[asterisk-users] iax2: two users can't authenticate from same ip address

Eric Wieling EWieling at nyigc.com
Mon Sep 9 18:48:29 CDT 2013 

Try this as an example of why it doesn't matter.

1) On windows open a cmd prompt or on linux open up a local terminal.
2) open a web browser and connect to a web site like cnn.com
3) on windows type "netstat -n" in the command prompt, in linux type netstat -n --ip

For example on my system, the local IP is 172.17.3.111.  Notice below how the port on my local system is NOT 80, even though the port on the remote system is?   This is simply how TCP and UDP work.  When you are looking at your iax peers you are seeing the REMOTE IP and REMOTE port, which seldom matters.  It is the port on the client you are connecting TO which matters, not the port which you are connecting FROM.     TCP and UDP do not allow more than one connection using the same source IP/source port/destination IP/destination port (called a tuple).  For most things the source port does not matter so the operating system assigns whatever source port it wants to.   NAT routers will often change the source port when the connection is NAT'd.  These are fundamental IP networking concepts which all people doing VoIP should know, but most don't.     I'm sure there are many books on TCP/IP networking which explain it better than I have explained it.

Active Connections

  Proto  Local Address          Foreign Address        State
TCP    172.17.3.111:22020     157.166.226.25:80      ESTABLISHED
 TCP    172.17.3.111:22021     157.166.249.10:80      ESTABLISHED
 TCP    172.17.3.111:22022     23.63.227.185:80       ESTABLISHED
 TCP    172.17.3.111:22023     23.63.227.185:80       ESTABLISHED
 TCP    172.17.3.111:22024     23.63.227.185:80       ESTABLISHED
 TCP    172.17.3.111:22025     23.63.227.185:80       ESTABLISHED
 TCP    172.17.3.111:22026     23.63.227.185:80       ESTABLISHED
 TCP    172.17.3.111:22027     23.203.4.211:80        ESTABLISHED
 TCP    172.17.3.111:22028     23.63.227.185:80       ESTABLISHED
 TCP    172.17.3.111:22029     4.27.18.126:80         ESTABLISHED
 TCP    172.17.3.111:22030     4.27.18.126:80         ESTABLISHED
 TCP    172.17.3.111:22031     4.27.18.126:80         ESTABLISHED
 TCP    172.17.3.111:22032     4.27.18.126:80         ESTABLISHED
 TCP    172.17.3.111:22033     4.27.18.126:80         ESTABLISHED
 TCP    172.17.3.111:22034     4.27.18.126:80         ESTABLISHED
 TCP    172.17.3.111:22035     74.217.240.83:80       ESTABLISHED
 TCP    172.17.3.111:22036     23.63.227.123:80       ESTABLISHED
 TCP    172.17.3.111:22037     12.130.81.225:80       ESTABLISHED
 TCP    172.17.3.111:22038     4.26.252.126:80        ESTABLISHED
 TCP    172.17.3.111:22039     4.26.252.126:80        ESTABLISHED
 TCP    172.17.3.111:22040     4.26.252.126:80        ESTABLISHED
 TCP    172.17.3.111:22041     4.26.252.126:80        ESTABLISHED
 TCP    172.17.3.111:22042     4.26.252.126:80        ESTABLISHED
 TCP    172.17.3.111:22043     4.26.252.126:80        ESTABLISHED

-----Original Message-----
From: asterisk-users-bounces at lists.digium.com [mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Sean Darcy
Sent: Monday, September 09, 2013 7:00 PM
To: asterisk-users at lists.digium.com
Subject: Re: [asterisk-users] iax2: two users can't authenticate from same ip address

On 09/09/2013 03:37 PM, Eric Wieling wrote:
> Again, that port is assigned by your NAT router.  Asterisk cannot control the source port if the incoming packet.   That is set by your NAT router and client and likely has nothing to do with your problem.
>
> -----Original Message-----
> From: asterisk-users-bounces at lists.digium.com 
> [mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Sean 
> Darcy
> Sent: Monday, September 09, 2013 3:30 PM
> To: asterisk-users at lists.digium.com
> Subject: Re: [asterisk-users] iax2: two users can't authenticate from 
> same ip address
>
> Dial("IAX2/home-14358", "IAX2/gn") in new stack
>       -- Called IAX2/gn
> CLI> iax2 show peers
> Name/Username    Host                 Mask             Port
> Status      Description
> gn               <gnipaddr>      (D)  255.255.255.255  9007          OK
> (179 ms)
> ............
> [Sep  9 19:11:36] WARNING[530]: chan_iax2.c:3552 __attempt_transmit: Max retries exceeded to host <gnipaddr> on IAX2/gn-11311 (type = 6, subclass = 11, ts=10018, seqno=1)
>       -- Hungup 'IAX2/gn-11311'
>
> Again, what's with this port 9007? Is asterisk assigning it? I thought all iax traffic went over 4569.
>
> Of course, this could be a zoiper problem.
>
> sean
>

But the problem is it's not MY nat router; it's amazon's. And if you only have only have one iax device registered, it's always 4569, So why does amazon assign a different port to the second iax device? How would it even "know"?

sean


--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs:
               http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

More information about the asterisk-users mailing list