LInux
2008-Feb-18 07:36 UTC
[asterisk-users] IAX2 client asked to authenticate against wrong peer (username)
Problem: When I have more than one IAX2 connection (on server zuiderven), I have problems in receiving calls from IAX peers except for the first in the list as seen by the iax2 show peers command. In my tests it showed that by removing one by one the entries from the iax.conf file in the order as they were showed. It tried to authenticate to the next. Eventually after removing all but the "groetstraat" it finally worked for this peer. While tracing the information with iax2 set debug, I had the impression that the receiving asterisk server told the one that tried to set up the call in the AUTHREQ package which username to use to authenticate in the challenge. This server ofcourse does not know how to do that on the wrong username. Below is configuration information as well as a little iax2 debug information. My question is, what is missing in the iax2 configuration that this is happening. This problem started when I added the groetstraat configuration. TIA, Hans Feringa zuiderven asterisk = 1.4.18 (compiled from source) groetstraat asterisk = 1.4.10 (ubuntu repository) This is the local (zuiderven) iax.conf: register => ******:******@**.**.**.** register => 8*****:******@iax2.fwdnet.net register => 8*****:******@iax2.fwdnet.net [groetstraat] type=friend context=groetstraat-in host=dynamic trunk=no qualify=yes secret=******** disallow=all allow=ulaw allow=alaw [iaxfwd] type=user context=iaxfwd auth=rsa inkeys=freeworlddialup disallow=all allow=ulaw allow=alaw allow=gsm allow=ilbc allow=g726 [iaxfwd] type=peer host=iax2.fwd.net username=***** secret=******* qualify=yes disallow=all allow=ulaw allow=alaw allow=gsm allow=ilbc allow=g726 [ordina-pc] type=friend context=home host=dynamic nat=yes qualify=yes username=***** secret=**** disallow=all allow=ulaw allow=alaw And this is the remote (groetstraat) iax.conf: [general] autokill=yes externip=8x.x.x.x jitterbuffer=no forcejitterbuffer=no tos=ef register => ******:*****@zuiderven-ip [zuiderven] type=friend context=zuiderven-in host=dynamic trunk=no qualify=yes secret=******* deny=0.0.0.0/0.0.0.0 permit=8x.x.x.x/255.255.255.255 disallow=all allow=ulaw allow=alaw allow=gsm zuiderven: asterisk*CLI> iax2 show peers Name/Username Host Mask Port Status ordina-pc/***** (Unspecified) (D) 255.255.255.255 0 UNKNOWN iaxfwd/8***** (Unspecified) (S) 255.255.255.255 4569 UNKNOWN groetstraat **.**.**.** (D) 255.255.255.255 4569 OK (26 ms) 3 iax2 peers [1 online, 2 offline, 0 unmonitored] Call from groetstraat results in: [Feb 9 08:51:07] NOTICE[11030]: chan_iax2.c:7761 socket_process: Host **.**.**.