[Asterisk-Users] Connecting 2 * Together-Pulling hair out

Chris listmail at odisok.net
Fri May 6 12:45:01 MST 2005


    I use AMP so the Extensions has the AMP routing.   It worked fine with the old setup when I used passwords.
So I didn't think it would be a problem.   If you want to see it, I will dig it out of the Extensions_additional.conf.  I observed bidirectional traffic on UDP 4569.   IAX2 Debug doesn't show anything on Server B.   On Server A I see the initial connect, but it doesn't show anything else until I disconnect.

a.key, a.pub, b.pub located in /var/lib/asterisk/keys

Server A IAX.CONF
------------
[a-peer]
username=b-user
type=peer
trunk=yes
outkey=b
host=Host.IP
auth=rsa

[a-user]
username=a-user
type=user
inkeys=a
host=host.ip
context=from-internal
auth=rsa

----------------------------------------------

b.key, b.pub, a.pub located in /var/lib/asterisk/keys
Server B IAX.CONF
--------------
[b-peer]
username=a-user
type=peer
trunk=yes
outkey=a
host=IP ADDR
auth=rsa

[b-user]
username=b-user
type=user
inkeys=b
host=IP Addr
context=from-internal
auth=rsa



----- Original Message ----- 
From: "Tim Pushor" <timp at crossthread.com>
To: "Asterisk Users Mailing List - Non-Commercial Discussion" <asterisk-users at lists.digium.com>
Sent: Friday, May 06, 2005 2:21 PM
Subject: Re: [Asterisk-Users] Connecting 2 * Together-Pulling hair out


