[Asterisk-Users] Connecting 2 * Together-Pulling hair out

Tim Pushor timp at crossthread.com
Thu May 5 15:14:23 MST 2005


Its scattered and hard to find. Once I understood the relationship 
between user and peer (and friend, somewhat), it was pretty clear. 
Actually I find RSA authentication much easier than managing 
usernames/passwords (but I will have about 10 boxes that need to be able 
to talk to each other).

I wouldn't consider 'getting to keys' to be a next step in your plan. I 
would use RSA keys to authenticate the peers to each other rather than 
passwords.

Those config files I included work (with the names changed to protect 
the guilty). It should work for you ..

Tim


Chris wrote:

>    I haven't gotten to keys yet.
>The documentation out there doesn't seem to be very good.
>
>Chris
>
>
>----- Original Message ----- 
>From: "Tim Pushor" <timp at crossthread.com>
>To: "Asterisk Users Mailing List - Non-Commercial Discussion" <asterisk-users at lists.digium.com>
>Sent: Thursday, May 05, 2005 4:06 PM
>Subject: Re: [Asterisk-Users] Connecting 2 * Together-Pulling hair out
>
>
>  
>
>>Personally, if I owned both boxes and had full control of the dialplan 
>>on both, I'd stay away from passwords. (but be careful what I say, I'm a 
>>hack)
>>
>>I have a bunch of boxes connected together via IAX and authenticating 
>>via RSA. The entries in iax.conf are simple, and dialing across the 
>>connection is simple (no passwords in the dialplan) (thanks again Rich 
>>for taking the time).
>>
>>Tim
>>
>>Here is a sample of iax.conf entries on machine a:
>>
>>[machineb]
>>type=user
>>host=machineb.internal.net
>>auth=rsa
>>inkeys=machineb
>>username=machineb
>>context=inbound
>>
>>[machineb]
>>type=peer
>>host=machineb.internal.net
>>auth=rsa
>>outkey=machinea
>>username=machinea
>>
>>And an example dialplan entry to dial an extention on machineb (in the 
>>inbound context):
>>
>>exten => 333,1,Dial(IAX2/machineb/333)
>>
>>And on machinea, the opposite of machineb:
>>
>>[machinea]
>>type=user
>>host=machinea.internal.net
>>auth=rsa
>>inkeys=machinea
>>username=machinea
>>context=inbound
>>
>>[machinea]
>>type=peer
>>host=machinea.internal.net
>>auth=rsa
>>outkey=machineb
>>username=machineb
>>
>>To generate the keys:
>>
>>on machinea:
>>
>>astgenkey -n machinea
>>mv machinea.* /var/lib/asterisk/keys
>>
>>copy machinea.pub to machineb's /var/lib/asterisk/keys
>>
>>on machineb:
>>
>>astgenkey -n machineb
>>mv machineb.* /var/lib/asterisk/keys
>>
>>copy machineb.pub to machinea's /var/lib/asterisk/keys
>>
>>
>>Chris wrote:
>>
>>    
>>
>>>   I have something similar.  Both of my servers are behind a firewall and NAT.  You will need to allow UDP 4569 through the firewall for IAX2. If you have NAT you will need to redirect 4569 to the internal server.  
>>>
>>>   I would suggest using AMP and then looking at IAX_ADDITIONAL.CONF to see how it's done. You can modify the IAX.CONf because I don't believe AMP rewrites that file.
>>>
>>>   I think the user and passwords are required.   I would suggest using a strong password or someone may decide to make a few phone calls.   After this you will need the routing in Extensions.conf to allow calls to be made on this trunk.
>>>
>>>   Asterisk will handle the SIP > IAX.    All my clients are SIP and they have no trouble going over a IAX trunk to other SIP devices on the other server.
