* You are viewing Posts Tagged ‘IAX’

IAX Trunking Stopped Working

I administer a group of Asterisk servers running a mix of 10.3, 10.4, and 1.8.8.1 (mostly 10.4). One of those servers is a call concentrator/relay for E911 service. All of the other servers make an IAX connection to the relay server, which then hands off to a SIP trunk to my E911 provider. It all worked as recently as 2 weeks ago, but I discovered that sometime between then and now it stopped working without any explanation. Last modified time on the config files is over 2 months ago.

The setup is as follows:

On the call relay (IAX “receiver”)
[my-remote-server]
type=user host=dynamic username=my-remote-username encryption=yes secret=my-remote-secret context=my-call-context deny=0.0.0.0/0.0.0.0
permit=remote.server.ip.address/255.255.255.255

On the VoIP servers (IAX “sender”)

- One of the servers is set to register: register => my-remote-username:my-remote-secret@call.relay.server.ip

- Another is set to just use the peer definition as below without trying to register
[my-remote-server]
type=peer host=call.relay.server.ip username=my-remote-username secret=my-remote-secret qualify=no

Dialplan on the VoIP servers:
exten => 911,1,Verbose()
same => n,Dial(IAX2/my-remote-server/911)

Dialplan on the relay server:
[my-call-context]
exten => 911,1,Verbose()
same => n,Dial(Relay to E911)

The issue I’m seeing is this:

- On the servers that are set to register, the relay server is rejecting the registration (I’ve confirmed the username/peername/secrets are an exact match on both sides, and nothing has changed from when they were working). IAX debug on the relay server shows the auths come in and the relay server send REGREJ – Registration Refused, Cause Code 29. IAX debug on the server attempting to register shows sending the REGAUTH packets and receiving the REGREJ packets. The IP address shown in the IAX debug packets matches the IP address in the permit rule for each peer that’s supposed to register.

- On the server that is set to just send the calls, an attempt to dial 911 just hangs for 60 seconds and eventually times out without sending the call. IAX debug on the relay server shows the call start frame get RX’d, shows the relay server try to TX a CTOKEN frame, and nothing further (other than retransmissions of the call start frame). IAX debug on the server trying to send the call to the relay server shows the TX for the call start frame, but no RX for the CTOKEN frames.

Ultimately, this has gone from working to totally broken without any apparent change to my configuration. I need help to try to troubleshoot it further, I’ve tried everything I can think of (including transferring the backed-up working config files to a brand new clean-load server, upgrading Asterisk, and recreating the configurations by hand), and nothing seems to be helping.

Thank you,

IAX Trunk issue.

I’m testing a few IAX trunk scenarios in a controlled lab. From server2 extension 5000 (Server IP Address 172.16.200.212) I dial 6001 which goes across the IAX trunk to server 1 (IP address 172.16.200.210). Instead of ringing the 6001 phone, it plays tt-weasels (the s extension). When I dial 6099 it also plays tt-weasels as it’s supposed to, but it’s not the tt-weasels under its extension. It also dials the s extension.

I only placed the s extension in the dial plan to verify that the traffic was going across the IAX trunk and hitting the correct context.

Any help would be greatly appreciated.

Thanks Mitch

Asterisk-1

IP Address 172.16.200.210

SIP.CONF

[6001]
type=friend
host=dynamic
context=internal_users
secret=xxxxxxx
nat=yes

[6002]
type=friend
host=dynamic
context=internal_users
secret=xxxxxxx
nat=yes

extensions.conf

[internal_users]
exten => 6000,1,Answer()
exten => 6000,2,Playback(hello-world)
exten => 6000,3,Hangup()
exten => 6001,1,Dial(SIP/6001)
exten => 6002,1,Dial(SIP/6002)
exten => 6099,1,Playback(tt-weasels)
exten => 6099,n,HangUp
exten => _5XXX,1,Dial(${IAXTrunk}/${EXTEN})
same => n,Hangup()
exten => s,1,Answer()
exten => s,n,Playback(tt-weasels)
exten => s,n,Hangup()

IAX.conf

[trunk-1]
type=friend
username=trunk-1
trunk=yes
requiretoken=no
secret=password
host=172.16.200.212
context=internal_users
auth=plaintext
disallow=all
;allow=ulaw
;allow=alaw
allow=gsm

