Can Receive Faxes, Can't Send Faxes

Discussion in 'General' started by izrunas, Dec 7, 2009.

  1. izrunas

    Joined:
    Mar 4, 2009
    Messages:
    94
    Likes Received:
    0
    I have an atypical configuration... I a running Elastix on one box and Hylafax + Avantfax + iaxModem on a second server.

    I had this working in terms of outbound faxes up until I migrated from an Elastix 1.5 box to an Elastix 1.6 box.

    I have reverified all the settings for all the iaxmodems on both the FreePBX side and on the Hylafax server side.

    I have NO problems with inbound faxes, and all iaxmodems show as registered and active in Asterisk CLI "iax2 show peers".

    When I try to send faxes, I am getting messages like this on the Hylafax server side:

    Code:
    Dec  7 17:08:52 dmxfax FaxQueuer[1913]: JOB 4487 (ready dest 18642614097 pri 117 tts 0:00:00 killtime 2:08:16): READY
    Dec  7 17:08:53 dmxfax FaxQueuer[1913]: JOB 4487 (ready dest 18642614097 pri 117 tts 0:00:00 killtime 2:08:15): PROCESS
    Dec  7 17:08:53 dmxfax FaxQueuer[1913]: JOB 4487 (active dest 18642614097 pri 117 tts 0:00:00 killtime 2:08:15): ACTIVE
    Dec  7 17:08:53 dmxfax FaxQueuer[1913]: JOB 4487 (active dest 18642614097 pri 117 tts 0:00:00 killtime 2:08:15): CMD START /usr/sbin/faxsend -m ttyIAX14 sendq/q4487 (PID 4131)
    Dec  7 17:08:53 dmxfax FaxGetty[2040]: LOCKWAIT
    Dec  7 17:09:03 dmxfax FaxSend[4131]: MODEM WWW.SOFT-SWITCH.ORG spandsp/
    Dec  7 17:09:03 dmxfax FaxSend[4131]: SEND FAX: JOB 4487 DEST 18642614097 COMMID 000010382 DEVICE '/dev/ttyIAX14' FROM 'allend <dallen@localhost>' USER allend
    Dec  7 17:09:03 dmxfax FaxSend[4131]: SEND FAILED: JOB 4487 DEST 18642614097 ERR No local dialtone {E004}
    Dec  7 17:09:05 dmxfax FaxQueuer[1913]: JOB 4487 (active dest 18642614097 pri 117 tts 0:00:00 killtime 2:08:03): CMD DONE: exit status 0
    Dec  7 17:09:05 dmxfax FaxQueuer[1913]: JOB 4487 (sleeping dest 18642614097 pri 116 tts 0:00:00 killtime 2:08:03): SEND INCOMPLETE: requeue for 0:04:58; No local dialtone
    Dec  7 17:09:05 dmxfax FaxQueuer[1913]: JOB 4487 (sleeping dest 18642614097 pri 116 tts 0:04:58 killtime 2:08:03): SLEEP FOR 0:04:58
    Dec  7 17:09:05 dmxfax FaxQueuer[1913]: NOTIFY: bin/notify.php 'sendq/q4487' 'requeued' '' "17:14"
    
    The Asterisk console shows NOTHING.

    Research in other forums tells me that such an error is caused by Asterisk refusing to accept the connection/call--but I can't figure out why (since it is connected and accepts inbound faxes already).

    By process of elimination, I am assuming that something critical changed when I went from Elastix 1.5 to Elastix 1.6.

    Not sure which code files to post, but here are a few:

    From Elastix 1.6 box: /etc/asterisk/iax_additional.conf:

    Code:
    [15201]
    deny=0.0.0.0/0.0.0.0
    disallow=all
    secret=xxxxxxxxxxx
    transfer=no
    context=fax-modem
    host=192.168.43.55
    type=friend
    port=15201
    qualify=yes
    allow=ulaw
    dial=IAX2/15201
    accountcode=
    mailbox=15201@device
    permit=0.0.0.0/0.0.0.0
    callerid=device <15201>
    setvar=REALCALLERIDNUM=15201
    
    From Hylafax box:

    Code:
    device          /dev/ttyIAX1
    owner           uucp:uucp
    mode            660
    port            15201
    refresh         300
    server          192.168.43.60
    peername        15201
    secret          xxxxxxxxxxx
    cidname         xxxxxxxxxxx
    cidnumber       804xxxxxxx
    codec           ulaw
    The custom context serves only to limit outbound calls made by the iaxmodem to use a PRI circuit and none of the outbound IAX2 trunks (which are normally the preference for outbound long distance).

    What else may I provide?

    --Eriks
     
  2. ramoncio

    Joined:
    May 12, 2010
    Messages:
    1,663
    Likes Received:
    0
    Hi Eriks,
    It looks as a problem in the outbound route. Do you also have asterisk in the hylafax box? Maybe you could try to make some voice calls.
    How do you connect both boxes? Recheck the outbound routes. You should be able to see the outgoing call in your elastix main box console at least.
     
  3. izrunas

    Joined:
    Mar 4, 2009
    Messages:
    94
    Likes Received:
    0
    It turns out that the cause of my issue was that the upgrade from Elastix 1.5 to Elastix 1.6 includes some security enhancements that Digium has built into IAX2. Apparently, there is an issue with DoS attacks on Asterisk servers using IAX2, so Digium introduced the requirement for Call Token Validation by default.

    The issue I had with being able to receive faxes, but not send them was directly caused by this new security. I was able to receive faxes because Asterisk initiated the contact to the IAXmodems on the Hylafax server on the same LAN, yet when the IAXmodems attempted to initiate a call "to" the Asterisk server to send a fax, it was denied. This did not show up in the Asterisk CLI, even when verbosity and debugging were both set to 255. I suppose the good news is that this new measure seems quite capable of protecting an Asterisk server's IAX2 ports.

    To solve my problem, it turns out that there are two choices. The preferred one is simply to add a provision to the extensions configuration:

    Code:
    requirecalltoken=no
    The challenge is that there is not easy way to accomplish this when using Elastix/FreePBX without creating a custom extension. I did attempt to make use of iax_custom_post.conf to "add" a directive--but this feature appears not to be functional yet.

    The solution which I opted for was to disable the new IAX2 security measures as a [general] directive for IAX2 on my server. I accomplished this the "easy way" by going to the "Asterisk IAX Settings" module in FreePX (can be added from extended repository) and going down to the "Other IAX Settings" section.

    Code:
    calltokenoptional = 0.0.0.0/0.0.0.0
    maxcallnumbers = 16382
    I added these two entries and submitted/applied changes and voila! it worked. These directives serve to return IAX2 to functioning exactly as they did before the Digium security enhancements.

    Obviously, it is never an ideal thing to reduce security measures in a world where most of us have seen an extension hijacker or two compromise a system--but in this case, it seems safe enough since I only allow access to IAX2 from inside our firewall.

    I hope this explanation is helpful.
     
  4. ramoncio

    Joined:
    May 12, 2010
    Messages:
    1,663
    Likes Received:
    0
    Great job!
    And thanks for sharing!!
     

Share This Page