The configuration of iax.conf is well documented in the Asterisk handbook. From the sample IAX.CONF in the distribution:
Further user sections may be added, specifying a context and a secret used for connections with that given authentication name. Limited IP based access control is allowed by use of "permit" and "deny" keywords. Multiple rules are permitted. Multiple permitted contexts may be specified, in which case the first will be the default.
You can also override caller*ID so that when you receive a call you set the Caller*ID to be what you want instead of trusting what the remote user provides.
There are three authentication methods that are supported: md5, plaintext and rsa. The least secure is "plaintext", which sends passwords cleartext across the net. "md5" uses a challenge/response md5 sum arrangement, but still requires both ends have plain text access to the secret. "rsa" allows unidirectional secret knowledge through public/private keys. If "rsa" authentication is used, "inkeys" is a list of acceptable public keys on the local system that can be used to authenticate the remote peer, separated by the ":" character. "outkey" is a single, private key to use to authenticate to the other side.
Public keys are named /var/lib/asterisk/keys/
The follow codecs are valid for the allow/disallow parameter:
g723.1 gsm ulaw alaw g726 slinear lpc10 adpcm g729 speex ilbc h261 h263 all
With notransfer=yes you can prohibit Asterisk from stepping out of the media path and connecting the two endpoints directly to each other. This, of course, effects your call detail records (CDR) and billing information.
Note: This is quite similar to the sip.conf setting canreinvite=no
This has been changed in 1.4 to transfer=yes, options are yes no and mediaonly
Alternatively you can directly set the bit vlues:
tos=0x18 ; where the tos bits are set individually and in combination
For example
tos=0x10 = low delay
tos=0x08 = high throughput
tos=0x04 = high reliability
tos=0x02 = ECT bit set
tos=0x01 = CE bit set
or set multiple bits, such as
tos=0x18
to set both low delay and high throughput.
Please see:Although IAX channel details (username, secret, etc.) can be written explicitly into each dial string in extensions.conf, dial strings can be simplified/clarified by storing all of this information in the iax.conf file and then simply referencing by the channel name:
Dial(IAX2/
For example, to call IAXtel you can create an entry in iax.conf like this:
[iaxtel-outbound]
type=peer
username=
secret=
peercontext=iaxtel
host=iaxtel.com
Then use a Dial command of:
exten => _1700XXXXXX,1,Dial(IAX2/iaxtel-outbound/${EXTEN})
Note: The "peercontext" setting is only available in Asterisk CVS as of 2004-06-26.
Needs updating: added to wiki Oct14, 2004 Directive Value General Peer UserFor the most up to date list of directives supported by your version of Asterisk, check the source code for your version. In the file channels/chan_iax2.c, look for the functions named build_user, build_peer, and set_config. They contain directive names supported in the type=user, type=peer, and [general] sections of iax.conf, respectively. You don't have to be able to understand C to find the directive names, either; they're quite obvious. The information you find in the source will be more accurate than any list you're likely to find on a wiki page.
register => my_user:secret@host
[my_iaxprovider]
type=peer
auth=md5
notransfer=yes
host=IP
disallow=all
allow=gsm
allow=ulaw
allow=alaw
qualify=yes
trunk=yes
[my_user]
type=user
auth=md5
notransfer=yes
disallow=all
allow=gsm
allow=ulaw
trunk=yes
secret=XXXX
context= (context in extensions.conf where i want recive the incoming call)
N.B. Outbound calling in extensions.conf
exten =>_X.,1,Dial(IAX2/my_user:secret@my_iaxprovider/${EXTEN})
Register commands to connect to another IAX server has to be in the [general] section of iax.conf. To set up IAX in trunk mode, add "trunk=yes" to your definition in iax.conf. IAX Trunking needs support of a hardware timer. See Asterisk timer for more information. Do not use both "host=dynamic" and "defaultip=111.222.333.444", make sure it is just one or the other (see bugs 558 and 673). If you do not use IP-based access control for all of your type=user entries, and you expect your Asterisk installation to be reasonably secure, your iax.conf file must contain a "guest" entry with no secret specified. When a remote system connects to yours, it can connect without specifying a username (that is, connect anonymously). If you have a type=user section which does not specify a secret, Asterisk will allow them to connect with any secret specified in the file. This means that if you have a large number of type=user entries but no guest entry in iax.conf, someone only has to guess any one of your secrets to connect to your server as that user. In other words, they do not need to know both the username and the secret; the secret alone is enough! Asterisk gives preference to a secretless user for anonymous incoming connections, though, so the inclusion of such a section will solve this problem. For more information on IAX authentication within Asterisk, see Asterisk IAX authentication. Add a last entry in iax.conf with no password to force anonymous calls into a specific context. If you use realtime, don't have any user without a password and without permit/deny. Use the general option mailboxdetail=yes for details and the number of waiting voicemails. Works with most IAX phones like the AT-320 or softphones If you have "update_registry: Restricting registration for peer 'xxxxxx' to 60 seconds (requested 1200)", you can add maxregexpire=1300 to the [general] section.For troubleshooting IAX calls, turning on IAX debugging output can be very useful. In Asterisk 1.4 or later, the CLI command 'iax2 set debug on' turns on debugging output. In Asterisk 1.2, use 'iax2 debug' to enable IAX debugging output, and 'iax2 no debug' to turn it back off again. See also: Asterisk IAX authentication
Turn on iax debugging and see as which user the incoming call is trying to connect. You will probably need to have a type=user section which does not specify a secret= line. Check your context= lines. The first context= line listed in that section will be used if the call doesn't request a specific context.
See also: Asterisk No authority found
Turn on iax debugging. Check if the username of the incoming call exists as section name (the text in square brackets) in iax.conf. Note: it is not sufficient to have this specified only in a username= line; username= is used for outbound (i.e., type=peer) connections only. Note that this section will typically have type=user, though type=friend will also work.
if you get
Nov 2 15:58:47 ERROR[823]: chan_iax2.c:4040 handle_call_token: Call rejected, CallToken Support required. If unexpected, resolve by placing address 192.168.1.1 in the calltokenignore list or setting user iaxhorst requirecalltoken=no
Since AST-2009-006 there is a check for a call token performed. Older clients (e.g. Asterisk 1.2 before 1.2.35) don't support call tokens, so there is a parameter
per peer or
calltokenoptional = 192.168.1.0/255.255.255.0
per subnet.
Asterisk | Asterisk Configuration | IAX Channels
No comments:
Post a Comment