hello,
I have a test setup with 2 asterisk servers, each having a one snom 100
via sip using it. I`m experimenting on how trunking between them would
work. I have them setup for RSA authentication which I plan to use in
the future.
So I`ve setup the keys and servers seem authenticate to each other. One
is named phila and other hurricane.
Here is what I see on phila:
-- Registered 'hurricane' (AUTHENTICATED) at 172.20.0.170:4569
-- Registered 'hurricane' (AUTHENTICATED) at 172.20.0.170:5036
and analogous msgs on hurricane:
-- Registered 'phila' (AUTHENTICATED) at 172.22.0.50:4569
-- Registered 'phila' (AUTHENTICATED) at 172.22.0.50:5036
but when I try to call the extension( in this case from hurricane call to
extension 200 located on phila) on other asterisk server I get an error like:
-- Calling TBD using options
'exten=TBD;context=default;username=hurricane;formats=65535;capability=65535;version=1'
WARNING[6151]: File chan_iax.c, Line 4920 (find_cache): Timeout waiting for
hurricane:[hurricane]@172.22.0.50/default exten 200
WARNING[4101]: File chan_iax.c, Line 4920 (find_cache): Timeout waiting for
hurricane:[hurricane]@172.22.0.50/default exten TBD
NOTICE[4101]: File chan_iax.c, Line 2822 (authenticate): No way to send secret
to peer '172.22.0.50' (their methods: rsa)
WARNING[4101]: File chan_iax.c, Line 3838 (socket_read): I don't know how to
authenticate methods=rsa;challenge=881028315;username=hurricane to 172.22.0.50
and 404 error on the sip phone.
here are my extension.conf and iax.conf for both servers.
for hurricane:
-------------------------------
extensions.conf
-------------------------------
;
[general]
;
;
; XXX Not yet implemented XXX
;
static=yes
;
; if static=yes and writeprotect=no, you can save dialplan by
; CLI command 'save dialplan' too
;
writeprotect=no
;
; The "Globals" category contains global variables that can be
referenced
; in the dialplan with ${VARIABLE} or ${ENV(VARIABLE)} for Environmental
variable
; ${${VARIABLE}} or ${text${VARIABLE}} or any hybrid
;
[globals]
;TRUNK=IAX2/user:pass@provider
;
;
[macro-stdexten];
;
; Standard extension macro:
; ${ARG1} - Extension (we could have used ${MACRO_EXTEN} here as well
; ${ARG2} - Device(s) to ring
;
exten => s,1,Dial(${ARG2},20,t) ; Ring the interface, 20 seconds maximum
exten => s,2,Voicemail2(u${ARG1}) ; If unavailable, send to voicemail w/
unavail announce
exten => s,3,Goto(default,s,1) ; If they press #, return to start
exten => s,102,Voicemail2(b${ARG1}) ; If busy, send to voicemail w/ busy
announce
exten => s,103,Goto(default,s,1) ; If they press #, return to start
[macro-stdexten2];
;
; Standard extension macro:
; ${ARG1} - Extension (we could have used ${MACRO_EXTEN} here as well
; ${ARG2} - Device(s) to ring
;
exten => s,1,Dial(${ARG1},20,t) ; Ring the interface, 20 seconds maximum
exten => s,2,Voicemail2(u${MACRO_EXTEN}) ; If unavailable, send to voicemail
w/ unavail announce
exten => s,3,Goto(default,s,1) ; If they press #, return to start
exten => s,102,Voicemail2(b${MACRO_EXTEN}) ; If busy, send to voicemail w/
busy announce
exten => s,103,Goto(default,s,1) ; If they press #, return to start
[default]
; switch => IAX2/hurricane:[hurricane]@172.22.0.50/default
switch => IAX/hurricane:[hurricane]@172.22.0.50/default
exten => 100,1,Macro(stdexten,100,SIP/100)
; exten => 200,1,Macro(stdexten,200,SIP/200)
exten => 2382031,1,Macro(stdexten,100,SIP/100)
;exten => 2382031,1,Congestion
;
; Give voicemail at extension 8500
;
exten => 8500,1,VoicemailMain2
exten => 8500,2,Hangup
-------------------------------
-------------------------------
iax.conf
-------------------------------
;
; Inter-Asterisk eXchange driver definition
;
;
; General settings, like port number to bind to, and
; an option address (the default is to bind to all
; local addresses).
