[Asterisk-Users] IAX peers and NAT

Thu Oct 23 11:42:57 MST 2003

WipeOut wrote:

> Olle E. Johansson wrote:
> 
>> Help, I'm stuck. Lost in the woods.
>>
>> I have one Asterisk running on FreeBSD outside on the Wild Internet.
>> One on the safe inside, behind a NAT firewall.
>>
>> The inside server registers with IAX to the outer one and can place 
>> calls.
>> The outside one can't register to the one on the inside, since it 
>> can't be reached
>> on the private network.
>>
>> Now to my problem:
>> * How do I dial from outside to the inside over the existing IAX 
>> connection?
>>
>> When I dial from the outside to the inside by using the registred 
>> loginname like
>>
>>   exten => 1234,1,Dial(IAX/loginname/12345)
>>
>> The outside server seems to dial the one on the inside, but I see 
>> nothing on the inside.
>> The log on the outside mysteriously enough claims it can't 
>> authenticate to the inside
>> server - but how do I authenticate, all authentication in IAX is based 
>> on hostname
>> or IP numbers...
>> And even more mysteriously, the message in the logfile says
>>
>> Oct 23 19:26:21 WARNING[137286656]: File chan_iax.c, Line 3838 
>> (socket_read): I don't know how to authenticate 
>> methods=rsa;challenge=135582743;username=iaxtel to <nat ip #>
>>
>> I can't find out where the username=iaxtel and methods=rsa come from, 
>> have no such configuration for this
>> session. The NAT IP # is the outside address of my firewall.
>>
>> It is probably something basic that I've misunderstood. Please tell me!
>>
>> /Olle
>>
> You don't really need the outside one to register with the inside one 
> bacasue you can call it by the name its registering with..
Ok.
> But have to tell it where to connect to..
> eg. exten => 1234,1,Dial(IAX/loginname:password at otherserver/12345)
> 
> Where otherserver is the name you specified between the [] in the peer 
> definition in you iax.conf..
Thank you. Still confused.

It must be a definition on the outside server... But that's the same name
as the "loginname" - the name the inside server uses to login on the outside.
I must be able to call from the outside server without giving the @insideserver.
As far as I know, the IAXTEL network calls me after my server registers on the line I register on,
that's the way it gets into my server. Or...

Here's an overview of my dilemma
----------------------------------------------------------
IAX.conf outside
[insideserver] definition

IAX.conf inside
register -> insideserver:password at outsideserver
---------------------------
Extensions.conf outside (Wipeout suggestion)
exten => 1234,1,Dial(IAX/loginname:password at otherserver/12345)

*** Olle: Which loginname, password and otherserver? Do I need an [outsideserver] definition on the inside iax.conf?

As far as I understand:
exten => 1234,1,Dial(IAX/insideserver/12345)

---------------------------------------------------------

Still confused. Still getting the errormessage about IAXTEL.COM, which is even more
confusing.

/O