[asterisk-users] IAX2 client asked to authenticate against wrong peer (username)
LInux
linux at shelob.nl
Mon Feb 18 01:36:24 CST 2008
Problem:
When I have more than one IAX2 connection (on server zuiderven), I have
problems in receiving calls from IAX peers except for the first in the
list as seen by the iax2 show peers command.
In my tests it showed that by removing one by one the entries from the
iax.conf file in the order as they were showed. It tried to authenticate
to the next. Eventually after removing all but the "groetstraat" it
finally worked for this peer.
While tracing the information with iax2 set debug, I had the impression
that the receiving asterisk server told the one that tried to set up the
call in the AUTHREQ package which username to use to authenticate in the
challenge. This server ofcourse does not know how to do that on the
wrong username.
Below is configuration information as well as a little iax2 debug
information.
My question is, what is missing in the iax2 configuration that this is
happening. This problem started when I added the groetstraat configuration.
TIA,
Hans Feringa
zuiderven asterisk = 1.4.18 (compiled from source)
groetstraat asterisk = 1.4.10 (ubuntu repository)
This is the local (zuiderven) iax.conf:
register => ******:******@**.**.**.**
register => 8*****:******@iax2.fwdnet.net
register => 8*****:******@iax2.fwdnet.net
[groetstraat]
type=friend
context=groetstraat-in
host=dynamic
trunk=no
qualify=yes
secret=********
disallow=all
allow=ulaw
allow=alaw
[iaxfwd]
type=user
context=iaxfwd
auth=rsa
inkeys=freeworlddialup
disallow=all
allow=ulaw
allow=alaw
allow=gsm
allow=ilbc
allow=g726
[iaxfwd]
type=peer
host=iax2.fwd.net
username=*****
secret=*******
qualify=yes
disallow=all
allow=ulaw
allow=alaw
allow=gsm
allow=ilbc
allow=g726
[ordina-pc]
type=friend
context=home
host=dynamic
nat=yes
qualify=yes
username=*****
secret=****
disallow=all
allow=ulaw
allow=alaw
And this is the remote (groetstraat) iax.conf:
[general]
autokill=yes
externip=8x.x.x.x
jitterbuffer=no
forcejitterbuffer=no
tos=ef
register => ******:*****@zuiderven-ip
[zuiderven]
type=friend
context=zuiderven-in
host=dynamic
trunk=no
qualify=yes
secret=*******
deny=0.0.0.0/0.0.0.0
permit=8x.x.x.x/255.255.255.255
disallow=all
allow=ulaw
allow=alaw
allow=gsm
zuiderven:
asterisk*CLI> iax2 show peers
Name/Username Host Mask Port
Status
ordina-pc/***** (Unspecified) (D) 255.255.255.255 0
UNKNOWN
iaxfwd/8***** (Unspecified) (S) 255.255.255.255 4569
UNKNOWN
groetstraat **.**.**.** (D) 255.255.255.255 4569 OK
(26 ms)
3 iax2 peers [1 online, 2 offline, 0 unmonitored]
Call from groetstraat results in:
[Feb 9 08:51:07] NOTICE[11030]: chan_iax2.c:7761 socket_process: Host
**.**.**.** failed to authenticate as ordina-pc
This is not the peer it should authenticate as.
Debugging iax2, I get the impression that the receiving server tells the
remote asterisk to authenticate against this wrong name. Ofcourse it
does not know how to, and the call fails.
