Re: [asterisk-users] iax2: two users can't authenticate from same ip address
Sean Darcy wrote: Maybe a different question would be helpful. Let's assume no NAT; the server is directly connected with an FQDN. Two iax devices register. Does asterisk assign them different ports? Asterisk does not assign ports. The IAX2 channel driver, by default, binds to a single UDP port (4569). As UDP is connectionless there are no connections. What you see on the console is the *source* IP address and port of the packets. It's possible that the Amazon stuff is sort of NATting things to do connection tracking... but that's Amazon land, so no clue really. -- Joshua Colp Digium, Inc. | Senior Software Developer 445 Jan Davis Drive NW - Huntsville, AL 35806 - USA Check us out at: www.digium.com www.asterisk.org -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] iax2: two users can't authenticate from same ip address
On 09/09/2013 07:48 PM, Eric Wieling wrote: Try this as an example of why it doesn't matter. 1) On windows open a cmd prompt or on linux open up a local terminal. 2) open a web browser and connect to a web site like cnn.com 3) on windows type netstat -n in the command prompt, in linux type netstat -n --ip For example on my system, the local IP is 172.17.3.111. Notice below how the port on my local system is NOT 80, even though the port on the remote system is? This is simply how TCP and UDP work. When you are looking at your iax peers you are seeing the REMOTE IP and REMOTE port, which seldom matters. It is the port on the client you are connecting TO which matters, not the port which you are connecting FROM. TCP and UDP do not allow more than one connection using the same source IP/source port/destination IP/destination port (called a tuple). For most things the source port does not matter so the operating system assigns whatever source port it wants to. NAT routers will often change the source port when the connection is NAT'd. These are fundamental IP networking concepts whi ch all people doing VoIP should know, but most don't. I'm sure there are many books on TCP/IP networking which explain it better than I have explained it. Active Connections Proto Local Address Foreign AddressState TCP172.17.3.111:22020 157.166.226.25:80 ESTABLISHED TCP172.17.3.111:22021 157.166.249.10:80 ESTABLISHED TCP172.17.3.111:22022 23.63.227.185:80 ESTABLISHED TCP172.17.3.111:22023 23.63.227.185:80 ESTABLISHED TCP172.17.3.111:22024 23.63.227.185:80 ESTABLISHED TCP172.17.3.111:22025 23.63.227.185:80 ESTABLISHED TCP172.17.3.111:22026 23.63.227.185:80 ESTABLISHED TCP172.17.3.111:22027 23.203.4.211:80ESTABLISHED TCP172.17.3.111:22028 23.63.227.185:80 ESTABLISHED TCP172.17.3.111:22029 4.27.18.126:80 ESTABLISHED TCP172.17.3.111:22030 4.27.18.126:80 ESTABLISHED TCP172.17.3.111:22031 4.27.18.126:80 ESTABLISHED TCP172.17.3.111:22032 4.27.18.126:80 ESTABLISHED TCP172.17.3.111:22033 4.27.18.126:80 ESTABLISHED TCP172.17.3.111:22034 4.27.18.126:80 ESTABLISHED TCP172.17.3.111:22035 74.217.240.83:80 ESTABLISHED TCP172.17.3.111:22036 23.63.227.123:80 ESTABLISHED TCP172.17.3.111:22037 12.130.81.225:80 ESTABLISHED TCP172.17.3.111:22038 4.26.252.126:80ESTABLISHED TCP172.17.3.111:22039 4.26.252.126:80ESTABLISHED TCP172.17.3.111:22040 4.26.252.126:80ESTABLISHED TCP172.17.3.111:22041 4.26.252.126:80ESTABLISHED TCP172.17.3.111:22042 4.26.252.126:80ESTABLISHED TCP172.17.3.111:22043 4.26.252.126:80ESTABLISHED -Original Message- From: asterisk-users-boun...@lists.digium.com [mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Sean Darcy Sent: Monday, September 09, 2013 7:00 PM To: asterisk-users@lists.digium.com Subject: Re: [asterisk-users] iax2: two users can't authenticate from same ip address On 09/09/2013 03:37 PM, Eric Wieling wrote: Again, that port is assigned by your NAT router. Asterisk cannot control the source port if the incoming packet. That is set by your NAT router and client and likely has nothing to do with your problem. -Original Message- From: asterisk-users-boun...