IAX Trunk problem with Elastix 2.0

andyshawn

Joined
Apr 3, 2009
Messages
113
Likes
0
Points
0
#1
I have been trying to make an IAX trunk between Elastix 2.00 and Asterisk 1.4 server.
In the iax.conf files, both have type=friend.
I am able to make calls over the trunk from the elastix2.0 to the asterisk 1.4.
When i try to make calls from the Asterisk1.4 to elastix2.0, i get the following error on the console of the Asterisk1.4 server.

[Jun 7 12:24:28] WARNING[13558]: chan_iax2.c:6959 socket_process: Call rejected by 172.18.31.6: <Unknown>
-- Hungup 'IAX2/server1-4'
== Everyone is busy/congested at this time (1:0/0/1)

On the console of the elastix server, i get the following message:
Rx-Frame Retry[ No] -- OSeqno: 000 ISeqno: 000 Type: IAX Subclass: NEW
Timestamp: 00016ms SCall: 00008 DCall: 00000 [172.18.31.7:4569]
VERSION : 2
CALLED NUMBER : 1003
CODEC_PREFS : (ulaw|gsm)
CALLING NUMBER : 6004
CALLING PRESNTN : 0
CALLING TYPEOFN : 0
CALLING TRANSIT : 0
CALLING NAME :
LANGUAGE : en
USERNAME : server2
FORMAT : 4
CAPABILITY : 57350
ADSICPE : 2
DATE TIME : 2010-06-07 12:30:06

Rx-Frame Retry[ No] -- OSeqno: 001 ISeqno: 001 Type: IAX Subclass: ACK
Timestamp: 00016ms SCall: 00008 DCall: 00001 [172.18.31.7:4569]
 

dicko

Joined
Oct 24, 2008
Messages
4,099
Likes
0
Points
0
#2

andyshawn

Joined
Apr 3, 2009
Messages
113
Likes
0
Points
0
#3
Thanks Dicko. You are a legend. I will check out the link you sent and let you know what happen.

Thanks Again.
 

andyshawn

Joined
Apr 3, 2009
Messages
113
Likes
0
Points
0
#4
It works perfectly now. I wasted an entire weekend trying to troubleshoot this. Once Again, thanks Dicko for your help.

i added calltokenoptional=0.0.0.0/0.0.0.0 to my iax_general_additional.conf file and calls are now being accepted by the elastix 2.0 server.
 

dicko

Joined
Oct 24, 2008
Messages
4,099
Likes
0
Points
0
#5
Good, but to avail yourself of the security fix you should tighten up the range, if just the one box calltokenoptional=<ipaddress_of_that_box>/255.255.255.255

dicko
 

andyshawn

Joined
Apr 3, 2009
Messages
113
Likes
0
Points
0
#6
Perfect. I never thought of that. I will make that change to the iax file now.

Thanks Again
 

milauria

Joined
Mar 27, 2010
Messages
27
Likes
0
Points
0
#7
Re: Re:IAX Trunk problem with Elastix 2.0

What is the <ipaddress_of_that_box> ? LAN ip or external ip ? What if I have a dynamic IP setting ?

I tried to restric to the LAN_IP/255.255.255.255 but can't register the IAX extension ... is it really a security concern to leave 0.0.0.0/0.0.0.0 ?

thanks for any suggestions
 

dicko

Joined
Oct 24, 2008
Messages
4,099
Likes
0
Points
0
#8
Re: Re:IAX Trunk problem with Elastix 2.0

milauria said:
What is the <ipaddress_of_that_box> ? LAN ip or external ip ? What if I have a dynamic IP setting ?

I tried to restric to the LAN_IP/255.255.255.255 but can't register the IAX extension ... is it really a security concern to leave 0.0.0.0/0.0.0.0 ?

thanks for any suggestions
You need to understand what networks are and how routing works. basically <ipaddress>/netmask is the range of addresses that are recognized as acceptable.

if you want to allow one ip address then <host>/32 or <host>/255.255.255.255

if you want to allow a network or more then <network>/24 ( a class C size ) same as <network>/255.255.255.0, etc.

if you allow 0.0.0.0/0.0.0.0 (0.0.0.0/0) you are allowing everybody in the whole world (this includes China and many eastern European nations) to access your IAX2 trunks using the implicit security leak that was patched by Digium, so IMHO opinion it is REALLY a "security concern", if you care to ignore this advice then "Expect large bills soon . . ." as the knuckle-draggers cotton on to the laziness/complacence/ineptitude of many IAX2 implementors.

dicko
 

jcasaravilla

Joined
Aug 4, 2008
Messages
55
Likes
0
Points
0
#9
Re: Re:IAX Trunk problem with Elastix 2.0

Hello Dicko , in my case y use nat in both way

Elastix box 1 ----- router publix fix ip----nat -----------internet--------- nat public dyn ip router -----Elastix box 2

who y can apply security in this case were we use public ip addresses ( fixed and dynamic) ?

regards !
 

Members online

No members online now.

Latest posts

Forum statistics

Threads
30,900
Messages
130,884
Members
17,561
Latest member
marouen
Top