> Authentication problems should be displayed. I don't use passwords (the 
> -n flag to astgenkey). The name of the key needs to be whatever you put 
> in inkeys.
> 
> Did you try using the configuration from my original email verbatim? How 
> about showing us the relavent portions of the iax.conf and dialplan, as 
> well as details as to where you put your keys, both private and public.
> 
> 
> Chris wrote:
> 
> >    I have.    The receiving box doesn't show anything, but tcpdump shows bidirectional traffic.
> >I can only think that it is an authentication problem.    When you generate the key do you need the password?   Does the name of the key have to match the user name?
> >
> >Chris
> >
> >----- Original Message ----- 
> >From: "Tim Pushor" <timp at crossthread.com>
> >To: "Asterisk Users Mailing List - Non-Commercial Discussion" <asterisk-users at lists.digium.com>
> >Sent: Friday, May 06, 2005 12:33 PM
> >Subject: Re: [Asterisk-Users] Connecting 2 * Together-Pulling hair out
> >
> >
> >  
> >
> >>What does your log/debug tell you?
> >>
> >>Set debug and log levels up, and watch the fun.
> >>
> >>Chris wrote:
> >>
> >>    
> >>
> >>>   I tried it that way, but it just rings and eventually says all circuits are busy.
> >>>
> >>>
> >>>Chris
> >>>
> >>>----- Original Message ----- 
> >>>From: "Tim Pushor" <timp at crossthread.com>
> >>>To: "Asterisk Users Mailing List - Non-Commercial Discussion" <asterisk-users at lists.digium.com>
> >>>Sent: Thursday, May 05, 2005 4:06 PM
> >>>Subject: Re: [Asterisk-Users] Connecting 2 * Together-Pulling hair out
> >>>
> >>>
> >>> 
> >>>
> >>>      
> >>>
> >>>>Personally, if I owned both boxes and had full control of the dialplan 
> >>>>on both, I'd stay away from passwords. (but be careful what I say, I'm a 
> >>>>hack)
> >>>>
> >>>>I have a bunch of boxes connected together via IAX and authenticating 
> >>>>via RSA. The entries in iax.conf are simple, and dialing across the 
> >>>>connection is simple (no passwords in the dialplan) (thanks again Rich 
> >>>>for taking the time).
> >>>>
> >>>>Tim
> >>>>
> >>>>Here is a sample of iax.conf entries on machine a:
> >>>>
> >>>>[machineb]
> >>>>type=user
> >>>>host=machineb.internal.net
> >>>>auth=rsa
> >>>>inkeys=machineb
> >>>>username=machineb
> >>>>context=inbound
> >>>>
> >>>>[machineb]
> >>>>type=peer
> >>>>host=machineb.internal.net
> >>>>auth=rsa
> >>>>outkey=machinea
> >>>>username=machinea
> >>>>
> >>>>And an example dialplan entry to dial an extention on machineb (in the 
> >>>>inbound context):
> >>>>
> >>>>exten => 333,1,Dial(IAX2/machineb/333)
> >>>>
> >>>>And on machinea, the opposite of machineb:
> >>>>
> >>>>[machinea]
> >>>>type=user
> >>>>host=machinea.internal.net
> >>>>auth=rsa
> >>>>inkeys=machinea
> >>>>username=machinea
> >>>>context=inbound
> >>>>
> >>>>[machinea]
> >>>>type=peer
> >>>>host=machinea.internal.net
> >>>>auth=rsa
> >>>>outkey=machineb
> >>>>username=machineb
> >>>>
> >>>>To generate the keys:
> >>>>
> >>>>on machinea:
> >>>>
> >>>>astgenkey -n machinea
> >>>>mv machinea.* /var/lib/asterisk/keys
> >>>>
> >>>>copy machinea.pub to machineb's /var/lib/asterisk/keys
> >>>>
> >>>>on machineb:
> >>>>
> >>>>astgenkey -n machineb
> >>>>mv machineb.* /var/lib/asterisk/keys
> >>>>
> >>>>copy machineb.pub to machinea's /var/lib/asterisk/keys
> >>>>
> >>>>
> >>>>Chris wrote:
> >>>>
> >>>>   
> >>>>
> >>>>        
> >>>>
> >>>>>  I have something similar.  Both of my servers are behind a firewall and NAT.  You will need to allow UDP 4569 through the firewall for IAX2. If you have NAT you will need to redirect 4569 to the internal server.  
> >>>>>
> >>>>>  I would suggest using AMP and then looking at IAX_ADDITIONAL.CONF to see how it's done. You can modify the IAX.CONf because I don't believe AMP rewrites that file.
> >>>>>
> >>>>>  I think the user and passwords are required.   I would suggest using a strong password or someone may decide to make a few phone calls.   After this you will need the routing in Extensions.conf to allow calls to be made on this trunk.
> >>>>>
> >>>>>  Asterisk will handle the SIP > IAX.    All my clients are SIP and they have no trouble going over a IAX trunk to other SIP devices on the other server.
> >>>>>
> >>>>>This is what my IAX_ADDITIONAL.CONF looks like
> >>>>>
> >>>>>SiteA - Dynamic IP
> >>>>>--------------
> >>>>>[boxb-peer]
> >>>>>username=boxa-user
> >>>>>type=peer
> >>>>>trunk=yes
> >>>>>secret=mypassword
> >>>>>host=thehost.dyndns.org