@lists.digium.com [mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Sean Darcy Sent: Monday, September 09, 2013 3:30 PM To: asterisk-users@lists.digium.com Subject: Re: [asterisk-users] iax2: two users can't authenticate from same ip address Dial(IAX2/home-14358, IAX2/gn) in new stack -- Called IAX2/gn CLI iax2 show peers Name/UsernameHost Mask Port Status Description gn gnipaddr (D) 255.255.255.255 9007 OK (179 ms) [Sep 9 19:11:36] WARNING[530]: chan_iax2.c:3552 __attempt_transmit: Max retries exceeded to host gnipaddr on IAX2/gn-11311 (type = 6, subclass = 11, ts=10018, seqno=1) -- Hungup 'IAX2/gn-11311' Again, what's with this port 9007? Is asterisk assigning it? I thought all iax traffic went over 4569. Of course, this could be a zoiper problem. sean But the problem is it's not MY nat router; it's amazon's. And if you only have only have one iax device registered, it's always 4569, So why does amazon assign a different port to the second iax device? How would it even know? sean Well, I may be confused, but iax show peers is showing the remote port, the port it will connect TO, right? netstat doesn't show the asterisk connections at all, just the STUN server: netstat -nu --ip Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address
Re: [asterisk-users] iax2: two users can't authenticate from same ip address
Sean Darcy wrote: On 09/10/2013 12:15 PM, Joshua Colp wrote: Sean Darcy wrote: Maybe a different question would be helpful. Let's assume no NAT; the server is directly connected with an FQDN. Two iax devices register. Does asterisk assign them different ports? Asterisk does not assign ports. The IAX2 channel driver, by default, binds to a single UDP port (4569). As UDP is connectionless there are no connections. What you see on the console is the *source* IP address and port of the packets. It's possible that the Amazon stuff is sort of NATting things to do connection tracking... but that's Amazon land, so no clue really. Since no horse is dead enough not to take another beating: If the console is showing the *source* port of the packets. then: does the server send iax packets to that source port, or to 4569? It sends to the source port if using the registration. home (which is another asterisk server) shows 4569, while the androids running zoiper show random ports. I assume zoiper puts the source port in an iax packet. But regardless of how zoiper describes its source port, asterisk will only send iax packets on 4569. correct? It does not put the source port in an IAX packet. It's in the IP header itself, outside of IAX. Asterisk will send IAX packets *from* port 4569 but *to* any host/port. -- Joshua Colp Digium, Inc. | Senior Software Developer 445 Jan Davis Drive NW - Huntsville, AL 35806 - USA Check us out at: www.digium.com www.asterisk.org -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] iax2: two users can't authenticate from same ip address
On 09/10/2013 05:27 PM, Joshua Colp wrote: Sean Darcy wrote: On 09/10/2013 12:15 PM, Joshua Colp wrote: Sean Darcy wrote: Maybe a different question would be helpful. Let's assume no NAT; the server is directly connected with an FQDN. Two iax devices register. Does asterisk assign them different ports? Asterisk does not assign ports. The IAX2 channel driver, by default, binds to a single UDP port (4569). As UDP is connectionless there are no connections. What you see on the console is the *source* IP address and port of the packets. It's possible that the Amazon stuff is sort of NATting things to do connection tracking... but that's Amazon land, so no clue really. Since no horse is dead enough not to take another beating: If the console is showing the *source* port of the packets. then: does the server send iax packets to that source port, or to 4569? It sends to the source port if using the registration. home (which is another asterisk server) shows 4569, while the androids running zoiper show random ports. I assume zoiper puts the source port in an iax packet. But regardless of how zoiper describes its source port, asterisk will only send iax packets on 4569. correct? It does not put the source port in an IAX packet. It's in the IP header itself, outside of IAX. Asterisk will send IAX packets *from* port 4569 but *to* any host/port. OK, so I only need to open up 4569 incoming, But I need to allow a range of outgoing udp ports since zoiper is choosing other udp ports in the IP header of the iax registration. Thanks. Sorry it's taken so long for me to get this. sean -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] iax2: two users can't authenticate from same ip address
