Hadar Pedhazur
2004-Mar-18 07:03 UTC
[Asterisk-Users] Phantom problem authenticating with RSA?
I have three * servers that are inter-connected, registering with each
other. Up until yesterday I was authenticating all three with MD5, and
all was working fine.
Yesterday I switched to RSA, and everything is working as well. I can
see "AUTHENTICATED" messages on the console if one of the servers is
restarted and reconnects, etc.
Everything is working fine with calls being passed between them as
well (which is why I labeled the subject "Phantom problem"). However,
whenever a call is initiated between the servers I see the following
"NOTICE" message:
-- Called local@remote1/2001
-- Called local@remote2/2001
Mar 18 07:46:19 NOTICE[1150528304]: chan_iax2.c:3507 authenticate: No
way to send secret to peer 'XX.XX.XX.XX' (their methods: 4)
Mar 18 07:46:19 NOTICE[1150528304]: chan_iax2.c:3507 authenticate: No
way to send secret to peer 'YY.YY.YY.YY' (their methods: 4)
-- SIP/sipura-4b82 is ringing
-- Call accepted by XX.XX.XX.XX (format ULAW)
-- Format for call is ULAW
-- IAX2[remote1]/3 stopped sounds
-- Call accepted by YY.YY.YY.YY (format ULAW)
Method "4" is RSA, which is what I have in all of the iax.conf files
(below). The call shown above was successfully answered by a sipura
device connected to remote2, so I am not having an authentication
problem which is causing a problem at the user experience level, but
this seems like something is still mis-configured on my part.
Here are the iax.conf entires:
on the "local" machine:
[remote2]
context=remote2-in
type=friend
host=remote2.com ; not the real name...
auth=rsa
inkeys=remote2
outkey=local
[remote1]
context=remote1-in
type=friend
host=remote1.com ; not the real name...
auth=rsa
inkeys=remote1
outkey=local
on the "remote1" machine:
[remote2]
context=remote2-in
type=friend
host=remote2.com
auth=rsa
inkeys=remote2
outkey=remote1
[local]
context=local-in
type=friend
host=local.com
auth=rsa
inkeys=local
outkey=remote1
on the "remote2" machine:
[local]
context=from-local
type=friend
auth=rsa
inkeys=local
outkey=remote2
host=dynamic
callgroup=1
pickupgroup=1
qualify=50000
[remote1]
context=from-local
type=friend
auth=rsa
inkeys=remote1
outkey=remote2
host=dynamic
callgroup=1
pickupgroup=1
qualify=50000
Finally, since both local and remote1 are technically behind NAT
firewalls, and remote2 is on a public IP address, I have register
statements in both local and remote1 iax.conf files, and that's why
the entries in remote2 have "host=dynamic" for those machines. I think
that the "qualify=50000" statements are ignored in the iax.conf file,
and I will remove them, but since they're in there now, I wanted to
show the complete entries. Here are the register statements:
on "remote1":
register => remote1:[remote1]@remote2.com
on "local":
register => local:[local]@remote2.com
Any help would be appreciated. Thanks in advance.