> Andres wrote: > > > I just tried this myself and it behaves as you have described it. No > > need to use a username. When the call comes in on the remote Asterisk, > > the iax.conf simply tries to match the password to any entry. The first > > entry with a matching password gets used. I suggest you open a bug to > > at least get this documented. > > Done, as bug 1928, although the notes for 1458 imply that Mark is aware > of this issue and the code is not faulty... he wants it work this way. > Personally I cannot see the value in allowing completely anonymous IAX > connections, especially since they can connect as _any_ user you may > have specified in your iax.conf file by just guessing the password. > > Granted, if your IAX users are on fixed IP addresses you can use > IP-based access control, and if you can use keys then that also solves > the problem even for users with dynamic IPs. However, I'd like to see > some explanation of why anonymous connections are allowed to iax.conf > user entries with secrets specified; at best, I would think that > anonymous connections should only be allowed to user entries with _no_ > secret specified.
Reading way between the lines and taking an educated guess, I'd suggest the reasoning behind Mark's architectual thoughts are likely to relate to providing peer-to-peer call completion capabilities, as opposed to forcing all * systems to pass through some service-provider's-voip- switch. If implemented correctly, you control how anonymous calls are handled/allowed via contexts, and not through simple password schemes. In all liklihood, the code is probably not totally implemented as yet to achieve the objective. _______________________________________________ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