Asterisk-2

IP Address 172.16.200.212

sip.conf

[5000]
type=friend
context=phones
host=dynamic
disallow=all
allow=ulaw
secret=xxxxxxx

extensions.conf

[phones]
exten => _60XX,1,Dial(IAX2/trunk-1)
exten => _X.,1,Dial(IAX2/trunk-1)
exten => 5000,1,Dial(SIP/${EXTEN})
exten => 5000,n,Hangup
same => n,Hangup()
exten => 5099,1,Playback(tt-monkeys)
exten => 5099,n,HangUp

iax.conf

[trunk-1]
type=friend
username=trunk-1
trunk=yes
requiretoken=no
secret=password
host=172.16.200.210
context=phones
auth=plaintext
disallow=all
;allow=ulaw
;allow=alaw
allow=gsm

IAX ATA can’t register

I have an ATCOM ATA that is trying to connect to an asterisk server using IAX. The ATA and Asterisk are on the same subnet, not firewall/nat etc.

Below is a a log excerpt, showing the REGREQ received, and then Asterisk goes on to send lots of REGAUTH…and this continues for a while, but the ATA is never registered (iax2 show peers shows not registered).

Any help would be appreciated. It sure LOOKS like a lot of TX for very few RX frames…so my first guess was network related but I’m not making any progress with that theory

Thanks

Tx-Frame Retry[001] — OSeqno: 003 ISeqno: 001 Type: IAX Subclass: PING
Timestamp: 21003ms SCall: 10027 DCall: 18442 [192.168.67.20:4569]
Tx-Frame Retry[001] — OSeqno: 003 ISeqno: 001 Type: IAX Subclass: PING
Timestamp: 21006ms SCall: 14940 DCall: 18442 [192.168.67.20:4569]
Rx-Frame Retry[Yes] — OSeqno: 000 ISeqno: 000 Type: IAX Subclass: REGREQ
Timestamp: 00003ms SCall: 18443 DCall: 00000 [192.168.67.20:4569]
USERNAME : ALARM-ATA
REFRESH : 60
Tx-Frame Retry[003] — OSeqno: 000 ISeqno: 001 Type: IAX Subclass: REGAUTH
Timestamp: 00014ms SCall: 02267 DCall: 18443 [192.168.67.20:4569]
AUTHMETHODS : 2
CHALLENGE : 121149566
USERNAME : ALARM-ATA
Tx-Frame Retry[002] — OSeqno: 001 ISeqno: 001 Type: IAX Subclass: LAGRQ
Timestamp: 10013ms SCall: 02267 DCall: 18443 [192.168.67.20:4569]
Tx-Frame Retry[001] — OSeqno: 002 ISeqno: 001 Type: IAX Subclass: LAGRQ
Timestamp: 20013ms SCall: 02267 DCall: 18443 [192.168.67.20:4569]
Tx-Frame Retry[000] — OSeqno: 003 ISeqno: 001 Type: IAX Subclass: PING
Timestamp: 21016ms SCall: 10572 DCall: 18443 [192.168.67.20:4569]
Tx-Frame Retry[002] — OSeqno: 000 ISeqno: 001 Type: IAX Subclass: REGAUTH
Timestamp: 00015ms SCall: 14112 DCall: 18443 [192.168.67.20:4569]
AUTHMETHODS : 2
CHALLENGE : 530555480
USERNAME : ALARM-ATA
Tx-Frame Retry[001] — OSeqno: 003 ISeqno: 001 Type: IAX Subclass: PING
Timestamp: 21015ms SCall: 12659 DCall: 18443 [192.168.67.20:4569]
Tx-Frame Retry[001] — OSeqno: 001 ISeqno: 001 Type: IAX Subclass: LAGRQ
Timestamp: 10014ms SCall: 14112 DCall: 18443 [192.168.67.20:4569]
Tx-Frame Retry[000] — OSeqno: 002 ISeqno: 001 Type: IAX Subclass: LAGRQ
Timestamp: 20016ms SCall: 00480 DCall: 18443 [192.168.67.20:4569]
Tx-Frame Retry[000] — OSeqno: 000 ISeqno: 001 Type: IAX Subclass: REGAUTH
Timestamp: 00002ms SCall: 05489 DCall: 18443 [192.168.67.20:4569]
AUTHMETHODS : 2
CHALLENGE : 399007934
USERNAME : ALARM-ATA

Remote crash vulnerability in IAX2 channel driver.

