Jeremy McNamara wrote:
On the machine you wish to dial out, you have in your iax.conf:
[peer]
type=peer
host=1.2.3.4
secret=foo
and in that same machine's extensions.conf you have something that looks like:
Dial,IAX2/[EMAIL PROTECTED]/${EXTEN}
Then on the 'peer' (other) machine you need:
[USER] type=user context=incoming auth=md5
which is cAsE SeNsITiVe. Plus you need the appropriate extension(s) in this (other) machine's extensions.conf.
I understand that, except that this succeeds even if the calling host's Dial command does _not_ include the USER name at all!
Have you bothered to study any of the documentation out there? Start here: http://www.voip-info.org/
Of course :-) I've spent the last month doing exactly that... But I don't understand how Asterisk can authenticate an incoming IAX2 call that does not include a USERNAME field (checked with iax2 debug turned on). I have done it on my machine, and moved the shared "secret" to a different entry in the receiving machine's iax.conf file, and the call still succeeds, with the receiving Asterisk thinking that the caller is now coming from that different entity.
In other words, somehow Asterisk is using _only_ the secret to identify _and_ authenticate the caller. I don't have any problem putting all the needed information on the calling systems (they will be under my control); my concern is that on my receiving end unless I use IP-based restrictions for callers anyone at all can connect if they can guess any secret in my iax.conf file, not a valid username/secret pair.
_______________________________________________
Asterisk-Users mailing list
[EMAIL PROTECTED]
http://lists.digium.com/mailman/listinfo/asterisk-users
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
