Kai-Uwe Jensen
2007-Mar-23 12:13 UTC
[asterisk-users] IAX2 certificate based (RSA) user auth in 1.4.x
I have a working 1.2.17 installation, where calls are successfully passed from a "slave server" to a "master server" via IAX2. Authentication between the slave and master server is set up with RSA certificates (inkeys and outkey, auth=rsa). When invoking the dialplan (Dial(IAX2/master/${EXTEN:1},30)), everything "just works". The master will accept an authenticated call from slave. Migrating the master to 1.4.2 (and 1.4.1) will break things. The call does not get accepted by the master anymore, however, it also does not get rejected outright. Instead it will time out, with repeated AUTHREQ requests made from the master to the slave. Replacing the 1.2.17 slave with a 1.4.x slave (and using the exact same config) will have the call succeed against a 1.2.x master. This appears to be an issue of not being able to match the user (slave) of an incoming call request on the master to a valid "friend" definition in iax.conf in 1.4.x. Can anyone confirm that RSA certificate-based authentication has been observed working in 1.4.x? If so, is there a secret to make it work? I have not found anything documented I deemed relevant in this context, but I may have overlooked things. Thanks! -- "I am Dyslexic of Borg. Fusistance is retile. Your ass will be laminated!"