> >>>>>
> >>>>>[boxb-user]
> >>>>>type=user
> >>>>>secret=mypassword2
> >>>>>host=thehost.dyndns.org
> >>>>>context=from-internal
> >>>>>
> >>>>>---------------
> >>>>>Site b - Static IP
> >>>>>----------------
> >>>>>
> >>>>>[boxa-peer]
> >>>>>username=boxb-user
> >>>>>type=peer
> >>>>>trunk=yes
> >>>>>secret=mypassword2
> >>>>>host=xxx.xxx.xxx.xxx
> >>>>>
> >>>>>[boxa-user]
> >>>>>type=user
> >>>>>secret=mypassword
> >>>>>host=xxx.xxx.xxx.xxx
> >>>>>context=from-internal
> >>>>>
> >>>>>
> >>>>>Regards,
> >>>>>
> >>>>>Chris
> >>>>>
> >>>>>
> >>>>>----- Original Message ----- 
> >>>>>From: "mr. barker" <cabalitomb at shaw.ca>
> >>>>>To: "'Asterisk Users Mailing List - Non-Commercial Discussion'" <asterisk-users at lists.digium.com>
> >>>>>Sent: Thursday, May 05, 2005 1:58 PM
> >>>>>Subject: RE: [Asterisk-Users] Connecting 2 * Together-Pulling hair out
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>     
> >>>>>
> >>>>>          
> >>>>>
> >>>>>>Yes trying to connect to boxes together.
> >>>>>>
> >>>>>>One sits outside the internal firewall and is on the inside.
> >>>>>>
> >>>>>>I am using AMP.  However I can just put whatever I need in the custom.conf
> >>>>>>sections.
> >>>>>>The users agents are SIP .. can SIP call go over a IAX trunk ? if so great.
> >>>>>>To create the trunk do I need to use a users name and password ? or ?
> >>>>>>
> >>>>>>I need to have the *box that is behind the firewall to be able to place a
> >>>>>>call out through the *box that has a public ip.
> >>>>>>
> >>>>>>Thank you
> >>>>>>
> >>>>>>-----Original Message-----
> >>>>>>From: asterisk-users-bounces at lists.digium.com
> >>>>>>[mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Chris
> >>>>>>Sent: Thursday, May 05, 2005 8:20 AM
> >>>>>>To: Asterisk Users Mailing List - Non-Commercial Discussion
> >>>>>>Subject: Re: [Asterisk-Users] Connecting 2 * Together-Pulling hair out
> >>>>>>
> >>>>>>  I am not sure what you are trying to do.    I have created an IAX2 trunk
> >>>>>>between the servers over an internet connection.
> >>>>>>Then all you have to do is put in call routing on the trunks to forward the
> >>>>>>call to the right place.  Are you using AMP or trying to do it manually.
> >>>>>>I found everything a little confusing as well, but it is simple now that I
> >>>>>>understand it.
> >>>>>>
> >>>>>>
> >>>>>>Chris
> >>>>>>
> >>>>>>----- Original Message ----- 
> >>>>>>From: "mr. barker" <cabalitomb at shaw.ca>
> >>>>>>To: "'Asterisk Users Mailing List - Non-Commercial Discussion'"
> >>>>>><asterisk-users at lists.digium.com>
> >>>>>>Sent: Thursday, May 05, 2005 4:43 AM
> >>>>>>Subject: [Asterisk-Users] Connecting 2 * Together-Pulling hair out
> >>>>>>
> >>>>>>
> >>>>>>  
> >>>>>>
> >>>>>>       
> >>>>>>
> >>>>>>            
> >>>>>>
> >>>>>>>_____  
> >>>>>>>
> >>>>>>>Subject: [Asterisk-Users] Connecting 2 * Together-Pulling hair out
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>I have read the docs on connecting 2* together but am unsure of a few
> >>>>>>>    
> >>>>>>>
> >>>>>>>         
> >>>>>>>
> >>>>>>>              
> >>>>>>>
> >>>>>>things
> >>>>>>  
> >>>>>>
> >>>>>>       
> >>>>>>
> >>>>>>            
> >>>>>>
> >>>>>>>Do I need a different account for each number that will be called from one
> >>>>>>>box to the other ? ie. Do I set up a user account on one and then have the
> >>>>>>>other box log into that account when it whats to make a call ?
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>I have 2 asterisk boxes and only one of them has the ability to access a
> >>>>>>>VoipAccount and PSTN connections.(*box 1). The other holds the SIP
> >>>>>>>extensions for the internal SIP users/exten(*box2)
> >>>>>>>
> >>>>>>>I would like to be able to have the box with the Sip UA(*box2) on it to be
> >>>>>>>able to place a call using the box that has the VoipAccount and PSTN
> >>>>>>>connection.  I am able to make multiple UA calls on the VoipAccount and 3
> >>>>>>>    
> >>>>>>>
> >>>>>>>         
> >>>>>>>
> >>>>>>>              
> >>>>>>>
> >>>>>>on
> >>>>>>  
> >>>>>>
> >>>>>>       
> >>>>>>
> >>>>>>            
> >>>>>>
> >>>>>>>the PSTN lines (only have 3 lines coming in).  I can get it to work if I
> >>>>>>>create a user exten on *box1 and map a trunk(which is really only an
> >>>>>>>    
> >>>>>>>
> >>>>>>>         
> >>>>>>>
> >>>>>>>              
> >>>>>>>
> >>>>>>exten)
> >>>>>>  
> >>>>>>
> >>>>>>       
> >>>>>>
> >>>>>>            
> >>>>>>
