Summary:ASTERISK-04320: Realtime+IAX and RSA auth
Reporter:alexb (alexb)Labels:
Date Opened:2005-06-02 05:30:29Date Closed:2008-01-15 15:37:01.000-0600
Versions:Frequency of
Environment:Attachments:( 0) rtcachefriends_no.txt
( 1) rtcachefriends_yes.txt
Description:I had a working static configuration using auth=rsa.
Creating inkeys and outkey fields doesnt's allow rsa authentication in Realtime:

WARNING[8348]: chan_iax2.c:6955 socket_read: I don't know how to authenticate asterisk1 to

(Sorry, I wrote a complete report and full-filled all form fields BUT the required one... and I loose everything!)
Comments:By: alexb (alexb) 2005-06-02 11:48:46

I think extra info are needed, so these are iax.conf files on:

- server A,

- server B,

To have Realtime replacing static files for IAX friends, I created the following table in the db (due to the lack of detailed info, I used more or less the same structure as for SIP buddies, which was suggested somewhere; however, only relevant fields are reported here):

CREATE TABLE `iax_buddies` (
 `id` int(11) NOT NULL auto_increment,
 `name` varchar(80) NOT NULL default '',
 `auth` char(3) default NULL,
 `context` varchar(80) default NULL,
 `peercontext` varchar(80) default NULL,
 `host` varchar(31) NOT NULL default '',
 `inkeys` varchar(80) default NULL,
 `outkey` varchar(80) default NULL,
 `type` varchar(6) NOT NULL default 'friend',
 `username` varchar(80) NOT NULL default '',
 `regseconds` int(11) NOT NULL default '0',
 `ipaddr` varchar(15) NOT NULL default '',
 `regexten` varchar(80) NOT NULL default '',
 PRIMARY KEY (`id`),
 UNIQUE KEY `name` (`name`),
 KEY `name_2` (`name`)


- server A
INSERT INTO `iax_buddies` VALUES (1, 'asterisk2', rsa, 'iax2-in', 'iax2-in', '', 'asterisk2', 'asterisk1', 'friend', 'asterisk1', 0, '', '');

- server B
INSERT INTO `iax_buddies` VALUES (1, 'asterisk1', rsa, 'iax2-in', 'iax2-in', '', 'asterisk1', 'asterisk2', 'friend', 'asterisk2', 0, '', '');

Finally I edited extconfig.conf as follows:

iaxusers => mysql,asterisk,iax_buddies
iaxpeers => mysql,asterisk,iax_buddies

Please note that Realtime is working, since I already use it for SIP, extensions and voicemails. Only IAX seems to be affected.

By: Kevin P. Fleming (kpfleming) 2005-06-02 14:01:01

I don't see anything wrong in a quick review of the code, so we need more debugging help here.

If you have Realtime caching enabled for chan_iax2, then _after_ a call attempt has been made and failed, do 'iax2 show users' on the system receiving the call. You should see a user entry for the other system, and it should show the proper key name. If it does not, then it was not loaded from Realtime properly. If it does, then the authentication may be failing for some other reason, in which case an 'iax2 debug' trace would be the next step.

By: alexb (alexb) 2005-06-02 15:30:21

Well, I didn't enable Realtime caching. Before playing with auth=rsa, I've always used plaintext passwords and chan_iax2 always worked fine without caching. The only difference indeed was the auth type, so I still can't understand why now it should need caching. You may be laughing, but I've spent nights awake "googling"... and I didn't find a single page where it is stated that rtcachefriends is _needed_ for IAX friends (there's just something about message waiting indications and NAT support for SIP clients).

However, after enabling caching, it works perfectly.

Sorry for my wrong report and thanks for support.


By: Michael Jerris (mikej) 2005-06-02 19:50:32

Is there still a need to address this issue when caching is not enabled or can this one be cloesd out?

By: Kevin P. Fleming (kpfleming) 2005-06-02 21:52:46

No, caching should not be required for this to work.

By: alexb (alexb) 2005-06-03 05:07:07

If it may be considered a bug, I will add a debug trace as soon as possible.

By: Kevin P. Fleming (kpfleming) 2005-06-03 14:44:49

The fix for this has been committed to CVS HEAD; it required some extensive work, but the code is now much cleaner. Thanks for the report!

By: Digium Subversion (svnbot) 2008-01-15 15:37:01.000-0600

Repository: asterisk
Revision: 5833

U   trunk/channels/chan_iax2.c
U   trunk/contrib/asterisk-ng-doxygen

r5833 | kpfleming | 2008-01-15 15:37:00 -0600 (Tue, 15 Jan 2008) | 6 lines

clean up create_addr, and use a structure instead of a large parameter list
make create_addr return the peer's outkey, so dynamic realtime peers can use keys for calls (bug ASTERISK-4320)
add key support for switch connection strings
use a common dial/switch string parser instead of three copies (none of them identical)
make doxygen docs cover the entire source base