;
[general]
port=5036
;bindaddr=192.168.0.1
;
;
;amaflags=default
;
; You may specify a default account for Call Detail Records in addition
; to specifying on a per-user basis
;
;accountcode=lss0101
;
; Specify bandwidth of low, medium, or high to control which codecs are used
; in general.
;
bandwidth=low
;
; You can also fine tune codecs here using "allow" and
"disallow" clauses
; with specific codecs. Use "all" to represent all formats.
;
;allow=all ; same as bandwidth=high
;disallow=g723.1 ; Hm... Proprietary, don't use it...
disallow=lpc10 ; Icky sound quality... Mr. Roboto.
;allow=gsm ; Always allow GSM, it's cool :)
;
;jitterbuffer=no
;dropcount=3
;maxjitterbuffer=500
;maxexccessbuffer=100
;
;trunkfreq=20 ; How frequently to send trunk msgs (in ms)
;
; Finally, you can set values for your TOS bits to help improve
; performance. Valid values are:
; lowdelay -- Minimize delay
; throughput -- Maximize throughput
; reliability -- Maximize reliability
; mincost -- Minimize cost
; none -- No flags
;
tos=lowdelay
;
;
; Peers may also be specified, with a secret and
; a remote hostname.
;
register => hurricane:[hurricane]@172.22.0.50
[phila]
type=friend
host=dynamic
;trunk=yes ; Use IAX2 trunking with this host
context=default
auth=rsa
inkeys=test
outkeys=hurricane
-------------------------------
for phila:
-------------------------------
externsions.conf
-------------------------------
;
[general]
;
static=yes
;
;
writeprotect=no
;
[globals]
;TRUNK=IAX2/user:pass@provider
[macro-stdexten];
;
; Standard extension macro:
; ${ARG1} - Extension (we could have used ${MACRO_EXTEN} here as well
; ${ARG2} - Device(s) to ring
;
exten => s,1,Dial(${ARG2},20,t) ; Ring the interface, 20 seconds maximum
exten => s,2,Voicemail2(u${ARG1}) ; If unavailable, send to voicemail w/
unavail announce
exten => s,3,Goto(default,s,1) ; If they press #, return to start
exten => s,102,Voicemail2(b${ARG1}) ; If busy, send to voicemail w/ busy
announce
exten => s,103,Goto(default,s,1) ; If they press #, return to start
[macro-stdexten2];
;
; Standard extension macro:
; ${ARG1} - Extension (we could have used ${MACRO_EXTEN} here as well
; ${ARG2} - Device(s) to ring
;
exten => s,1,Dial(${ARG1},20,t) ; Ring the interface, 20 seconds maximum
exten => s,2,Voicemail2(u${MACRO_EXTEN}) ; If unavailable, send to voicemail
w/ unavail announce
exten => s,3,Goto(default,s,1) ; If they press #, return to start
exten => s,102,Voicemail2(b${MACRO_EXTEN}) ; If busy, send to voicemail w/
busy announce
exten => s,103,Goto(default,s,1) ; If they press #, return to start
[default]
switch => IAX/phila:[test]@172.20.0.170/default
;exten => 100,1,Macro(stdexten,100,SIP/100)
exten => 200,1,Macro(stdexten,200,SIP/200)
;exten => 2382031,1,Macro(stdexten,100,SIP/100)
;exten => 2382031,1,Congestion
;
; Give voicemail at extension 8500
;
exten => 8500,1,VoicemailMain2
exten => 8500,2,Hangup
-------------------------------
-------------------------------
iax.conf
-------------------------------
;
; Inter-Asterisk eXchange driver definition
;
;
; General settings, like port number to bind to, and
; an option address (the default is to bind to all
; local addresses).
;
[general]
port=5036
;bindaddr=192.168.0.1
; Specify bandwidth of low, medium, or high to control which codecs are used
; in general.
;
bandwidth=low
;
; You can also fine tune codecs here using "allow" and
"disallow" clauses
; with specific codecs. Use "all" to represent all formats.