On 09/10/2013 12:15 PM, Joshua Colp wrote: Sean Darcy wrote: Maybe a different question would be helpful. Let's assume no NAT; the server is directly connected with an FQDN. Two iax devices register. Does asterisk assign them different ports? Asterisk does not assign ports. The IAX2 channel driver, by default, binds to a single UDP port (4569). As UDP is connectionless there are no connections. What you see on the console is the *source* IP address and port of the packets. It's possible that the Amazon stuff is sort of NATting things to do connection tracking... but that's Amazon land, so no clue really. Since no horse is dead enough not to take another beating: If the console is showing the *source* port of the packets. then: does the server send iax packets to that source port, or to 4569? home (which is another asterisk server) shows 4569, while the androids running zoiper show random ports. I assume zoiper puts the source port in an iax packet. But regardless of how zoiper describes its source port, asterisk will only send iax packets on 4569. correct? I ask all this because Amazon EC2 uses a firewall that doesn't have a connection state. All incoming ports are blocked unless they are explicitly opened. Just having a packet go out to an ip address and port, doesn't open the source port. But if iax is always and only using 4569 to send and receive, I don't have to worry about opening any other ports. Thanks, sean -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] iax2: two users can't authenticate from same ip address
Hello Sean, Sunday, September 8, 2013, 11:25:24 PM, you wrote: The problem is that once a phone has used the server, no other phone can use it. The servers sees all the phones as having the same ip address (though different ports). This sounds like the Peer v Friend problem I have had in the past. Try setting user=friend which will match on the username and not IP address. I found that asterisk was matching to the first account in the list in IAX.CONF and authentication was then failing (or in the case of incoming calls, ending up in the wrong context). http://www.voip-info.org/wiki/view/Asterisk+SIP+user+vs+peer Julian -- Best regards, Julianmailto:jb_s...@trink.co.uk -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] iax2: two users can't authenticate from same ip address
They are assigned by the router doing the NAT translations. -Original Message- From: asterisk-users-boun...@lists.digium.com [mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Sean Darcy Sent: Monday, September 09, 2013 10:56 AM To: asterisk-users@lists.digium.com Subject: Re: [asterisk-users] iax2: two users can't authenticate from same ip address On 09/09/2013 08:04 AM, Julian Beach wrote: Hello Sean, Sunday, September 8, 2013, 11:25:24 PM, you wrote: The problem is that once a phone has used the server, no other phone can use it. The servers sees all the phones as having the same ip address (though different ports). This sounds like the Peer v Friend problem I have had in the past. Try setting user=friend which will match on the username and not IP address. I found that asterisk was matching to the first account in the list in IAX.CONF and authentication was then failing (or in the case of incoming calls, ending up in the wrong context). http://www.voip-info.org/wiki/view/Asterisk+SIP+user+vs+peer Julian Thanks for the response. On the server each device has type=friend. I do notice that peer home has the standard iax port 4569. The other peers are assigned 1026, 1027 and 1028. How are these ports assigned? sean -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] iax2: two users can't authenticate from same ip address