In the packet from te receiving asterisk server I see:
Rx-Frame Retry[ No] -- OSeqno: 000 ISeqno: 000 Type: IAX Subclass:
NEW
Timestamp: 00016ms SCall: 00002 DCall: 00000 [groetstraat-ip:4569]
VERSION : 2
CALLED NUMBER : 3815
CODEC_PREFS : (ulaw|alaw)
CALLING NUMBER : 087875****
CALLING PRESNTN : 0
CALLING TYPEOFN : 0
CALLING TRANSIT : 0
CALLING NAME : asterisk
LANGUAGE : nl
FORMAT : 4
CAPABILITY : 57356
ADSICPE : 2
DATE TIME : 2008-02-09 09:34:18
Tx-Frame Retry[000] -- OSeqno: 000 ISeqno: 001 Type: IAX Subclass:
AUTHREQ
Timestamp: 00007ms SCall: 00001 DCall: 00002 [groetstraat-ip:4569]
AUTHMETHODS : 3
CHALLENGE : 208379767
USERNAME : ordina-pc
asterisk*CLI>
Rx-Frame Retry[ No] -- OSeqno: 001 ISeqno: 001 Type: IAX Subclass:
AUTHREP
Timestamp: 00039ms SCall: 00002 DCall: 00001 [groetstraat-ip:4569]
MD5 RESULT : 57ac54c7782a8db29baff75086a07dfb
[Feb 9 09:36:44] NOTICE[11030]: chan_iax2.c:7761 socket_process: Host
groetstraat-ip failed to authenticate as ordina-pc
Tx-Frame Retry[-01] -- OSeqno: 001 ISeqno: 002 Type: IAX Subclass:
ACK
Timestamp: 00039ms SCall: 00001 DCall: 00002 [groetstraat-ip:4569]
Tx-Frame Retry[000] -- OSeqno: 001 ISeqno: 002 Type: IAX Subclass:
REJECT
Timestamp: 00024ms SCall: 00001 DCall: 00002 [groetstraat-ip:4569]
CAUSE : No authority found
CAUSE CODE : 50
asterisk*CLI>
Rx-Frame Retry[ No] -- OSeqno: 002 ISeqno: 002 Type: IAX Subclass:
ACK
Timestamp: 00024ms SCall: 00002 DCall: 00001 [groetstraat-ip:4569]
Rx-Frame Retry[ No] -- OSeqno: 000 ISeqno: 000 Type: IAX Subclass:
REGREQ
Timestamp: 00014ms SCall: 00003 DCall: 00000 [groetstraat-ip:4569]
USERNAME : groetstraat
REFRESH : 60
Tx-Frame Retry[000] -- OSeqno: 000 ISeqno: 001 Type: IAX Subclass:
REGACK
Timestamp: 00018ms SCall: 00007 DCall: 00003 [groetstraat-ip:4569]
USERNAME : groetstraat
DATE TIME : 2008-02-09 09:36:46
REFRESH : 60
APPARENT ADDRES : IPV4 groetstraat-ip:4569
Rx-Frame Retry[ No] -- OSeqno: 001 ISeqno: 001 Type: IAX Subclass:
ACK
Timestamp: 00018ms SCall: 00003 DCall: 00007 [groetstraat-ip:4569]
Tx-Frame Retry[000] -- OSeqno: 000 ISeqno: 000 Type: IAX Subclass:
REGREQ
Timestamp: 00015ms SCall: 00009 DCall: 00000 [groetstraat-ip:4569]
USERNAME : zuiderven
REFRESH : 60
Rx-Frame Retry[ No] -- OSeqno: 000 ISeqno: 001 Type: IAX Subclass:
REGACK
Timestamp: 00007ms SCall: 00006 DCall: 00009 [groetstraat-ip:4569]
USERNAME : zuiderven
DATE TIME : 2008-02-09 09:34:26
REFRESH : 60
APPARENT ADDRES : IPV4 zuiderven-ip:4569
Tx-Frame Retry[-01] -- OSeqno: 001 ISeqno: 001 Type: IAX Subclass:
ACK
Timestamp: 00007ms SCall: 00009 DCall: 00006 [groetstraat-ip:4569]
Rx-Frame Retry[ No] -- OSeqno: 000 ISeqno: 000 Type: IAX Subclass:
POKE
Timestamp: 00012ms SCall: 00008 DCall: 00000 [groetstraat-ip:4569]
Tx-Frame Retry[000] -- OSeqno: 000 ISeqno: 001 Type: IAX Subclass:
PONG
Timestamp: 00012ms SCall: 00010 DCall: 00008 [groetstraat-ip:4569]
Rx-Frame Retry[ No] -- OSeqno: 001 ISeqno: 001 Type: IAX Subclass:
ACK
Timestamp: 00012ms SCall: 00008 DCall: 00010 [groetstraat-ip:4569]
More information about the asterisk-users
mailing list