;
;allow=all ; same as bandwidth=high
;disallow=g723.1 ; Hm... Proprietary, don't use it...
disallow=lpc10 ; Icky sound quality... Mr. Roboto.
;allow=gsm ; Always allow GSM, it's cool :)
;
trunkfreq=20 ; How frequently to send trunk msgs (in ms)
;
tos=lowdelay
register => phila:[test]@172.20.0.170
;
;
[hurricane]
type=friend
host=dynamic
trunk=yes ; Use IAX2 trunking with this host
context=default
auth=rsa
inkeys=hurricane
outkeys=test
;
-------------------------------
--
Anton Yurchenko<phila@dg.net.ua>
Digital Generation
as a follow up: when I make a call to the extension on the other box designated as switch, I see packets going to to iax port on the switch box but I dont see any relies from it. -- Anton Yurchenko<phila@dg.net.ua> Digital Generation
Looks as though there may be a problem with RSA key authentication and switch for some reason... Does it behave different with either no authentication, or password authentication? Mark On Thu, 3 Jul 2003, Anton Yurchenko wrote:> hello, > > I have a test setup with 2 asterisk servers, each having a one snom 100 > via sip using it. I`m experimenting on how trunking between them would > work. I have them setup for RSA authentication which I plan to use in > the future. > So I`ve setup the keys and servers seem authenticate to each other. One > is named phila and other hurricane. > Here is what I see on phila: > > -- Registered 'hurricane' (AUTHENTICATED) at 172.20.0.170:4569 > -- Registered 'hurricane' (AUTHENTICATED) at 172.20.0.170:5036 > > > and analogous msgs on hurricane: > > -- Registered 'phila' (AUTHENTICATED) at 172.22.0.50:4569 > -- Registered 'phila' (AUTHENTICATED) at 172.22.0.50:5036 > > > but when I try to call the extension( in this case from hurricane call to extension 200 located on phila) on other asterisk server I get an error like: > > -- Calling TBD using options 'exten=TBD;context=default;username=hurricane;formats=65535;capability=65535;version=1' > WARNING[6151]: File chan_iax.c, Line 4920 (find_cache): Timeout waiting for hurricane:[hurricane]@172.22.0.50/default exten 200 > WARNING[4101]: File chan_iax.c, Line 4920 (find_cache): Timeout waiting for hurricane:[hurricane]@172.22.0.50/default exten TBD > NOTICE[4101]: File chan_iax.c, Line 2822 (authenticate): No way to send secret to peer '172.22.0.50' (their methods: rsa) > WARNING[4101]: File chan_iax.c, Line 3838 (socket_read): I don't know how to authenticate methods=rsa;challenge=881028315;username=hurricane to 172.22.0.50 > > and 404 error on the sip phone. > > here are my extension.conf and iax.conf for both servers. > for hurricane: > > ------------------------------- > extensions.conf > ------------------------------- > ; > [general] > ; > ; > ; XXX Not yet implemented XXX > ; > static=yes > ; > ; if static=yes and writeprotect=no, you can save dialplan by > ; CLI command 'save dialplan' too > ; > writeprotect=no > > ; > ; The "Globals" category contains global variables that can be referenced > ; in the dialplan with ${VARIABLE} or ${ENV(VARIABLE)} for Environmental variable > ; ${${VARIABLE}} or ${text${VARIABLE}} or any hybrid > ; > [globals] > ;TRUNK=IAX2/user:pass@provider > > ; > ; > [macro-stdexten]; > ; > ; Standard extension macro: > ; ${ARG1} - Extension (we could have used ${MACRO_EXTEN} here as well > ; ${ARG2} - Device(s) to ring > ; > exten => s,1,Dial(${ARG2},20,t) ; Ring the interface, 20 seconds maximum > exten => s,2,Voicemail2(u${ARG1}) ; If unavailable, send to voicemail w/ unavail announce > exten => s,3,Goto(default,s,1) ; If they press #, return to start > exten => s,102,Voicemail2(b${ARG1}) ; If busy, send to voicemail w/ busy announce > exten => s,103,Goto(default,s,1) ; If they press #, return to start > > [macro-stdexten2]; > ; > ; Standard