Sean Darcy wrote: On the server each device has type=friend. I do notice that peer home has the standard iax port 4569. The other peers are assigned 1026, 1027 and 1028. How are these ports assigned? The actual configuration entries (minus password) for each one involved would be useful... if you aren't being explicit with what username to use for outgoing authentication then stuff like this can happen. -- Joshua Colp Digium, Inc. | Senior Software Developer 445 Jan Davis Drive NW - Huntsville, AL 35806 - USA Check us out at: www.digium.com www.asterisk.org -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] iax2: two users can't authenticate from same ip address
On 09/09/2013 08:04 AM, Julian Beach wrote: Hello Sean, Sunday, September 8, 2013, 11:25:24 PM, you wrote: The problem is that once a phone has used the server, no other phone can use it. The servers sees all the phones as having the same ip address (though different ports). This sounds like the Peer v Friend problem I have had in the past. Try setting user=friend which will match on the username and not IP address. I found that asterisk was matching to the first account in the list in IAX.CONF and authentication was then failing (or in the case of incoming calls, ending up in the wrong context). http://www.voip-info.org/wiki/view/Asterisk+SIP+user+vs+peer Julian Thanks for the response. On the server each device has type=friend. I do notice that peer home has the standard iax port 4569. The other peers are assigned 1026, 1027 and 1028. How are these ports assigned? sean -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] iax2: two users can't authenticate from same ip address
On 09/09/2013 11:08 AM, Joshua Colp wrote: Sean Darcy wrote: On the server each device has type=friend. I do notice that peer home has the standard iax port 4569. The other peers are assigned 1026, 1027 and 1028. How are these ports assigned? The actual configuration entries (minus password) for each one involved would be useful... if you aren't being explicit with what username to use for outgoing authentication then stuff like this can happen. On the server: [default](!) type=friend auth=md5 host=dynamic context=nz-in qualify=1000 setvar=Protocol=IAX2 [gn](default) secret=pwgn callerid=GN [home](default) secret=pwhome username=home I'm using Zoiper on Android for gn, home is from the home machine, which registers with the server: register = home:pwhome@serverip [home] type=friend insecure=port,invite secret=pwhome; same secret as on server context=incoming host=serverip I'm wondering if it's a result of the amazon ec2 firewall (not iptables). I may need to open up those lower udp ports. Maybe the amazon firewall doesn't use ctstate; it may block any port not explicitly opened even if a connection is established. Thanks for the help. sean -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] iax2: two users can't authenticate from same ip address
On 09/09/2013 01:54 PM, Joshua Colp wrote: Sean Darcy wrote: home is from the home machine, which registers with the server: register = home:pwhome@serverip [home] type=friend insecure=port,invite secret=pwhome ; same secret as on server context=incoming host=serverip You aren't specifying what username to authenticate as here. Add: username=home And give it a go. Excellent! It's so easy to overlook the obvious. But now I can't call gn. I can call out from gn, but calling to gn dies with Max retries... Dial(IAX2/home-14358, IAX2/gn) in new stack -- Called IAX2/gn CLI iax2 show peers Name/UsernameHost Mask Port Status Description gn gnipaddr (D) 255.255.255.255 9007 OK (179 ms) [Sep 9 19:11:36] WARNING[530]: chan_iax2.c:3552 __attempt_transmit: Max retries exceeded to host gnipaddr on IAX2/gn-11311 (type = 6, subclass = 11, ts=10018, seqno=1) -- Hungup 'IAX2/gn-11311' Again, what's with this port 9007? Is asterisk assigning it? I thought all iax traffic went over 4569. Of course, this could be a zoiper problem. sean -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] iax2: two users can't authenticate from same ip address
