IAX Trunk problem with Elastix 2.0

Discussion in 'General' started by andyshawn, Jun 7, 2010.

  1. andyshawn

    Joined:
    Apr 3, 2009
    Messages:
    113
    Likes Received:
    0
    I have been trying to make an IAX trunk between Elastix 2.00 and Asterisk 1.4 server.
    In the iax.conf files, both have type=friend.
    I am able to make calls over the trunk from the elastix2.0 to the asterisk 1.4.
    When i try to make calls from the Asterisk1.4 to elastix2.0, i get the following error on the console of the Asterisk1.4 server.

    [Jun 7 12:24:28] WARNING[13558]: chan_iax2.c:6959 socket_process: Call rejected by 172.18.31.6: <Unknown>
    -- Hungup 'IAX2/server1-4'
    == Everyone is busy/congested at this time (1:0/0/1)

    On the console of the elastix server, i get the following message:
    Rx-Frame Retry[ No] -- OSeqno: 000 ISeqno: 000 Type: IAX Subclass: NEW
    Timestamp: 00016ms SCall: 00008 DCall: 00000 [172.18.31.7:4569]
    VERSION : 2
    CALLED NUMBER : 1003
    CODEC_PREFS : (ulaw|gsm)
    CALLING NUMBER : 6004
    CALLING PRESNTN : 0
    CALLING TYPEOFN : 0
    CALLING TRANSIT : 0
    CALLING NAME :
    LANGUAGE : en
    USERNAME : server2
    FORMAT : 4
    CAPABILITY : 57350
    ADSICPE : 2
    DATE TIME : 2010-06-07 12:30:06

    Rx-Frame Retry[ No] -- OSeqno: 001 ISeqno: 001 Type: IAX Subclass: ACK
    Timestamp: 00016ms SCall: 00008 DCall: 00001 [172.18.31.7:4569]
     
  2. dicko

    Joined:
    Oct 24, 2008
    Messages:
    4,099
    Likes Received:
    0
  3. andyshawn

    Joined:
    Apr 3, 2009
    Messages:
    113
    Likes Received:
    0
    Thanks Dicko. You are a legend. I will check out the link you sent and let you know what happen.

    Thanks Again.
     
  4. andyshawn

    Joined:
    Apr 3, 2009
    Messages:
    113
    Likes Received:
    0
    It works perfectly now. I wasted an entire weekend trying to troubleshoot this. Once Again, thanks Dicko for your help.

    i added calltokenoptional=0.0.0.0/0.0.0.0 to my iax_general_additional.conf file and calls are now being accepted by the elastix 2.0 server.
     
  5. dicko

    Joined:
    Oct 24, 2008
    Messages:
    4,099
    Likes Received:
    0
    Good, but to avail yourself of the security fix you should tighten up the range, if just the one box calltokenoptional=<ipaddress_of_that_box>/255.255.255.255

    dicko
     
  6. andyshawn

    Joined:
    Apr 3, 2009
    Messages:
    113
    Likes Received:
    0
    Perfect. I never thought of that. I will make that change to the iax file now.

    Thanks Again
     
  7. milauria

    Joined:
    Mar 27, 2010
    Messages:
    27
    Likes Received:
    0
    Re: Re:IAX Trunk problem with Elastix 2.0

    What is the <ipaddress_of_that_box> ? LAN ip or external ip ? What if I have a dynamic IP setting ?

    I tried to restric to the LAN_IP/255.255.255.255 but can't register the IAX extension ... is it really a security concern to leave 0.0.0.0/0.0.0.0 ?

    thanks for any suggestions
     
  8. dicko

    Joined:
    Oct 24, 2008
    Messages:
    4,099
    Likes Received:
    0
    Re: Re:IAX Trunk problem with Elastix 2.0

    You need to understand what networks are and how routing works. basically <ipaddress>/netmask is the range of addresses that are recognized as acceptable.

    if you want to allow one ip address then <host>/32 or <host>/255.255.255.255

    if you want to allow a network or more then <network>/24 ( a class C size ) same as <network>/255.255.255.0, etc.

    if you allow 0.0.0.0/0.0.0.0 (0.0.0.0/0) you are allowing everybody in the whole world (this includes China and many eastern European nations) to access your IAX2 trunks using the implicit security leak that was patched by Digium, so IMHO opinion it is REALLY a "security concern", if you care to ignore this advice then "Expect large bills soon . . ." as the knuckle-draggers cotton on to the laziness/complacence/ineptitude of many IAX2 implementors.

    dicko
     
  9. jcasaravilla

    Joined:
    Aug 4, 2008
    Messages:
    55
    Likes Received:
    0
    Re: Re:IAX Trunk problem with Elastix 2.0

    Hello Dicko , in my case y use nat in both way

    Elastix box 1 ----- router publix fix ip----nat -----------internet--------- nat public dyn ip router -----Elastix box 2

    who y can apply security in this case were we use public ip addresses ( fixed and dynamic) ?

    regards !
     

Share This Page