>>>
>>>This is what my IAX_ADDITIONAL.CONF looks like
>>>
>>>SiteA - Dynamic IP
>>>--------------
>>>[boxb-peer]
>>>username=boxa-user
>>>type=peer
>>>trunk=yes
>>>secret=mypassword
>>>host=thehost.dyndns.org
>>>
>>>[boxb-user]
>>>type=user
>>>secret=mypassword2
>>>host=thehost.dyndns.org
>>>context=from-internal
>>>
>>>---------------
>>>Site b - Static IP
>>>----------------
>>>
>>>[boxa-peer]
>>>username=boxb-user
>>>type=peer
>>>trunk=yes
>>>secret=mypassword2
>>>host=xxx.xxx.xxx.xxx
>>>
>>>[boxa-user]
>>>type=user
>>>secret=mypassword
>>>host=xxx.xxx.xxx.xxx
>>>context=from-internal
>>>
>>>
>>>Regards,
>>>
>>>Chris
>>>
>>>
>>>----- Original Message ----- 
>>>From: "mr. barker" <cabalitomb at shaw.ca>
>>>To: "'Asterisk Users Mailing List - Non-Commercial Discussion'" <asterisk-users at lists.digium.com>
>>>Sent: Thursday, May 05, 2005 1:58 PM
>>>Subject: RE: [Asterisk-Users] Connecting 2 * Together-Pulling hair out
>>>
>>>
>>> 
>>>
>>>      
>>>
>>>>Yes trying to connect to boxes together.
>>>>
>>>>One sits outside the internal firewall and is on the inside.
>>>>
>>>>I am using AMP.  However I can just put whatever I need in the custom.conf
>>>>sections.
>>>>The users agents are SIP .. can SIP call go over a IAX trunk ? if so great.
>>>>To create the trunk do I need to use a users name and password ? or ?
>>>>
>>>>I need to have the *box that is behind the firewall to be able to place a
>>>>call out through the *box that has a public ip.
>>>>
>>>>Thank you
>>>>
>>>>-----Original Message-----
>>>>From: asterisk-users-bounces at lists.digium.com
>>>>[mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Chris
>>>>Sent: Thursday, May 05, 2005 8:20 AM
>>>>To: Asterisk Users Mailing List - Non-Commercial Discussion
>>>>Subject: Re: [Asterisk-Users] Connecting 2 * Together-Pulling hair out
>>>>
>>>>   I am not sure what you are trying to do.    I have created an IAX2 trunk
>>>>between the servers over an internet connection.
>>>>Then all you have to do is put in call routing on the trunks to forward the
>>>>call to the right place.  Are you using AMP or trying to do it manually.
>>>>I found everything a little confusing as well, but it is simple now that I
>>>>understand it.
>>>>
>>>>
>>>>Chris
>>>>
>>>>----- Original Message ----- 
>>>>From: "mr. barker" <cabalitomb at shaw.ca>
>>>>To: "'Asterisk Users Mailing List - Non-Commercial Discussion'"
>>>><asterisk-users at lists.digium.com>
>>>>Sent: Thursday, May 05, 2005 4:43 AM
>>>>Subject: [Asterisk-Users] Connecting 2 * Together-Pulling hair out
>>>>
>>>>
>>>>   
>>>>
>>>>        
>>>>
>>>>> _____  
>>>>>
>>>>>Subject: [Asterisk-Users] Connecting 2 * Together-Pulling hair out
>>>>>
>>>>>
>>>>>
>>>>>I have read the docs on connecting 2* together but am unsure of a few
>>>>>     
>>>>>
>>>>>          
>>>>>
>>>>things
>>>>   
>>>>
>>>>        
>>>>
>>>>>Do I need a different account for each number that will be called from one
>>>>>box to the other ? ie. Do I set up a user account on one and then have the
>>>>>other box log into that account when it whats to make a call ?
>>>>>
>>>>>
>>>>>
>>>>>I have 2 asterisk boxes and only one of them has the ability to access a
>>>>>VoipAccount and PSTN connections.(*box 1). The other holds the SIP
>>>>>extensions for the internal SIP users/exten(*box2)
>>>>>