> >>>>>>>using the user/password login to that exten from *box2.  However when I
> >>>>>>>    
> >>>>>>>
> >>>>>>>         
> >>>>>>>
> >>>>>>>              
> >>>>>>>
> >>>>>>try
> >>>>>>  
> >>>>>>
> >>>>>>       
> >>>>>>
> >>>>>>            
> >>>>>>
> >>>>>>>to place a second call when the VOIP line is in use it gives me error (
> >>>>>>>basically saying can't use the trunk because it is in use)  I would like
> >>>>>>>    
> >>>>>>>
> >>>>>>>         
> >>>>>>>
> >>>>>>>              
> >>>>>>>
> >>>>>>to
> >>>>>>  
> >>>>>>
> >>>>>>       
> >>>>>>
> >>>>>>            
> >>>>>>
> >>>>>>>be able to have this exten/trunk to be able to use multiple connections on
> >>>>>>>it.
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>There must be an easier way to do this I am just not sure how.  I looked
> >>>>>>>    
> >>>>>>>
> >>>>>>>         
> >>>>>>>
> >>>>>>>              
> >>>>>>>
> >>>>>>at
> >>>>>>  
> >>>>>>
> >>>>>>       
> >>>>>>
> >>>>>>            
> >>>>>>
> >>>>>>>creating IAX trunks but still come up with the Trunk is really an Exten
> >>>>>>>name/password .  
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>Any help would be appreciated. (my brain is boiling eggs)
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>Thank you.
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>    
> >>>>>>>
> >>>>>>>         
> >>>>>>>
> >>>>>>>              
> >>>>>>>
> >>>>>>----------------------------------------------------------------------------
> >>>>>>----
> >>>>>>
> >>>>>>
> >>>>>>  
> >>>>>>
> >>>>>>       
> >>>>>>
> >>>>>>            
> >>>>>>
> >>>>>>>_______________________________________________
> >>>>>>>Asterisk-Users mailing list
> >>>>>>>Asterisk-Users at lists.digium.com
> >>>>>>>http://lists.digium.com/mailman/listinfo/asterisk-users
> >>>>>>>To UNSUBSCRIBE or update options visit:
> >>>>>>> http://lists.digium.com/mailman/listinfo/asterisk-users
> >>>>>>>    
> >>>>>>>
> >>>>>>>         
> >>>>>>>
> >>>>>>>              
> >>>>>>>
> >>>>>>_______________________________________________
> >>>>>>Asterisk-Users mailing list
> >>>>>>Asterisk-Users at lists.digium.com
> >>>>>>http://lists.digium.com/mailman/listinfo/asterisk-users
> >>>>>>To UNSUBSCRIBE or update options visit:
> >>>>>> http://lists.digium.com/mailman/listinfo/asterisk-users
> >>>>>>
> >>>>>>------------------------------------------------------------------------
> >>>>>>
> >>>>>>_______________________________________________
> >>>>>>Asterisk-Users mailing list
> >>>>>>Asterisk-Users at lists.digium.com
> >>>>>>http://lists.digium.com/mailman/listinfo/asterisk-users
> >>>>>>To UNSUBSCRIBE or update options visit:
> >>>>>> http://lists.digium.com/mailman/listinfo/asterisk-users
> >>>>>>
> >>>>>>       
> >>>>>>
> >>>>>>            
> >>>>>>
> >>>>_______________________________________________
> >>>>Asterisk-Users mailing list
> >>>>Asterisk-Users at lists.digium.com
> >>>>http://lists.digium.com/mailman/listinfo/asterisk-users
> >>>>To UNSUBSCRIBE or update options visit:
> >>>>  http://lists.digium.com/mailman/listinfo/asterisk-users
> >>>>
> >>>>------------------------------------------------------------------------
> >>>>
> >>>>_______________________________________________
> >>>>Asterisk-Users mailing list
> >>>>Asterisk-Users at lists.digium.com
> >>>>http://lists.digium.com/mailman/listinfo/asterisk-users
> >>>>To UNSUBSCRIBE or update options visit:
> >>>>  http://lists.digium.com/mailman/listinfo/asterisk-users
> >>>>
> >>>>        
> >>>>
> >>_______________________________________________
> >>Asterisk-Users mailing list
> >>Asterisk-Users at lists.digium.com
> >>http://lists.digium.com/mailman/listinfo/asterisk-users
> >>To UNSUBSCRIBE or update options visit:
> >>   http://lists.digium.com/mailman/listinfo/asterisk-users
> >>
> >>------------------------------------------------------------------------
> >>
> >>_______________________________________________
> >>Asterisk-Users mailing list
> >>Asterisk-Users at lists.digium.com
> >>http://lists.digium.com/mailman/listinfo/asterisk-users
> >>To UNSUBSCRIBE or update options visit:
> >>   http://lists.digium.com/mailman/listinfo/asterisk-users
> >>
> _______________________________________________
> Asterisk-Users mailing list
> Asterisk-Users at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-users
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users


More information about the asterisk-users mailing list