[asterisk-users] Iax bug ?

Marco Mouta marco.mouta at gmail.com
Fri Oct 27 06:41:14 MST 2006


Why r u using rsa authentication? you should start with something
simple. test the link i sent u.

On 10/27/06, Jean-Baptiste Bellet <jbb at lucyde.com> wrote:
> Thanks a lot.
> I think UNAUTHENTICATED call is the source of my problems.
> How I can solve it ?
> Because allowguest is a sip.conf option ...
> jb
>
> Marco Mouta a écrit :
> > Hi,
> >
> > I think i found your problem, look that in your debug you have, -
> > Accepting UNAUTHENTICATED call from 10.0.0.160:
> >
> > Take a look on incoming call authentication, and how asterisk handles this:
> >
> > http://www.voip-info.org/wiki/view/Asterisk+IAX+authentication
> >
> > Incoming Connections
> > When Asterisk receives an incoming IAX connection, the initial call
> > information can include a username (in the IAX2 USERNAME field) or
> > not. In addition, the incoming connection has a source IP address that
> > Asterisk can use for authentication as well.
> >
> > If a username is supplied, Asterisk does the following:
> >
> >    * Search iax.conf for a "type=user" entry with a section name (eg
> > [username]) matching the supplied username; if no matching entry is
> > found, refuse the connection.
> >    * If the found entry has allow and/or deny settings, compare the
> > IP address of the caller to these lists. If the connection is not
> > allowed, refuse the connection.
> >    * Perform the desired secret checking (plaintext, md5 or rsa); if
> > it fails, refuse the connection.
> >    * Accept the connection and send the caller to the context
> > specified in the "context" setting for this iax.conf entry.
> >
> > If a username is not supplied, Asterisk does the following:
> >
> >    * Search for a "type=user" entry in iax.conf with no secret
> > specified and also allow and/or deny restrictions that do not restrict
> > the caller from connecting. If such an entry is found, accept the
> > connection, and use the name of the found iax.conf entry as the
> > connecting username.
> >    * Search for a "type=user" entry in iax.conf with no secret
> > specified and no allow and/or deny restrictions at all. If such an
> > entry is found, accept the connection. and use the name of the found
> > iax.conf entry as the connecting username.
> >    * Search for a "type=user" entry in iax.conf with a secret (or RSA
> > key) specified and also allow and/or deny restrictions that do not
> > restrict the caller from connecting. If such an entry is found,
> > attempt to authenticate the caller using the specified secret or key,
> > and if that passes, accept the connection, and use the name of the
> > found iax.conf entry as the connecting username.
> >    * Search for a "type=user" entry in iax.conf with a secret (or RSA
> > key) specified and no allow and/or deny restrictions at all. If such
> > an entry is found, attempt to authenticate the caller using the
> > specified secret or key, and if that passes, accept the connection,
> > and use the name of the found iax.conf entry as the connecting
> > username.
> >
> >
> > Hope this helps!
> >
> > I didn't read all, but what i guess is: the incoming call isn't being
> > correctly authenticated, so can't go to VOIP1 as you desire, then as
> > is mention above:
> >
> > "Search for a "type=user" entry in iax.conf with no secret specified
> > and no allow and/or deny restrictions at all. If such an entry is
> > found, accept the connection. and use the name of the found iax.conf
> > entry as the connecting username."
> >
> >
> > Pls give some feedback if you solved the problem.
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > On 10/27/06, Marco Mouta <marco.mouta at gmail.com> wrote:
> >> Hi,
> >>
> >> Unfortunately i'm not able to debug this with you now :( I'm busy.
> >>
> >> [VOIP1]
> >> type=friend
> >> host=10.0.0.160
> >> auth=rsa
> >> secret=
> >> >>This secret empty is this allowed?
> >> inkey=voip3
> >> outkey=voip1
> >> context=CONTEXT_VOIP1
> >> allow=all
> >> ipaddr=10.0.0.160
> >> port=4569
> >> qualify=yes
> >> trunk=yes
> >>
> >> Try a simple test with this, and then step by step go to rsa
> >> authentication.
> >>
> >> http://astrecipes.net/index.php?n=204
> >>
> >> If in troubles, post here i'll try to help you
> >>
> >> By the way, to understand much better what's going on i would
> >> recommend you to not use type=friend and use type=user and type=peer.
> >>
> >>
> >>
> >> On 10/27/06, Jean-Baptiste Bellet <jbb at lucyde.com> wrote:
> >> > Here the .160's iax.conf file :
> >> > [general]
> >> > bandwidth=high
> >> > tos=reliability
> >> > bandwidth=low
> >> > disallow=all                    ; Icky sound quality...  Mr. Roboto.