Again, that port is assigned by your NAT router. Asterisk cannot control the source port if the incoming packet. That is set by your NAT router and client and likely has nothing to do with your problem. -Original Message- From: asterisk-users-boun...@lists.digium.com [mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Sean Darcy Sent: Monday, September 09, 2013 3:30 PM To: asterisk-users@lists.digium.com Subject: Re: [asterisk-users] iax2: two users can't authenticate from same ip address Dial(IAX2/home-14358, IAX2/gn) in new stack -- Called IAX2/gn CLI iax2 show peers Name/UsernameHost Mask Port Status Description gn gnipaddr (D) 255.255.255.255 9007 OK (179 ms) [Sep 9 19:11:36] WARNING[530]: chan_iax2.c:3552 __attempt_transmit: Max retries exceeded to host gnipaddr on IAX2/gn-11311 (type = 6, subclass = 11, ts=10018, seqno=1) -- Hungup 'IAX2/gn-11311' Again, what's with this port 9007? Is asterisk assigning it? I thought all iax traffic went over 4569. Of course, this could be a zoiper problem. sean -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] iax2: two users can't authenticate from same ip address
Sean Darcy wrote: home is from the home machine, which registers with the server: register = home:pwhome@serverip [home] type=friend insecure=port,invite secret=pwhome ; same secret as on server context=incoming host=serverip You aren't specifying what username to authenticate as here. Add: username=home And give it a go. -- Joshua Colp Digium, Inc. | Senior Software Developer 445 Jan Davis Drive NW - Huntsville, AL 35806 - USA Check us out at: www.digium.com www.asterisk.org -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] iax2: two users can't authenticate from same ip address
On 09/09/2013 03:37 PM, Eric Wieling wrote: Again, that port is assigned by your NAT router. Asterisk cannot control the source port if the incoming packet. That is set by your NAT router and client and likely has nothing to do with your problem. -Original Message- From: asterisk-users-boun...@lists.digium.com [mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Sean Darcy Sent: Monday, September 09, 2013 3:30 PM To: asterisk-users@lists.digium.com Subject: Re: [asterisk-users] iax2: two users can't authenticate from same ip address Dial(IAX2/home-14358, IAX2/gn) in new stack -- Called IAX2/gn CLI iax2 show peers Name/UsernameHost Mask Port Status Description gn gnipaddr (D) 255.255.255.255 9007 OK (179 ms) [Sep 9 19:11:36] WARNING[530]: chan_iax2.c:3552 __attempt_transmit: Max retries exceeded to host gnipaddr on IAX2/gn-11311 (type = 6, subclass = 11, ts=10018, seqno=1) -- Hungup 'IAX2/gn-11311' Again, what's with this port 9007? Is asterisk assigning it? I thought all iax traffic went over 4569. Of course, this could be a zoiper problem. sean But the problem is it's not MY nat router; it's amazon's. And if you only have only have one iax device registered, it's always 4569, So why does amazon assign a different port to the second iax device? How would it even know? sean -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] iax2: two users can't authenticate from same ip address
Try this as an example of why it doesn't matter. 1) On windows open a cmd prompt or on linux open up a local terminal. 2) open a web browser and connect to a web site like cnn.com 3) on windows type netstat -n in the command prompt, in linux type netstat -n --ip For example on my system, the local IP is 172.17.3.111. Notice below how the port on my local system is NOT 80, even though the port on the remote system is? This is simply how TCP and UDP work. When you are looking at your iax peers you are seeing the REMOTE IP and REMOTE port, which seldom matters. It is the port on the client you are connecting TO which matters, not the port which you are connecting FROM. TCP and UDP do not allow more than one connection using the same source IP/source port/destination IP/destination port (called a tuple). For most things the source port does not matter so the operating system assigns whatever source port it wants to. NAT routers will often change the source port when the connection is NAT'd. These are fundamental IP networking concepts which all people doing VoIP should know, but most don't. I'm sure there