** failed to authenticate as ordina-pc This is not the peer it should authenticate as. Debugging iax2, I get the impression that the receiving server tells the remote asterisk to authenticate against this wrong name. Ofcourse it does not know how to, and the call fails. In the packet from te receiving asterisk server I see: Rx-Frame Retry[ No] -- OSeqno: 000 ISeqno: 000 Type: IAX Subclass: NEW Timestamp: 00016ms SCall: 00002 DCall: 00000 [groetstraat-ip:4569] VERSION : 2 CALLED NUMBER : 3815 CODEC_PREFS : (ulaw|alaw) CALLING NUMBER : 087875**** CALLING PRESNTN : 0 CALLING TYPEOFN : 0 CALLING TRANSIT : 0 CALLING NAME : asterisk LANGUAGE : nl FORMAT : 4 CAPABILITY : 57356 ADSICPE : 2 DATE TIME : 2008-02-09 09:34:18 Tx-Frame Retry[000] -- OSeqno: 000 ISeqno: 001 Type: IAX Subclass: AUTHREQ Timestamp: 00007ms SCall: 00001 DCall: 00002 [groetstraat-ip:4569] AUTHMETHODS : 3 CHALLENGE : 208379767 USERNAME : ordina-pc asterisk*CLI> Rx-Frame Retry[ No] -- OSeqno: 001 ISeqno: 001 Type: IAX Subclass: AUTHREP Timestamp: 00039ms SCall: 00002 DCall: 00001 [groetstraat-ip:4569] MD5 RESULT : 57ac54c7782a8db29baff75086a07dfb [Feb 9 09:36:44] NOTICE[11030]: chan_iax2.c:7761 socket_process: Host groetstraat-ip failed to authenticate as ordina-pc Tx-Frame Retry[-01] -- OSeqno: 001 ISeqno: 002 Type: IAX Subclass: ACK Timestamp: 00039ms SCall: 00001 DCall: 00002 [groetstraat-ip:4569] Tx-Frame Retry[000] -- OSeqno: 001 ISeqno: 002 Type: IAX Subclass: REJECT Timestamp: 00024ms SCall: 00001 DCall: 00002 [groetstraat-ip:4569] CAUSE : No authority found CAUSE CODE : 50 asterisk*CLI> Rx-Frame Retry[ No] -- OSeqno: 002 ISeqno: 002 Type: IAX Subclass: ACK Timestamp: 00024ms SCall: 00002 DCall: 00001 [groetstraat-ip:4569] Rx-Frame Retry[ No] -- OSeqno: 000 ISeqno: 000 Type: IAX Subclass: REGREQ Timestamp: 00014ms SCall: 00003 DCall: 00000 [groetstraat-ip:4569] USERNAME : groetstraat REFRESH : 60 Tx-Frame Retry[000] -- OSeqno: 000 ISeqno: 001 Type: IAX Subclass: REGACK Timestamp: 00018ms SCall: 00007 DCall: 00003 [groetstraat-ip:4569] USERNAME : groetstraat DATE TIME : 2008-02-09 09:36:46 REFRESH : 60 APPARENT ADDRES : IPV4 groetstraat-ip:4569 Rx-Frame Retry[ No] -- OSeqno: 001 ISeqno: 001 Type: IAX Subclass: ACK Timestamp: 00018ms SCall: 00003 DCall: 00007 [groetstraat-ip:4569] Tx-Frame Retry[000] -- OSeqno: 000 ISeqno: 000 Type: IAX Subclass: REGREQ Timestamp: 00015ms SCall: 00009 DCall: 00000 [groetstraat-ip:4569] USERNAME : zuiderven REFRESH : 60 Rx-Frame Retry[ No] -- OSeqno: 000 ISeqno: 001 Type: IAX Subclass: REGACK Timestamp: 00007ms SCall: 00006 DCall: 00009 [groetstraat-ip:4569] USERNAME : zuiderven DATE TIME : 2008-02-09 09:34:26 REFRESH : 60 APPARENT ADDRES : IPV4 zuiderven-ip:4569 Tx-Frame Retry[-01] -- OSeqno: 001 ISeqno: 001 Type: IAX Subclass: ACK Timestamp: 00007ms SCall: 00009 DCall: 00006 [groetstraat-ip:4569] Rx-Frame Retry[ No] -- OSeqno: 000 ISeqno: 000 Type: IAX Subclass: POKE Timestamp: 00012ms SCall: 00008 DCall: 00000 [groetstraat-ip:4569] Tx-Frame Retry[000] -- OSeqno: 000 ISeqno: 001 Type: IAX Subclass: PONG Timestamp: 00012ms SCall: 00010 DCall: 00008 [groetstraat-ip:4569] Rx-Frame Retry[ No] -- OSeqno: 001 ISeqno: 001 Type: IAX Subclass: ACK Timestamp: 00012ms SCall: 00008 DCall: 00010 [groetstraat-ip:4569]