> >> > allow=alaw                      ; Always allow GSM, it's cool :)
> >> > jitterbuffer=no
> >> > forcejitterbuffer=no
> >> > tos=lowdelay
> >> > autokill=yes
> >> >
> >> > [VOIP1]
> >> > type=friend
> >> > host=10.0.0.184
> >> > auth=rsa
> >> > inkey=voip3
> >> > outkey=voip1
> >> > context=VOIPLINK3
> >> > qualify=10000
> >> > trunk=yes
> >> > allow=all
> >> >
> >> > How .160 call .184 :
> >> >
> >> > exten => _1XXX,1,Dial(IAX2/VOIP1/${EXTEN:1:4})
> >> >
> >> > How .184 call .160 :
> >> >
> >> > exten => _1XXX,1,Dial(IAX2/VOIP1/${EXTEN:1:4})
> >> > (the same)
> >> >
> >> > Thanks,
> >> > jb
> >> >
> >> >
> >> > Marco Mouta a écrit :
> >> > > pls post iax.conf of Both machines , as well as your dial() string on
> >> > > both servers to connect each other.
> >> > >
> >> > > That way would be easier to help you.
> >> > >
> >> > > On 10/27/06, Jean-Baptiste Bellet <jbb at lucyde.com> wrote:
> >> > >> Hello,
> >> > >>
> >> > >> I'm french, so excuse my poor English.
> >> > >> I'm face to a terrible thing, with has stole a lot of my time.
> >> > >> On the .184 machine, I've the following iax.conf :
> >> > >>
> >> > >> [general]
> >> > >> rtcachefriends=yes
> >> > >> bandwidth=high
> >> > >> tos=reliability
> >> > >> jitterbuffer=no
> >> > >> autokill=yes
> >> > >>
> >> > >> #include "iax.voip1.conf"
> >> > >> #include "iax.renoir.conf"
> >> > >>
> >> > >> The iax.voip1.conf file contains :
> >> > >>
> >> > >> [VOIP1]
> >> > >> type=friend
> >> > >> host=10.0.0.160
> >> > >> auth=rsa
> >> > >> secret=
> >> > >> inkey=voip3
> >> > >> outkey=voip1
> >> > >> context=CONTEXT_VOIP1
> >> > >> allow=all
> >> > >> ipaddr=10.0.0.160
> >> > >> port=4569
> >> > >> qualify=yes
> >> > >> trunk=yes
> >> > >>
> >> > >>
> >> > >> The iax.renoir.conf file contains :
> >> > >>
> >> > >> [VOIP_RENOIR]
> >> > >> type=friend
> >> > >> host=renoir.lucyde
> >> > >> auth=rsa
> >> > >> inkey=key_184
> >> > >> outkey=key_Renoir
> >> > >> context=CONTEXT_RENOIR
> >> > >> trunk=yes
> >> > >> allow=gsm
> >> > >>
> >> > >> Thanks to the variable context, when .184 receive a call from
> >> .160, this
> >> > >> call should be executed in the CONTEXT_VOIP1. In fact the call is
> >> > >> executed in the CONTEXT_RENOIR. Exactly (with a lot of test and
> >> debug),
> >> > >> the call is executed in the context of the last section's context
> >> of the
> >> > >> iax.conf file (e.g. CONTEXT_RENOIR here).
> >> > >>
> >> > >> Anyone who has any idea ?
> >> > >> Thanks,
> >> > >> jb
> >> > >>
> >> > >>
> >> > >> PS :
> >> > >> (The debug in the .184 machine :
> >> > >>
> >> > >>    -- Accepting UNAUTHENTICATED call from 10.0.0.160:
> >> > >>         > requested format = ulaw,
> >> > >>         > requested prefs = (alaw),
> >> > >>         > actual format = gsm,
> >> > >>         > host prefs = (gsm),
> >> > >>         > priority = mine
> >> > >>      -- Executing NoOp("IAX2/10.0.0.160:4569-1", "I'm in
> >> > >> CONTEXT_RENOIR") in new stack
> >> > >>      -- Executing Macro("IAX2/10.0.0.160:4569-1",
> >> "check_forward|106")
> >> > >> in new stack
> >> > >>
> >> > >> with the following extensions.conf :
> >> > >>
> >> > >> [CONTEXT_VOIP1]
> >> > >> exten => _X.,1,NoOp(I'm in CONTEXT_VOIP1)
> >> > >> exten => _X.,2,Macro(check_forward,${EXTEN})
> >> > >>
> >> > >> [CONTEXT_RENOIR]
> >> > >> exten => _X.,1,NoOp(I'm in CONTEXT_RENOIR)
> >> > >> exten => _X.,2,Macro(check_forward,${EXTEN})
> >> > >> )
> >> > >>
> >> > >>
> >> > >> _______________________________________________
> >> > >> --Bandwidth and Colocation provided by Easynews.com --
> >> > >>
> >> > >> asterisk-users mailing list
> >> > >> To UNSUBSCRIBE or update options visit:
> >> > >>    http://lists.digium.com/mailman/listinfo/asterisk-users
> >> > >>
> >> > >
> >> > >
> >> >
> >> > --
> >> > Jean-Baptiste Bellet
> >> > Ingénieur Développpement
> >> > Lucyde SAS
> >> > Prologue 1 - La Pyrénéenne BP 27201 LABEGE cedex
> >> > +33 (0)5 34 31 86 36
> >> > http://www.lucyde.com
> >> > _______________________________________________
> >> > --Bandwidth and Colocation provided by Easynews.com --
> >> >
> >> > asterisk-users mailing list
> >> > To UNSUBSCRIBE or update options visit:
> >> >    http://lists.digium.com/mailman/listinfo/asterisk-users
> >> >
> >>
> >>
> >> --
> >> Com os melhores cumprimentos,
> >>
> >> Marco Mouta
> >>
> >
> >
>
> --
> Jean-Baptiste Bellet
> Ingénieur Développpement
> Lucyde SAS
> Prologue 1 - La Pyrénéenne BP 27201 LABEGE cedex
> +33 (0)5 34 31 86 36
> http://www.lucyde.com
> _______________________________________________
> --Bandwidth and Colocation provided by Easynews.com --
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users
>


-- 
Com os melhores cumprimentos,

Marco Mouta


More information about the asterisk-users mailing list