are many books on TCP/IP networking which explain it better than I have explained it. Active Connections Proto Local Address Foreign AddressState TCP172.17.3.111:22020 157.166.226.25:80 ESTABLISHED TCP172.17.3.111:22021 157.166.249.10:80 ESTABLISHED TCP172.17.3.111:22022 23.63.227.185:80 ESTABLISHED TCP172.17.3.111:22023 23.63.227.185:80 ESTABLISHED TCP172.17.3.111:22024 23.63.227.185:80 ESTABLISHED TCP172.17.3.111:22025 23.63.227.185:80 ESTABLISHED TCP172.17.3.111:22026 23.63.227.185:80 ESTABLISHED TCP172.17.3.111:22027 23.203.4.211:80ESTABLISHED TCP172.17.3.111:22028 23.63.227.185:80 ESTABLISHED TCP172.17.3.111:22029 4.27.18.126:80 ESTABLISHED TCP172.17.3.111:22030 4.27.18.126:80 ESTABLISHED TCP172.17.3.111:22031 4.27.18.126:80 ESTABLISHED TCP172.17.3.111:22032 4.27.18.126:80 ESTABLISHED TCP172.17.3.111:22033 4.27.18.126:80 ESTABLISHED TCP172.17.3.111:22034 4.27.18.126:80 ESTABLISHED TCP172.17.3.111:22035 74.217.240.83:80 ESTABLISHED TCP172.17.3.111:22036 23.63.227.123:80 ESTABLISHED TCP172.17.3.111:22037 12.130.81.225:80 ESTABLISHED TCP172.17.3.111:22038 4.26.252.126:80ESTABLISHED TCP172.17.3.111:22039 4.26.252.126:80ESTABLISHED TCP172.17.3.111:22040 4.26.252.126:80ESTABLISHED TCP172.17.3.111:22041 4.26.252.126:80ESTABLISHED TCP172.17.3.111:22042 4.26.252.126:80ESTABLISHED TCP172.17.3.111:22043 4.26.252.126:80ESTABLISHED -Original Message- From: asterisk-users-boun...@lists.digium.com [mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Sean Darcy Sent: Monday, September 09, 2013 7:00 PM To: asterisk-users@lists.digium.com Subject: Re: [asterisk-users] iax2: two users can't authenticate from same ip address On 09/09/2013 03:37 PM, Eric Wieling wrote: Again, that port is assigned by your NAT router. Asterisk cannot control the source port if the incoming packet. That is set by your NAT router and client and likely has nothing to do with your problem. -Original Message- From: asterisk-users-boun...@lists.digium.com [mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Sean Darcy Sent: Monday, September 09, 2013 3:30 PM To: asterisk-users@lists.digium.com Subject: Re: [asterisk-users] iax2: two users can't authenticate from same ip address Dial(IAX2/home-14358, IAX2/gn) in new stack -- Called IAX2/gn CLI iax2 show peers Name/UsernameHost Mask Port Status Description gn gnipaddr (D) 255.255.255.255 9007 OK (179 ms) [Sep 9 19:11:36] WARNING[530]: chan_iax2.c:3552 __attempt_transmit: Max retries exceeded to host gnipaddr on IAX2/gn-11311 (type = 6, subclass = 11, ts=10018, seqno=1) -- Hungup 'IAX2/gn-11311' Again, what's with this port 9007? Is asterisk assigning it? I thought all iax traffic went over 4569. Of course, this could be a zoiper problem. sean But the problem is it's not MY nat router; it's amazon's. And if you only have only have one iax device registered, it's always 4569, So why does amazon assign a different port to the second iax device? How would it even know? sean -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit
[asterisk-users] iax2: two users can't authenticate from same ip address
I'm trying set up asterisk on an amazon instance in Sydney. It's to use for our kids in Sydney to connect with their friends in the States. We've found iax works better than sip with these distances. But we now have weird problem: everybody has a cell phone, and it's much cheaper/better to use the house internet connection over the phones wifi. Each cell phone has it's own peer. Each cell phone registers with the server. The problem is that once a phone has used the server, no other phone can use it. The servers sees all the phones as having the same ip address (though different ports). iax2 show peers Name/UsernameHostMask Port Status Description gn ipaddr (D) 255.255.255.255 1026 OK (101 ms) home/homeipaddr (D) 255.255.255.255 4569 OK (85 ms) but home can't make a call: chan_iax2.c:11157 socket_process_helper: Host ipaddr failed to authenticate as gn gn can make calls: -- Registered IAX2 'gn' (AUTHENTICATED) at ipaddr:1026 -- Accepting AUTHENTICATED call from ipaddr: requested format = speex, -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