extension macro: > ; ${ARG1} - Extension (we could have used ${MACRO_EXTEN} here as well > ; ${ARG2} - Device(s) to ring > ; > exten => s,1,Dial(${ARG1},20,t) ; Ring the interface, 20 seconds maximum > exten => s,2,Voicemail2(u${MACRO_EXTEN}) ; If unavailable, send to voicemail w/ unavail announce > exten => s,3,Goto(default,s,1) ; If they press #, return to start > exten => s,102,Voicemail2(b${MACRO_EXTEN}) ; If busy, send to voicemail w/ busy announce > exten => s,103,Goto(default,s,1) ; If they press #, return to start > > [default] > > > ; switch => IAX2/hurricane:[hurricane]@172.22.0.50/default > switch => IAX/hurricane:[hurricane]@172.22.0.50/default > > exten => 100,1,Macro(stdexten,100,SIP/100) > ; exten => 200,1,Macro(stdexten,200,SIP/200) > > exten => 2382031,1,Macro(stdexten,100,SIP/100) > ;exten => 2382031,1,Congestion > > ; > ; Give voicemail at extension 8500 > ; > exten => 8500,1,VoicemailMain2 > exten => 8500,2,Hangup > > ------------------------------- > > > > ------------------------------- > iax.conf > ------------------------------- > ; > ; Inter-Asterisk eXchange driver definition > ; > ; > ; General settings, like port number to bind to, and > ; an option address (the default is to bind to all > ; local addresses). > ; > [general] > port=5036 > ;bindaddr=192.168.0.1 > ; > ; > ;amaflags=default > ; > ; You may specify a default account for Call Detail Records in addition > ; to specifying on a per-user basis > ; > ;accountcode=lss0101 > ; > ; Specify bandwidth of low, medium, or high to control which codecs are used > ; in general. > ; > bandwidth=low > ; > ; You can also fine tune codecs here using "allow" and "disallow" clauses > ; with specific codecs. Use "all" to represent all formats. > ; > ;allow=all ; same as bandwidth=high > ;disallow=g723.1 ; Hm... Proprietary, don't use it... > disallow=lpc10 ; Icky sound quality... Mr. Roboto. > ;allow=gsm ; Always allow GSM, it's cool :) > ; > ;jitterbuffer=no > ;dropcount=3 > ;maxjitterbuffer=500 > ;maxexccessbuffer=100 > ; > ;trunkfreq=20 ; How frequently to send trunk msgs (in ms) > ; > ; Finally, you can set values for your TOS bits to help improve > ; performance. Valid values are: > ; lowdelay -- Minimize delay > ; throughput -- Maximize throughput > ; reliability -- Maximize reliability > ; mincost -- Minimize cost > ; none -- No flags > ; > tos=lowdelay > > > ; > ; > ; Peers may also be specified, with a secret and > ; a remote hostname. > ; > > register => hurricane:[hurricane]@172.22.0.50 > > [phila] > type=friend > host=dynamic > ;trunk=yes ; Use IAX2 trunking with this host > context=default > auth=rsa > inkeys=test > outkeys=hurricane > > > ------------------------------- > > > > for phila: > > > ------------------------------- > externsions.conf > ------------------------------- > ; > [general] > ; > static=yes > ; > ; > writeprotect=no > > ; > [globals] > ;TRUNK=IAX2/user:pass@provider > > [macro-stdexten]; > ; > ; Standard extension macro: > ; ${ARG1} - Extension (we could have used ${MACRO_EXTEN} here as well > ; ${ARG2} - Device(s) to ring > ; > exten => s,1,Dial(${ARG2},20,t) ; Ring the interface, 20 seconds maximum > exten => s,2,Voicemail2(u${ARG1}) ; If unavailable, send to voicemail w/ unavail announce > exten => s,3,Goto(default,s,1) ; If they press #, return to start > exten => s,102,Voicemail2(b${ARG1}) ; If busy, send to voicemail w/ busy announce > exten => s,103,Goto(default,s,1) ; If they press #, return to start > > [macro-stdexten2]; > ; > ; Standard extension macro: > ; ${ARG1} - Extension (we could have used ${MACRO_EXTEN} here as well > ; ${ARG2} - Device(s) to ring > ; > exten => s,1,Dial(${ARG1},20,t) ; Ring the interface, 20 seconds maximum > exten => s,2,Voicemail2(u${MACRO_EXTEN}) ; If