Asterisk Project Security Advisory – AST-2012-007

Product Asterisk
Summary Remote crash vulnerability in IAX2 channel driver.
Nature of Advisory Remote crash
Susceptibility Established calls
Severity Moderate
Exploits Known No
Reported On March 21, 2012
Reported By mgrobecker
Posted On May 29, 2012
Last Updated On May 29, 2012
Advisory Contact Richard Mudgett < rmudgett AT digium DOT com >
CVE Name CVE-2012-2947

Description A remotely exploitable crash vulnerability exists in the
IAX2 channel driver if an established call is placed on
hold without a suggested music class. For this to occur,
the following must take place:

1. The setting mohinterpret=passthrough must be set on the
end placing the call on hold.

2. A call must be established.

3. The call is placed on hold without a suggested
music-on-hold class name.

When these conditions are true, Asterisk will attempt to
use an invalid pointer to a music-on-hold class name. Use
of the invalid pointer will either cause a crash or the
music-on-hold class name will be garbage.

Resolution Asterisk now sets the extra data parameter to null if the
received control frame does not have any extra data.

Affected Versions
Product Release Series
Certified Asterisk 1.8.11-cert All versions
Asterisk Open Source 1.8.x All versions
Asterisk Open Source 10.x All versions

Corrected In
Product Release
Certified Asterisk 1.8.11-cert2
Asterisk Open Source 1.8.12.1, 10.4.1

Patches
SVN URL Revision
http://downloads.asterisk.org/pub/security/AST-2012-007-1.8.11-cert.diff v1.8.11-cert
http://downloads.asterisk.org/pub/security/AST-2012-007-1.8.diff v1.8
http://downloads.asterisk.org/pub/security/AST-2012-007-10.diff v10

Links https://issues.asterisk.org/jira/browse/ASTERISK-19597

Asterisk Project Security Advisories are posted at
http://www.asterisk.org/security

This document may be superseded by later versions; if so, the latest
version will be posted at
http://downloads.digium.com/pub/security/AST-2012-007.pdf and
http://downloads.digium.com/pub/security/AST-2012-007.html

Revision History
Date Editor Revisions Made
05/29/2012 Richard Mudgett Initial release.

Asterisk Project Security Advisory – AST-2012-007
Copyright (c) 2012 Digium, Inc. All Rights Reserved.
Permission is hereby granted to distribute and publish this advisory in its
original, unaltered form.

IAX2 passing back and forth variables

Hi all,

I have two asterisk servers A and B.

And I would like from A, dial to B passing some IAX variables.

Then B handles the calls, setup some other variables that become available
to A which can continue.

So far, I have used IAXVAR function.

It works when sending call from A to B

But variables setup on B are not available on A.

Any idea how I can do it ?

Here are my dialplans.

+++++++++++

SERVER A

+++++++++++

[contextA]

exten => s,1,Set(IAXVAR(TESTVAR1)=abcd)

exten => s,n,Dial(IAX2/serverb/s,30,g)

exten => s,n,Noop( The out variable is : ${IAXVAR(TESTVAR2)} ) ; < ----
Does not work

+++++++++++

SERVER B

+++++++++++

[contextB]

exten => s,1,Noop( ${IAXVAR(TESTVAR1)} ) < ----- Does work

exten => s,n,Set(IAXVAR(TESTVAR2))

exten => s,n,Hangup

CallerId back to incoming

I’m currently doing some testing with Asterisk ( 1.8.11.0) on RHEL6
using realtime for sippeers, sipusers and musiconhold

I have Avaya definity < -> PRI E1 < -> Asterisk 1 < -> IAX2 < -> Asterisk
2

I have peers (sip) snom 821s on both Asterisk 1 and 2 all calls working
between all systems.

CallerID from Asterisk to Avaya is working correctly.

The problem is a caller from Avaya to Asterisk displays correctly the
CID of the Asterisk Extension to the calling party on the Avaya but only
if the peer is on Asterisk 1. If the peer is on Asterisk 2 only the CID
of the PRI on the avaya side is displayed. I hope this makes sense.

I’m not sure where to start looking or whether its even possible.

I can of course supply any of the configs that may help.

Cheers

Stephen Collier