Help, I'm stuck. Lost in the woods. I have one Asterisk running on FreeBSD outside on the Wild Internet. One on the safe inside, behind a NAT firewall. The inside server registers with IAX to the outer one and can place calls. The outside one can't register to the one on the inside, since it can't be reached on the private network. Now to my problem: * How do I dial from outside to the inside over the existing IAX connection? When I dial from the outside to the inside by using the registred loginname like exten => 1234,1,Dial(IAX/loginname/12345) The outside server seems to dial the one on the inside, but I see nothing on the inside. The log on the outside mysteriously enough claims it can't authenticate to the inside server - but how do I authenticate, all authentication in IAX is based on hostname or IP numbers... And even more mysteriously, the message in the logfile says Oct 23 19:26:21 WARNING[137286656]: File chan_iax.c, Line 3838 (socket_read): I don't know how to authenticate methods=rsa;challenge=135582743;username=iaxtel to <nat ip #> I can't find out where the username=iaxtel and methods=rsa come from, have no such configuration for this session. The NAT IP # is the outside address of my firewall. It is probably something basic that I've misunderstood. Please tell me! /Olle
Olle E. Johansson wrote:> Help, I'm stuck. Lost in the woods. > > I have one Asterisk running on FreeBSD outside on the Wild Internet. > One on the safe inside, behind a NAT firewall. > > The inside server registers with IAX to the outer one and can place > calls. > The outside one can't register to the one on the inside, since it > can't be reached > on the private network. > > Now to my problem: > * How do I dial from outside to the inside over the existing IAX > connection? > > When I dial from the outside to the inside by using the registred > loginname like > > exten => 1234,1,Dial(IAX/loginname/12345) > > The outside server seems to dial the one on the inside, but I see > nothing on the inside. > The log on the outside mysteriously enough claims it can't > authenticate to the inside > server - but how do I authenticate, all authentication in IAX is based > on hostname > or IP numbers... > And even more mysteriously, the message in the logfile says > > Oct 23 19:26:21 WARNING[137286656]: File chan_iax.c, Line 3838 > (socket_read): I don't know how to authenticate > methods=rsa;challenge=135582743;username=iaxtel to <nat ip #> > > I can't find out where the username=iaxtel and methods=rsa come from, > have no such configuration for this > session. The NAT IP # is the outside address of my firewall. > > It is probably something basic that I've misunderstood. Please tell me! > > /Olle >You don't really need the outside one to register with the inside one bacasue you can call it by the name its registering with.. But have to tell it where to connect to.. eg. exten => 1234,1,Dial(IAX/loginname:password@otherserver/12345) Where otherserver is the name you specified between the [] in the peer definition in you iax.conf.. Hope that helps.. Later..
> -----Original Message----- > From: WipeOut [mailto:wipe_out@onetel.com] > Sent: Thursday, October 23, 2003 2:12 PM > To: asterisk-users@lists.digium.com > Subject: Re: [Asterisk-Users] IAX peers and NAT > > > Olle E. Johansson wrote: > > > Help, I'm stuck. Lost in the woods. > > > > I have one Asterisk running on FreeBSD outside on the Wild Internet. > > One on the safe inside, behind a NAT firewall. > > > > The inside server registers with IAX to the outer one and can place > > calls. > > The outside one can't register to the one on the inside, since it > > can't be reached > > on the private network. > > > > Now to my problem: > > * How do I dial from outside to the inside over the existing IAX > > connection? > > > > When I dial from the outside to the inside by using the registred > > loginname like > > > > exten => 1234,1,Dial(IAX/loginname/12345) > > > > The outside server seems to dial the one on the inside, but I see > > nothing on the inside. > > The log on the outside mysteriously enough claims it can't > > authenticate to the inside > > server - but how do I authenticate, all authentication in > IAX is based > > on hostname > > or IP numbers... > > And even more mysteriously, the message in the logfile says > > > > Oct 23 19:26:21 WARNING[137286656]: File chan_iax.c, Line 3838 > > (socket_read): I don't know how to authenticate > > methods=rsa;challenge=135582743;username=iaxtel to <nat ip #> > > > > I can't find out where the username=iaxtel and methods=rsa > come from, > > have no such configuration for this > > session. The NAT IP # is the outside address of my firewall. > > > > It is probably something basic that I've misunderstood. > Please tell me! > > > > /Olle > > > You don't really need the outside one to register with the inside one > bacasue you can call it by the name its registering with.. > > But have to tell it where to connect to.. > eg. exten => 1234,1,Dial(IAX/loginname:password@otherserver/12345) > > Where otherserver is the name you specified between the [] in > the peer > definition in you iax.conf.. > > Hope that helps.. > > Later.. >You'll also need to forward the IAX (udp 5036, or udp 4569 if you want to use IAX2) ports on the outside IP of your firewall to the IP address of your inside box. I do this with a Cisco PIX (static + acl), but I know that iptables and pf can also do this. Most firewalls can. Without this, packets from the outside can't make it to the inside box. Randy Johnson -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20031023/b726f06a/attachment.htm