unavailable, send to voicemail w/ unavail announce > exten => s,3,Goto(default,s,1) ; If they press #, return to start > exten => s,102,Voicemail2(b${MACRO_EXTEN}) ; If busy, send to voicemail w/ busy announce > exten => s,103,Goto(default,s,1) ; If they press #, return to start > > [default] > > > switch => IAX/phila:[test]@172.20.0.170/default > > ;exten => 100,1,Macro(stdexten,100,SIP/100) > exten => 200,1,Macro(stdexten,200,SIP/200) > > ;exten => 2382031,1,Macro(stdexten,100,SIP/100) > ;exten => 2382031,1,Congestion > > ; > ; Give voicemail at extension 8500 > ; > exten => 8500,1,VoicemailMain2 > exten => 8500,2,Hangup > > ------------------------------- > > > ------------------------------- > iax.conf > ------------------------------- > ; > ; Inter-Asterisk eXchange driver definition > ; > ; > ; General settings, like port number to bind to, and > ; an option address (the default is to bind to all > ; local addresses). > ; > [general] > port=5036 > ;bindaddr=192.168.0.1 > ; Specify bandwidth of low, medium, or high to control which codecs are used > ; in general. > ; > bandwidth=low > ; > ; You can also fine tune codecs here using "allow" and "disallow" clauses > ; with specific codecs. Use "all" to represent all formats. > ; > ;allow=all ; same as bandwidth=high > ;disallow=g723.1 ; Hm... Proprietary, don't use it... > disallow=lpc10 ; Icky sound quality... Mr. Roboto. > ;allow=gsm ; Always allow GSM, it's cool :) > ; > trunkfreq=20 ; How frequently to send trunk msgs (in ms) > ; > tos=lowdelay > > register => phila:[test]@172.20.0.170 > ; > ; > [hurricane] > type=friend > host=dynamic > trunk=yes ; Use IAX2 trunking with this host > context=default > auth=rsa > inkeys=hurricane > outkeys=test > ; > > ------------------------------- > > > > > > > -- > > Anton Yurchenko<phila@dg.net.ua> > Digital Generation > > > _______________________________________________ > Asterisk-Users mailing list > Asterisk-Users@lists.digium.com > http://lists.digium.com/mailman/listinfo/asterisk-users >
Anton Yurchenko
2003-Jul-04 00:39 UTC
[Asterisk-Users] Using switch => SOLVED !!!!!! ( probably)
Anton Yurchenko wrote: Anyway for this to work, I mean rsa authentication: on the host that is defined as switch you have to have this lines [username] auth=rsa,md5,plaintext secret=[key] ; note the brackets they are important and on the other host you have to have this in your extensions.conf switch => username:[key]@iaxrsapeer ; again note the brackets What I was missing was that secret=[key] statament on the recieving side, and that auth has to be not only rsa. I do not know why is it this way but at leat looking at the packet dump with ethereal it was saying in packets sent to the host defined in the switch => " rsasecret= <secret string>". So I guess it works. Anybody can confirm that this is the right way to configure this, and this is the way to go?> Anton Yurchenko wrote: > >> Mark Spencer wrote: >> >>> Looks as though there may be a problem with RSA key authentication and >>> switch for some reason... Does it behave different with either no >>> authentication, or password authentication? >>> >>> Mark >> >> > OK I seem to not have problems using switch => with other then rsa > authentication, and I seem to not have problems with rsa > authentication in general, the register => in iax.conf works, and if I > forward the calls via extension => statament, the also get through > fine and * says that the call is AUTHENTICATED. > But the switch => plus rsa auth , do not want to play together, I have > simptoms as I described above. > I`m running ( now ) the todays version of CVS. Todays that is as of > 10:00 AM GMT + 3 Jul 04 2003. > >-- Anton Yurchenko<phila@dg.net.ua> Digital Generation