>>>>>I would like to be able to have the box with the Sip UA(*box2) on it to be
>>>>>able to place a call using the box that has the VoipAccount and PSTN
>>>>>connection.  I am able to make multiple UA calls on the VoipAccount and 3
>>>>>     
>>>>>
>>>>>          
>>>>>
>>>>on
>>>>   
>>>>
>>>>        
>>>>
>>>>>the PSTN lines (only have 3 lines coming in).  I can get it to work if I
>>>>>create a user exten on *box1 and map a trunk(which is really only an
>>>>>     
>>>>>
>>>>>          
>>>>>
>>>>exten)
>>>>   
>>>>
>>>>        
>>>>
>>>>>using the user/password login to that exten from *box2.  However when I
>>>>>     
>>>>>
>>>>>          
>>>>>
>>>>try
>>>>   
>>>>
>>>>        
>>>>
>>>>>to place a second call when the VOIP line is in use it gives me error (
>>>>>basically saying can't use the trunk because it is in use)  I would like
>>>>>     
>>>>>
>>>>>          
>>>>>
>>>>to
>>>>   
>>>>
>>>>        
>>>>
>>>>>be able to have this exten/trunk to be able to use multiple connections on
>>>>>it.
>>>>>
>>>>>
>>>>>
>>>>>There must be an easier way to do this I am just not sure how.  I looked
>>>>>     
>>>>>
>>>>>          
>>>>>
>>>>at
>>>>   
>>>>
>>>>        
>>>>
>>>>>creating IAX trunks but still come up with the Trunk is really an Exten
>>>>>name/password .  
>>>>>
>>>>>
>>>>>
>>>>>Any help would be appreciated. (my brain is boiling eggs)
>>>>>
>>>>>
>>>>>
>>>>>Thank you.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>     
>>>>>
>>>>>          
>>>>>
>>>>----------------------------------------------------------------------------
>>>>----
>>>>
>>>>
>>>>   
>>>>
>>>>        
>>>>
>>>>>_______________________________________________
>>>>>Asterisk-Users mailing list
>>>>>Asterisk-Users at lists.digium.com
>>>>>http://lists.digium.com/mailman/listinfo/asterisk-users
>>>>>To UNSUBSCRIBE or update options visit:
>>>>>  http://lists.digium.com/mailman/listinfo/asterisk-users
>>>>>     
>>>>>
>>>>>          
>>>>>
>>>>_______________________________________________
>>>>Asterisk-Users mailing list
>>>>Asterisk-Users at lists.digium.com
>>>>http://lists.digium.com/mailman/listinfo/asterisk-users
>>>>To UNSUBSCRIBE or update options visit:
>>>>  http://lists.digium.com/mailman/listinfo/asterisk-users
>>>>
>>>>------------------------------------------------------------------------
>>>>
>>>>_______________________________________________
>>>>Asterisk-Users mailing list
>>>>Asterisk-Users at lists.digium.com
>>>>http://lists.digium.com/mailman/listinfo/asterisk-users
>>>>To UNSUBSCRIBE or update options visit:
>>>>  http://lists.digium.com/mailman/listinfo/asterisk-users
>>>>
>>>>        
>>>>
>>_______________________________________________
>>Asterisk-Users mailing list
>>Asterisk-Users at lists.digium.com
>>http://lists.digium.com/mailman/listinfo/asterisk-users
>>To UNSUBSCRIBE or update options visit:
>>   http://lists.digium.com/mailman/listinfo/asterisk-users
>>
>>------------------------------------------------------------------------
>>
>>_______________________________________________
>>Asterisk-Users mailing list
>>Asterisk-Users at lists.digium.com
>>http://lists.digium.com/mailman/listinfo/asterisk-users
>>To UNSUBSCRIBE or update options visit:
>>   http://lists.digium.com/mailman/listinfo/asterisk-users
>>



More information about the asterisk-users mailing list