Thank you to both Chris and Tim I could not get my head around this .. after seeing the examples it now makes sense what needs to be done. I will give both a whirl tonight.
I do like the RSA key idea. One question is this, will I need multiple accounts on the Static IP machines so the Dynamic machine has the ability to make more then one concurrent SIP call through the Static IP machine ? If I could get the Static IP box to go through the my SMC router it would be great. I tried opening the ports. 5060udp/tcp, 10000-20000udp/tcp. Tried even setting the machine in the DMZ zone. I think the VOIP provider just has problems translating through the NAT or something. The linux box is running [EMAIL PROTECTED] no firewall setting that I know of. To much of a Newbie at linux .. lol and I have been at it for almost 1 year now and still have soooo much to learn. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chris Sent: Thursday, May 05, 2005 4:46 PM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [Asterisk-Users] Connecting 2 * Together-Pulling hair out I haven't gotten to keys yet. The documentation out there doesn't seem to be very good. Chris ----- Original Message ----- From: "Tim Pushor" <[EMAIL PROTECTED]> To: "Asterisk Users Mailing List - Non-Commercial Discussion" <[email protected]> Sent: Thursday, May 05, 2005 4:06 PM Subject: Re: [Asterisk-Users] Connecting 2 * Together-Pulling hair out > Personally, if I owned both boxes and had full control of the dialplan > on both, I'd stay away from passwords. (but be careful what I say, I'm a > hack) > > I have a bunch of boxes connected together via IAX and authenticating > via RSA. The entries in iax.conf are simple, and dialing across the > connection is simple (no passwords in the dialplan) (thanks again Rich > for taking the time). > > Tim > > Here is a sample of iax.conf entries on machine a: > > [machineb] > type=user > host=machineb.internal.net > auth=rsa > inkeys=machineb > username=machineb > context=inbound > > [machineb] > type=peer > host=machineb.internal.net > auth=rsa > outkey=machinea > username=machinea > > And an example dialplan entry to dial an extention on machineb (in the > inbound context): > > exten => 333,1,Dial(IAX2/machineb/333) > > And on machinea, the opposite of machineb: > > [machinea] > type=user > host=machinea.internal.net > auth=rsa > inkeys=machinea > username=machinea > context=inbound > > [machinea] > type=peer > host=machinea.internal.net > auth=rsa > outkey=machineb > username=machineb > > To generate the keys: > > on machinea: > > astgenkey -n machinea > mv machinea.* /var/lib/asterisk/keys > > copy machinea.pub to machineb's /var/lib/asterisk/keys > > on machineb: > > astgenkey -n machineb > mv machineb.* /var/lib/asterisk/keys > > copy machineb.pub to machinea's /var/lib/asterisk/keys > > > Chris wrote: > > > I have something similar. Both of my servers are behind a firewall and NAT. You will need to allow UDP 4569 through the firewall for IAX2. If you have NAT you will need to redirect 4569 to the internal server. > > > > I would suggest using AMP and then looking at IAX_ADDITIONAL.CONF to see how it's done. You can modify the IAX.CONf because I don't believe AMP rewrites that file. > > > > I think the user and passwords are required. I would suggest using a strong password or someone may decide to make a few phone calls. After this you will need the routing in Extensions.conf to allow calls to be made on this trunk. > > > > Asterisk will handle the SIP > IAX. All my clients are SIP and they have no trouble going over a IAX trunk to other SIP devices on the other server. > > > >This is what my IAX_ADDITIONAL.CONF looks like > > > >SiteA - Dynamic IP > >-------------- > >[boxb-peer] > >username=boxa-user > >type=peer > >trunk=yes > >secret=mypassword > >host=thehost.dyndns.org > > > >[boxb-user] > >type=user > >secret=mypassword2 > >host=thehost.dyndns.org > >context=from-internal > > > >--------------- > >Site b - Static IP > >---------------- > > > >[boxa-peer] > >username=boxb-user > >type=peer > >trunk=yes > >secret=mypassword2 > >host=xxx.xxx.xxx.xxx > > > >[boxa-user] > >type=user > >secret=mypassword > >host=xxx.xxx.xxx.xxx > >context=from-internal > > > > > >Regards, > > > >Chris > > > > > >----- Original Message ----- > >From: "mr. barker" <[EMAIL PROTECTED]> > >To: "'Asterisk Users Mailing List - Non-Commercial Discussion'" <[email protected]> > >Sent: Thursday, May 05, 2005 1:58 PM > >Subject: RE: [Asterisk-Users] Connecting 2 * Together-Pulling hair out > > > > > > > > > >>Yes trying to connect to boxes together. > >> > >>One sits outside the internal firewall and is on the inside. > >> > >>I am using