specified in the "context" setting for this iax.conf entry.
> 
> If a username is not supplied, Asterisk does the following:
> 
>    * Search for a "type=user" entry in iax.conf with no secret
> specified and also allow and/or deny restrictions that do not restrict
> the caller from connecting. If such an entry is found, accept the
> connection, and use the name of the found iax.conf entry as the
> connecting username.
>    * Search for a "type=user" entry in iax.conf with no secret
> specified and no allow and/or deny restrictions at all. If such an
> entry is found, accept the connection. and use the name of the found
> iax.conf entry as the connecting username.
>    * Search for a "type=user" entry in iax.conf with a secret (or RSA
> key) specified and also allow and/or deny restrictions that do not
> restrict the caller from connecting. If such an entry is found,
> attempt to authenticate the caller using the specified secret or key,
> and if that passes, accept the connection, and use the name of the
> found iax.conf entry as the connecting username.
>    * Search for a "type=user" entry in iax.conf with a secret (or RSA
> key) specified and no allow and/or deny restrictions at all. If such
> an entry is found, attempt to authenticate the caller using the
> specified secret or key, and if that passes, accept the connection,
> and use the name of the found iax.conf entry as the connecting
> username.
> 
> 
> Hope this helps!
> 
> I didn't read all, but what i guess is: the incoming call isn't being
> correctly authenticated, so can't go to VOIP1 as you desire, then as
> is mention above:
> 
> "Search for a "type=user" entry in iax.conf with no secret specified
> and no allow and/or deny restrictions at all. If such an entry is
> found, accept the connection. and use the name of the found iax.conf
> entry as the connecting username."
> 
> 
> Pls give some feedback if you solved the problem.
> 
> 
> 
> 
> 
> 
> 
> 
> 
> On 10/27/06, Marco Mouta <marco.mouta at gmail.com> wrote:
>> Hi,
>>
>> Unfortunately i'm not able to debug this with you now :( I'm busy.
>>
>> [VOIP1]
>> type=friend
>> host=10.0.0.160
>> auth=rsa
>> secret=
>> >>This secret empty is this allowed?
>> inkey=voip3
>> outkey=voip1
>> context=CONTEXT_VOIP1
>> allow=all
>> ipaddr=10.0.0.160
>> port=4569
>> qualify=yes
>> trunk=yes
>>
>> Try a simple test with this, and then step by step go to rsa 
>> authentication.
>>
>> http://astrecipes.net/index.php?n=204
>>
>> If in troubles, post here i'll try to help you
>>
>> By the way, to understand much better what's going on i would
>> recommend you to not use type=friend and use type=user and type=peer.
>>
>>
>>
>> On 10/27/06, Jean-Baptiste Bellet <jbb at lucyde.com> wrote:
>> > Here the .160's iax.conf file :
>> > [general]
>> > bandwidth=high
>> > tos=reliability
>> > bandwidth=low
>> > disallow=all                    ; Icky sound quality...  Mr. Roboto.
>> > allow=alaw                      ; Always allow GSM, it's cool :)
>> > jitterbuffer=no
>> > forcejitterbuffer=no
>> > tos=lowdelay
>> > autokill=yes
>> >
>> > [VOIP1]
>> > type=friend
>> > host=10.0.0.184
>> > auth=rsa
>> > inkey=voip3
>> > outkey=voip1
>> > context=VOIPLINK3
>> > qualify=10000
>> > trunk=yes
>> > allow=all
>> >
>> > How .160 call .184 :
>> >
>> > exten => _1XXX,1,Dial(IAX2/VOIP1/${EXTEN:1:4})
>> >
>> > How .184 call .160 :
>> >
>> > exten => _1XXX,1,Dial(IAX2/VOIP1/${EXTEN:1:4})
>> > (the same)
>> >
>> > Thanks,
>> > jb
>> >
>> >
>> > Marco Mouta a écrit :
>> > > pls post iax.conf of Both machines , as well as your dial() string on
>> > > both servers to connect each other.
>> > >
>> > > That way would be easier to help you.
>> > >
>> > > On 10/27/06, Jean-Baptiste Bellet <jbb at lucyde.com> wrote:
>> > >> Hello,
>> > >>
>> > >> I'm french, so excuse my poor English.
>> > >> I'm face to a terrible thing, with has stole a lot of my time.
