I wouldn't consider 'getting to keys' to be a next step in your plan. I would use RSA keys to authenticate the peers to each other rather than passwords.
Those config files I included work (with the names changed to protect the guilty). It should work for you ..
Tim
Chris wrote:
I haven't gotten to keys yet. The documentation out there doesn't seem to be very good.
Chris
----- Original Message ----- From: "Tim Pushor" <[EMAIL PROTECTED]>
To: "Asterisk Users Mailing List - Non-Commercial Discussion" <asterisk-users@lists.digium.com>
Sent: Thursday, May 05, 2005 4:06 PM
Subject: Re: [Asterisk-Users] Connecting 2 * Together-Pulling hair out
Personally, if I owned both boxes and had full control of the dialplan on both, I'd stay away from passwords. (but be careful what I say, I'm a hack)
I have a bunch of boxes connected together via IAX and authenticating via RSA. The entries in iax.conf are simple, and dialing across the connection is simple (no passwords in the dialplan) (thanks again Rich for taking the time).
Tim
Here is a sample of iax.conf entries on machine a:
[machineb] type=user host=machineb.internal.net auth=rsa inkeys=machineb username=machineb context=inbound
[machineb] type=peer host=machineb.internal.net auth=rsa outkey=machinea username=machinea
And an example dialplan entry to dial an extention on machineb (in the inbound context):
exten => 333,1,Dial(IAX2/machineb/333)
And on machinea, the opposite of machineb:
[machinea] type=user host=machinea.internal.net auth=rsa inkeys=machinea username=machinea context=inbound
[machinea] type=peer host=machinea.internal.net auth=rsa outkey=machineb username=machineb
To generate the keys:
on machinea:
astgenkey -n machinea mv machinea.* /var/lib/asterisk/keys
copy machinea.pub to machineb's /var/lib/asterisk/keys
on machineb:
astgenkey -n machineb mv machineb.* /var/lib/asterisk/keys
copy machineb.pub to machinea's /var/lib/asterisk/keys
Chris wrote:
I have something similar. Both of my servers are behind a firewall and NAT. You will need to allow UDP 4569 through the firewall for IAX2. If you have NAT you will need to redirect 4569 to the internal server.
I would suggest using AMP and then looking at IAX_ADDITIONAL.CONF to see how it's done. You can modify the IAX.CONf because I don't believe AMP rewrites that file.
I think the user and passwords are required. I would suggest using a strong password or someone may decide to make a few phone calls. After this you will need the routing in Extensions.conf to allow calls to be made on this trunk.
Asterisk will handle the SIP > IAX. All my clients are SIP and they have no trouble going over a IAX trunk to other SIP devices on the other server.
This is what my IAX_ADDITIONAL.CONF looks like
SiteA - Dynamic IP -------------- [boxb-peer] username=boxa-user type=peer trunk=yes secret=mypassword host=thehost.dyndns.org
[boxb-user] type=user secret=mypassword2 host=thehost.dyndns.org context=from-internal
--------------- Site b - Static IP ----------------
[boxa-peer] username=boxb-user type=peer trunk=yes secret=mypassword2 host=xxx.xxx.xxx.xxx
[boxa-user] type=user secret=mypassword host=xxx.xxx.xxx.xxx context=from-internal
Regards,
Chris
----- Original Message ----- From: "mr. barker" <[EMAIL PROTECTED]>
To: "'Asterisk Users Mailing List - Non-Commercial Discussion'" <asterisk-users@lists.digium.com>
Sent: Thursday, May 05, 2005 1:58 PM
Subject: RE: [Asterisk-Users] Connecting 2 * Together-Pulling hair out
Yes trying to connect to boxes together.
One sits outside the internal firewall and is on the inside.
I am using AMP. However I can just put whatever I need in the custom.conf sections. The users agents are SIP .. can SIP call go over a IAX trunk ? if so great. To create the trunk do I need to use a users name and password ? or ?
I need to have the *box that is behind the firewall to be able to place a call out through the *box that has a public ip.
Thank you
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chris Sent: Thursday, May 05, 2005 8:20 AM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [Asterisk-Users] Connecting 2 * Together-Pulling hair out
I am not sure what you are trying to do. I have created an IAX2 trunk between the servers over an internet connection. Then all you have to do is put in call routing on the trunks to forward the call to the right place. Are you using AMP or trying to do it manually. I found everything a little confusing as well, but it is simple now that I understand it.
Chris
----- Original Message ----- From: "mr. barker" <[EMAIL PROTECTED]>
To: "'Asterisk Users Mailing List - Non-Commercial Discussion'"
<asterisk-users@lists.digium.com>
Sent: Thursday, May 05, 2005 4:43 AM
Subject: [Asterisk-Users] Connecting 2 * Together-Pulling hair out
_____things
Subject: [Asterisk-Users] Connecting 2 * Together-Pulling hair out
I have read the docs on connecting 2* together but am unsure of a few
onDo I need a different account for each number that will be called from one box to the other ? ie. Do I set up a user account on one and then have the other box log into that account when it whats to make a call ?
I have 2 asterisk boxes and only one of them has the ability to access a VoipAccount and PSTN connections.(*box 1). The other holds the SIP extensions for the internal SIP users/exten(*box2)
I would like to be able to have the box with the Sip UA(*box2) on it to be
able to place a call using the box that has the VoipAccount and PSTN
connection. I am able to make multiple UA calls on the VoipAccount and 3
the PSTN lines (only have 3 lines coming in). I can get it to work if Iexten)
create a user exten on *box1 and map a trunk(which is really only an
using the user/password login to that exten from *box2. However when Itry
to place a second call when the VOIP line is in use it gives me error (to
basically saying can't use the trunk because it is in use) I would like
atbe able to have this exten/trunk to be able to use multiple connections on it.
There must be an easier way to do this I am just not sure how. I looked
creating IAX trunks but still come up with the Trunk is really an Exten
name/password .
Any help would be appreciated. (my brain is boiling eggs)
Thank you.
---------------------------------------------------------------------------- ----
_______________________________________________
Asterisk-Users mailing list
Asterisk-Users@lists.digium.com
http://lists.digium.com/mailman/listinfo/asterisk-users
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
_______________________________________________ Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
------------------------------------------------------------------------
_______________________________________________ Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
_______________________________________________ Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
------------------------------------------------------------------------
_______________________________________________ Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
_______________________________________________ Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
