[asterisk-users] IAX2 Trunk Encryption

Elliott W digium at private-address.info
Sun Apr 6 00:03:40 CDT 2014 

I have.

On the receiving side I had gotten:
[2014-04-05 23:28:12] WARNING[1832] chan_iax2.c: Rejected connect attempt.
No secret present while force encrypt enabled.

I had no secret because I was using RSA authentication and didn't think I
needed it, so I added EXACTLY the same line on both sides (copy/paste).
Now I get:
[2014-04-05 23:30:42] NOTICE[1832] chan_iax2.c: Call Terminated, Incoming
call is unencrypted while force encrypt is enabled.

On the sending side I really get nothing useful:
[2014-04-05 23:30:42] VERBOSE[2795][C-00000002] pbx.c: -- Executing
[s at macro-dialout-trunk:22] Dial("SIP/comp-in-ch01-00000001", "
IAX2/ch01_ch02/1234,300,Ttr") in new stack
[2014-04-05 23:30:42] VERBOSE[2795][C-00000002] app_dial.c: -- Called
IAX2/ch01_ch02/1234
[2014-04-05 23:30:43] VERBOSE[2795][C-00000002] chan_iax2.c: -- Hungup
'IAX2/ch01_ch02-17634'
[2014-04-05 23:30:43] VERBOSE[2795][C-00000002] app_dial.c: == Everyone is
busy/congested at this time (1:0/0/1)
I modified the extension and the trunk name for security reasons, but
without force encryption calls flow back and forth easily.

These three directives exist on both sides:
encryption=yes
forceencryption=yes
secret=mysecretcode

So I'm kind of at a loss, I can see the options set, I can see:
[2014-04-05 23:59:32] VERBOSE[1832] chan_iax2.c: -- Accepting AUTHENTICATED
call from xxx.yyy.zzz.aaa:
when I DON'T have the force encryption set, so I can't see what else I need
to do..

CEW




On Fri, Apr 4, 2014 at 7:07 PM, Steve Totaro <stotaro at totarotechnologies.com
> wrote:

> Have you enabled IAX2 debugging and tried some test calls?
>
> Thanks,
> Steve T
>
>
>
> On Fri, Apr 4, 2014 at 6:59 PM, Elliott W <digium at private-address.info>wrote:
>
>> That answered my question as to whether it WAS encrypted, I think, and
>> the answer is no, the credentials are but all the rest is not.  That just
>> leaves the question of what I need to do to get it encrypted..
>>
>> Thanks.
>>
>>
>> On Fri, Apr 4, 2014 at 12:59 PM, Steve Totaro <
>> stotaro at totarotechnologies.com> wrote:
>>
>>> Wireshark.
>>>
>>>
>>>
>>> On Fri, Apr 4, 2014 at 11:13 AM, Elliott W <digium at private-address.info>wrote:
>>>
>>>> Ok, I think I am 90%+ there.
>>>>
>>>> Note: the configuration or status is the same on both sides unless
>>>> otherwise noted.
>>>>
>>>> I am using RSA keys for authentication and the calls are coming through
>>>> as authenticated so I'm sure that part works.
>>>>
>>>> The peer shows the "(E)" next to the status in Asterisk Info for the
>>>> IAX2 peers
>>>>
>>>> The trunk configuration contains:
>>>> encryption=yes
>>>>
>>>> So here is my question, Calls stop flowing when I use the directive:
>>>> forceencryption=yes
>>>> At the trunk level or higher does not matter, same effect.
>>>>
>>>> So my question comes down to, are my calls getting encrypted and why
>>>> does this directive cause them to fail, AND how can I tell.
>>>>
>>>> Thanks.
>>>>
>>>>
>>>
>>>
>>> --
>>> _____________________________________________________________________
>>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>>> New to Asterisk? Join us for a live introductory webinar every Thurs:
>>>                http://www.asterisk.org/hello
>>>
>>> asterisk-users mailing list
>>> To UNSUBSCRIBE or update options visit:
>>>    http://lists.digium.com/mailman/listinfo/asterisk-users
>>>
>>
>>
>> --
>> _____________________________________________________________________
>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>> New to Asterisk? Join us for a live introductory webinar every Thurs:
>>                http://www.asterisk.org/hello
>>
>> asterisk-users mailing list
>> To UNSUBSCRIBE or update options visit:
>>    http://lists.digium.com/mailman/listinfo/asterisk-users
>>
>
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>                http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20140406/61d7acd6/attachment.html>

More information about the asterisk-users mailing list