>> > >> On the .184 machine, I've the following iax.conf :
>> > >>
>> > >> [general]
>> > >> rtcachefriends=yes
>> > >> bandwidth=high
>> > >> tos=reliability
>> > >> jitterbuffer=no
>> > >> autokill=yes
>> > >>
>> > >> #include "iax.voip1.conf"
>> > >> #include "iax.renoir.conf"
>> > >>
>> > >> The iax.voip1.conf file contains :
>> > >>
>> > >> [VOIP1]
>> > >> type=friend
>> > >> host=10.0.0.160
>> > >> auth=rsa
>> > >> secret=
>> > >> inkey=voip3
>> > >> outkey=voip1
>> > >> context=CONTEXT_VOIP1
>> > >> allow=all
>> > >> ipaddr=10.0.0.160
>> > >> port=4569
>> > >> qualify=yes
>> > >> trunk=yes
>> > >>
>> > >>
>> > >> The iax.renoir.conf file contains :
>> > >>
>> > >> [VOIP_RENOIR]
>> > >> type=friend
>> > >> host=renoir.lucyde
>> > >> auth=rsa
>> > >> inkey=key_184
>> > >> outkey=key_Renoir
>> > >> context=CONTEXT_RENOIR
>> > >> trunk=yes
>> > >> allow=gsm
>> > >>
>> > >> Thanks to the variable context, when .184 receive a call from 
>> .160, this
>> > >> call should be executed in the CONTEXT_VOIP1. In fact the call is
>> > >> executed in the CONTEXT_RENOIR. Exactly (with a lot of test and 
>> debug),
>> > >> the call is executed in the context of the last section's context 
>> of the
>> > >> iax.conf file (e.g. CONTEXT_RENOIR here).
>> > >>
>> > >> Anyone who has any idea ?
>> > >> Thanks,
>> > >> jb
>> > >>
>> > >>
>> > >> PS :
>> > >> (The debug in the .184 machine :
>> > >>
>> > >>    -- Accepting UNAUTHENTICATED call from 10.0.0.160:
>> > >>         > requested format = ulaw,
>> > >>         > requested prefs = (alaw),
>> > >>         > actual format = gsm,
>> > >>         > host prefs = (gsm),
>> > >>         > priority = mine
>> > >>      -- Executing NoOp("IAX2/10.0.0.160:4569-1", "I'm in
>> > >> CONTEXT_RENOIR") in new stack
>> > >>      -- Executing Macro("IAX2/10.0.0.160:4569-1", 
>> "check_forward|106")
>> > >> in new stack
>> > >>
>> > >> with the following extensions.conf :
>> > >>
>> > >> [CONTEXT_VOIP1]
>> > >> exten => _X.,1,NoOp(I'm in CONTEXT_VOIP1)
>> > >> exten => _X.,2,Macro(check_forward,${EXTEN})
>> > >>
>> > >> [CONTEXT_RENOIR]
>> > >> exten => _X.,1,NoOp(I'm in CONTEXT_RENOIR)
>> > >> exten => _X.,2,Macro(check_forward,${EXTEN})
>> > >> )
>> > >>
>> > >>
>> > >> _______________________________________________
>> > >> --Bandwidth and Colocation provided by Easynews.com --
>> > >>
>> > >> asterisk-users mailing list
>> > >> To UNSUBSCRIBE or update options visit:
>> > >>    http://lists.digium.com/mailman/listinfo/asterisk-users
>> > >>
>> > >
>> > >
>> >
>> > --
>> > Jean-Baptiste Bellet
>> > Ingénieur Développpement
>> > Lucyde SAS
>> > Prologue 1 - La Pyrénéenne BP 27201 LABEGE cedex
>> > +33 (0)5 34 31 86 36
>> > http://www.lucyde.com
>> > _______________________________________________
>> > --Bandwidth and Colocation provided by Easynews.com --
>> >
>> > asterisk-users mailing list
>> > To UNSUBSCRIBE or update options visit:
>> >    http://lists.digium.com/mailman/listinfo/asterisk-users
>> >
>>
>>
>> -- 
>> Com os melhores cumprimentos,
>>
>> Marco Mouta
>>
> 
> 

-- 
Jean-Baptiste Bellet
Ingénieur Développpement
Lucyde SAS
Prologue 1 - La Pyrénéenne BP 27201 LABEGE cedex
+33 (0)5 34 31 86 36
http://www.lucyde.com

More information about the asterisk-users mailing list