[asterisk-users] [Copfilter] Copy of quarantined email - * SPAM * [6.0/6.0] IAX2 client asked to authenticate against wrong

Tue Feb 19 03:43:09 CST 2008

Problem:
When I have more than one IAX2 connection (on server zuiderven), I have
problems in receiving calls from IAX peers except for the first in the
list as seen by the iax2 show peers command.

In my tests it showed that by removing one by one the entries from the
iax.conf file in the order as they were showed. It tried to authenticate
to the next. Eventually after removing all but the "groetstraat" it
finally worked for this peer.

While tracing the information with iax2 set debug, I had the impression
that the receiving asterisk server told the one that tried to set up the
call in the AUTHREQ package which username to use to authenticate in the
challenge. This server ofcourse does not know how to do that on the
wrong username.

Below is configuration information as well as a little iax2 debug
information.

My question is, what is missing in the iax2 configuration that this is
happening. This problem started when I added the groetstraat configuration.

TIA,

Hans Feringa

zuiderven asterisk = 1.4.18 (compiled from source)
groetstraat asterisk = 1.4.10 (ubuntu repository)

This is the local (zuiderven) iax.conf:

register => ******:******@**.**.**.**
register => 8*****:******@iax2.fwdnet.net
register => 8*****:******@iax2.fwdnet.net

[groetstraat]
type=friend
context=groetstraat-in
host=dynamic
trunk=no
qualify=yes
secret=********
disallow=all
allow=ulaw
allow=alaw

[iaxfwd]
type=user
context=iaxfwd
auth=rsa
inkeys=freeworlddialup
disallow=all
allow=ulaw
allow=alaw
allow=gsm
allow=ilbc
allow=g726

[iaxfwd]
type=peer
host=iax2.fwd.net
username=*****
secret=*******
qualify=yes
disallow=all
allow=ulaw
allow=alaw
allow=gsm
allow=ilbc
allow=g726

[ordina-pc]
type=friend
context=home
host=dynamic
nat=yes
qualify=yes
username=*****
secret=****
disallow=all
allow=ulaw
allow=alaw

And this is the remote (groetstraat) iax.conf:

[general]
autokill=yes
externip=8x.x.x.x
jitterbuffer=no
forcejitterbuffer=no
tos=ef

register => ******:*****@zuiderven-ip

[zuiderven]
type=friend
context=zuiderven-in
host=dynamic
trunk=no
qualify=yes
secret=*******
deny=0.0.0.0/0.0.0.0
permit=8x.x.x.x/255.255.255.255
disallow=all
allow=ulaw
allow=alaw
allow=gsm

zuiderven:
asterisk*CLI> iax2 show peers
Name/Username    Host                 Mask             Port
Status
ordina-pc/*****  (Unspecified)   (D)  255.255.255.255  0
UNKNOWN
iaxfwd/8*****    (Unspecified)   (S)  255.255.255.255  4569
UNKNOWN
groetstraat      **.**.**.**     (D)  255.255.255.255  4569          OK
(26 ms)
3 iax2 peers [1 online, 2 offline, 0 unmonitored]

Call from groetstraat results in:
[Feb  9 08:51:07] NOTICE[11030]: chan_iax2.c:7761 socket_process: Host
**.**.**.** failed to authenticate as ordina-pc

This is not the peer it should authenticate as.

Debugging iax2, I get the impression that the receiving server tells the
remote asterisk to authenticate against this wrong name. Ofcourse it
does not know how to, and the call fails.

In the packet from te receiving asterisk server I see:

Rx-Frame Retry[ No] -- OSeqno: 000 ISeqno: 000 Type: IAX     Subclass:
NEW
   Timestamp: 00016ms  SCall: 00002  DCall: 00000 [groetstraat-ip:4569]
   VERSION         : 2
   CALLED NUMBER   : 3815
   CODEC_PREFS     : (ulaw|alaw)
   CALLING NUMBER  : 087875****
   CALLING PRESNTN : 0
   CALLING TYPEOFN : 0
   CALLING TRANSIT : 0
   CALLING NAME    : asterisk
   LANGUAGE        : nl
   FORMAT          : 4
   CAPABILITY      : 57356
   ADSICPE         : 2
   DATE TIME       : 2008-02-09  09:34:18