AMP. However I can just put whatever I need in the custom.conf > >>sections. > >>The users agents are SIP .. can SIP call go over a IAX trunk ? if so great. > >>To create the trunk do I need to use a users name and password ? or ? > >> > >>I need to have the *box that is behind the firewall to be able to place a > >>call out through the *box that has a public ip. > >> > >>Thank you > >> > >>-----Original Message----- > >>From: [EMAIL PROTECTED] > >>[mailto:[EMAIL PROTECTED] On Behalf Of Chris > >>Sent: Thursday, May 05, 2005 8:20 AM > >>To: Asterisk Users Mailing List - Non-Commercial Discussion > >>Subject: Re: [Asterisk-Users] Connecting 2 * Together-Pulling hair out > >> > >> I am not sure what you are trying to do. I have created an IAX2 trunk > >>between the servers over an internet connection. > >>Then all you have to do is put in call routing on the trunks to forward the > >>call to the right place. Are you using AMP or trying to do it manually. > >>I found everything a little confusing as well, but it is simple now that I > >>understand it. > >> > >> > >>Chris > >> > >>----- Original Message ----- > >>From: "mr. barker" <[EMAIL PROTECTED]> > >>To: "'Asterisk Users Mailing List - Non-Commercial Discussion'" > >><[email protected]> > >>Sent: Thursday, May 05, 2005 4:43 AM > >>Subject: [Asterisk-Users] Connecting 2 * Together-Pulling hair out > >> > >> > >> > >> > >>> > >>> > >>> _____ > >>> > >>>Subject: [Asterisk-Users] Connecting 2 * Together-Pulling hair out > >>> > >>> > >>> > >>>I have read the docs on connecting 2* together but am unsure of a few > >>> > >>> > >>things > >> > >> > >>> > >>> > >>>Do I need a different account for each number that will be called from one > >>>box to the other ? ie. Do I set up a user account on one and then have the > >>>other box log into that account when it whats to make a call ? > >>> > >>> > >>> > >>>I have 2 asterisk boxes and only one of them has the ability to access a > >>>VoipAccount and PSTN connections.(*box 1). The other holds the SIP > >>>extensions for the internal SIP users/exten(*box2) > >>> > >>>I would like to be able to have the box with the Sip UA(*box2) on it to be > >>>able to place a call using the box that has the VoipAccount and PSTN > >>>connection. I am able to make multiple UA calls on the VoipAccount and 3 > >>> > >>> > >>on > >> > >> > >>>the PSTN lines (only have 3 lines coming in). I can get it to work if I > >>>create a user exten on *box1 and map a trunk(which is really only an > >>> > >>> > >>exten) > >> > >> > >>>using the user/password login to that exten from *box2. However when I > >>> > >>> > >>try > >> > >> > >>>to place a second call when the VOIP line is in use it gives me error ( > >>>basically saying can't use the trunk because it is in use) I would like > >>> > >>> > >>to > >> > >> > >>>be able to have this exten/trunk to be able to use multiple connections on > >>>it. > >>> > >>> > >>> > >>>There must be an easier way to do this I am just not sure how. I looked > >>> > >>> > >>at > >> > >> > >>>creating IAX trunks but still come up with the Trunk is really an Exten > >>>name/password . > >>> > >>> > >>> > >>>Any help would be appreciated. (my brain is boiling eggs) > >>> > >>> > >>> > >>>Thank you. > >>> > >>> > >>> > >>> > >>> > >>> > >>> > >>> > >>> > >>> > >>-------------------------------------------------------------------------- -- > >>---- > >> > >> > >> > >> > >>>_______________________________________________ > >>>Asterisk-Users mailing list > >>>[email protected] > >>>http://lists.digium.com/mailman/listinfo/asterisk-users > >>>To UNSUBSCRIBE or update options visit: > >>> http://lists.digium.com/mailman/listinfo/asterisk-users > >>> > >>> > >>_______________________________________________ > >>Asterisk-Users mailing list > >>[email protected] > >>http://lists.digium.com/mailman/listinfo/asterisk-users > >>To UNSUBSCRIBE or update options visit: > >> http://lists.digium.com/mailman/listinfo/asterisk-users > >> > >>------------------------------------------------------------------------ > >> > >>_______________________________________________ > >>Asterisk-Users mailing list > >>[email protected] > >>http://lists.digium.com/mailman/listinfo/asterisk-users > >>To UNSUBSCRIBE or update options visit: > >> http://lists.digium.com/mailman/listinfo/asterisk-users > >> > _______________________________________________ > Asterisk-Users mailing list > [email protected] > http://lists.digium.com/mailman/listinfo/asterisk-users > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users _______________________________________________ Asterisk-Users mailing list [email protected] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
