[asterisk-users] IAX2 Trunk Encryption

Elliott W digium at private-address.info
Mon Apr 7 11:54:38 CDT 2014 

Any ideas?  Still hoping..


On Sun, Apr 6, 2014 at 12:03 AM, Elliott W <digium at private-address.info>wrote:

> I have.
>
> On the receiving side I had gotten:
> [2014-04-05 23:28:12] WARNING[1832] chan_iax2.c: Rejected connect attempt.
> No secret present while force encrypt enabled.
>
> I had no secret because I was using RSA authentication and didn't think I
> needed it, so I added EXACTLY the same line on both sides (copy/paste).
> Now I get:
> [2014-04-05 23:30:42] NOTICE[1832] chan_iax2.c: Call Terminated, Incoming
> call is unencrypted while force encrypt is enabled.
>
> On the sending side I really get nothing useful:
> [2014-04-05 23:30:42] VERBOSE[2795][C-00000002] pbx.c: -- Executing
> [s at macro-dialout-trunk:22] Dial("SIP/comp-in-ch01-00000001", "
> IAX2/ch01_ch02/1234,300,Ttr") in new stack
> [2014-04-05 23:30:42] VERBOSE[2795][C-00000002] app_dial.c: -- Called
> IAX2/ch01_ch02/1234
> [2014-04-05 23:30:43] VERBOSE[2795][C-00000002] chan_iax2.c: -- Hungup
> 'IAX2/ch01_ch02-17634'
> [2014-04-05 23:30:43] VERBOSE[2795][C-00000002] app_dial.c: == Everyone is
> busy/congested at this time (1:0/0/1)
> I modified the extension and the trunk name for security reasons, but
> without force encryption calls flow back and forth easily.
>
> These three directives exist on both sides:
> encryption=yes
> forceencryption=yes
> secret=mysecretcode
>
> So I'm kind of at a loss, I can see the options set, I can see:
> [2014-04-05 23:59:32] VERBOSE[1832] chan_iax2.c: -- Accepting
> AUTHENTICATED call from xxx.yyy.zzz.aaa:
> when I DON'T have the force encryption set, so I can't see what else I
> need to do..
>
> CEW
>
>
>
>
> On Fri, Apr 4, 2014 at 7:07 PM, Steve Totaro <
> stotaro at totarotechnologies.com> wrote:
>
>> Have you enabled IAX2 debugging and tried some test calls?
>>
>> Thanks,
>> Steve T
>>
>>
>>
>> On Fri, Apr 4, 2014 at 6:59 PM, Elliott W <digium at private-address.info>wrote:
>>
>>> That answered my question as to whether it WAS encrypted, I think, and
>>> the answer is no, the credentials are but all the rest is not.  That just
>>> leaves the question of what I need to do to get it encrypted..
>>>
>>> Thanks.
>>>
>>>
>>> On Fri, Apr 4, 2014 at 12:59 PM, Steve Totaro <
>>> stotaro at totarotechnologies.com> wrote:
>>>
>>>> Wireshark.
>>>>
>>>>
>>>>
>>>> On Fri, Apr 4, 2014 at 11:13 AM, Elliott W <digium at private-address.info
>>>> > wrote:
>>>>
>>>>> Ok, I think I am 90%+ there.
>>>>>
>>>>> Note: the configuration or status is the same on both sides unless
>>>>> otherwise noted.
>>>>>
>>>>> I am using RSA keys for authentication and the calls are coming
>>>>> through as authenticated so I'm sure that part works.
>>>>>
>>>>> The peer shows the "(E)" next to the status in Asterisk Info for the
>>>>> IAX2 peers
>>>>>
>>>>> The trunk configuration contains:
>>>>> encryption=yes
>>>>>
>>>>> So here is my question, Calls stop flowing when I use the directive:
>>>>> forceencryption=yes
>>>>> At the trunk level or higher does not matter, same effect.
>>>>>
>>>>> So my question comes down to, are my calls getting encrypted and why
>>>>> does this directive cause them to fail, AND how can I tell.
>>>>>
>>>>> Thanks.
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> _____________________________________________________________________
>>>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>>>> New to Asterisk? Join us for a live introductory webinar every Thurs:
>>>>                http://www.asterisk.org/hello
>>>>
>>>> asterisk-users mailing list
>>>> To UNSUBSCRIBE or update options visit:
>>>>    http://lists.digium.com/mailman/listinfo/asterisk-users
>>>>
>>>
>>>
>>> --
>>> _____________________________________________________________________
>>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>>> New to Asterisk? Join us for a live introductory webinar every Thurs:
>>>                http://www.asterisk.org/hello
>>>
>>> asterisk-users mailing list
>>> To UNSUBSCRIBE or update options visit:
>>>    http://lists.digium.com/mailman/listinfo/asterisk-users
>>>
>>
>>
>> --
>> _____________________________________________________________________
>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>> New to Asterisk? Join us for a live introductory webinar every Thurs:
>>                http://www.asterisk.org/hello
>>
>> asterisk-users mailing list
>> To UNSUBSCRIBE or update options visit:
>>    http://lists.digium.com/mailman/listinfo/asterisk-users
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20140407/568e7445/attachment.html>

More information about the asterisk-users mailing list