Tx-Frame Retry[000] -- OSeqno: 000 ISeqno: 001 Type: IAX     Subclass:
AUTHREQ
   Timestamp: 00007ms  SCall: 00001  DCall: 00002 [groetstraat-ip:4569]
   AUTHMETHODS     : 3
   CHALLENGE       : 208379767
   USERNAME        : ordina-pc
asterisk*CLI>
Rx-Frame Retry[ No] -- OSeqno: 001 ISeqno: 001 Type: IAX     Subclass:
AUTHREP
   Timestamp: 00039ms  SCall: 00002  DCall: 00001 [groetstraat-ip:4569]
   MD5 RESULT      : 57ac54c7782a8db29baff75086a07dfb

[Feb  9 09:36:44] NOTICE[11030]: chan_iax2.c:7761 socket_process: Host
groetstraat-ip failed to authenticate as ordina-pc

Tx-Frame Retry[-01] -- OSeqno: 001 ISeqno: 002 Type: IAX     Subclass:
ACK
   Timestamp: 00039ms  SCall: 00001  DCall: 00002 [groetstraat-ip:4569]
Tx-Frame Retry[000] -- OSeqno: 001 ISeqno: 002 Type: IAX     Subclass:
REJECT
   Timestamp: 00024ms  SCall: 00001  DCall: 00002 [groetstraat-ip:4569]
   CAUSE           : No authority found
   CAUSE CODE      : 50
asterisk*CLI>
Rx-Frame Retry[ No] -- OSeqno: 002 ISeqno: 002 Type: IAX     Subclass:
ACK
   Timestamp: 00024ms  SCall: 00002  DCall: 00001 [groetstraat-ip:4569]

Rx-Frame Retry[ No] -- OSeqno: 000 ISeqno: 000 Type: IAX     Subclass:
REGREQ
   Timestamp: 00014ms  SCall: 00003  DCall: 00000 [groetstraat-ip:4569]
   USERNAME        : groetstraat
   REFRESH         : 60

Tx-Frame Retry[000] -- OSeqno: 000 ISeqno: 001 Type: IAX     Subclass:
REGACK
   Timestamp: 00018ms  SCall: 00007  DCall: 00003 [groetstraat-ip:4569]
   USERNAME        : groetstraat
   DATE TIME       : 2008-02-09  09:36:46
   REFRESH         : 60
   APPARENT ADDRES : IPV4 groetstraat-ip:4569

Rx-Frame Retry[ No] -- OSeqno: 001 ISeqno: 001 Type: IAX     Subclass:
ACK
   Timestamp: 00018ms  SCall: 00003  DCall: 00007 [groetstraat-ip:4569]

Tx-Frame Retry[000] -- OSeqno: 000 ISeqno: 000 Type: IAX     Subclass:
REGREQ
   Timestamp: 00015ms  SCall: 00009  DCall: 00000 [groetstraat-ip:4569]
   USERNAME        : zuiderven
   REFRESH         : 60

Rx-Frame Retry[ No] -- OSeqno: 000 ISeqno: 001 Type: IAX     Subclass:
REGACK
   Timestamp: 00007ms  SCall: 00006  DCall: 00009 [groetstraat-ip:4569]
   USERNAME        : zuiderven
   DATE TIME       : 2008-02-09  09:34:26
   REFRESH         : 60
   APPARENT ADDRES : IPV4 zuiderven-ip:4569

Tx-Frame Retry[-01] -- OSeqno: 001 ISeqno: 001 Type: IAX     Subclass:
ACK
   Timestamp: 00007ms  SCall: 00009  DCall: 00006 [groetstraat-ip:4569]
Rx-Frame Retry[ No] -- OSeqno: 000 ISeqno: 000 Type: IAX     Subclass:
POKE
   Timestamp: 00012ms  SCall: 00008  DCall: 00000 [groetstraat-ip:4569]
Tx-Frame Retry[000] -- OSeqno: 000 ISeqno: 001 Type: IAX     Subclass:
PONG
   Timestamp: 00012ms  SCall: 00010  DCall: 00008 [groetstraat-ip:4569]
Rx-Frame Retry[ No] -- OSeqno: 001 ISeqno: 001 Type: IAX     Subclass:
ACK
   Timestamp: 00012ms  SCall: 00008  DCall: 00010 [groetstraat-ip:4569]

_______________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users
.

[asterisk-users] [Copfilter] Copy of quarantined email - *** SPAM *** [6.0/6.0] IAX2 client asked to authenticate against wrong

[asterisk-users] [Copfilter] Copy of quarantined email - * SPAM * [6.0/6.0] IAX2 client asked to authenticate against wrong