DUNDi Keys


#1

Ok… I’m having a problem with two DUNDi peers I have created. For some reason there’s a key issue.

I ran astgenkeys -n on each host and copied their public and private keys to var/lib/asterisk/keys. I started Asterisk with -i. Here’s the output of ‘show keys’ on each peer.

bil-pdev-4*CLI> show keys
Key Name Type Status Sum
freeworlddialup PUBLIC [Loaded] 5efd552d73309f29212331a75f3c701e
iaxtel PUBLIC [Loaded] d919b3ef03eb4dc54c8fee86bfeeada1
seven PUBLIC [Loaded] 4f03a2d8250a6518b9e06bcd16d0db65
five PUBLIC [Loaded] 603efa0a68f3b83f373066f6f3bc5828
seven PRIVATE [Loaded] a5fe85df23321290b7649a62fea62799
5 known RSA keys.

bil-pdev-2*CLI> show keys
Key Name Type Status Sum
five PUBLIC [Loaded] 603efa0a68f3b83f373066f6f3bc5828
seven PUBLIC [Loaded] 4f03a2d8250a6518b9e06bcd16d0db65
iaxtel PUBLIC [Loaded] d919b3ef03eb4dc54c8fee86bfeeada1
freeworlddialup PUBLIC [Loaded] 5efd552d73309f29212331a75f3c701e
five PRIVATE [Loaded] 1251c62cf3316fbfba441784a20a3be4
5 known RSA keys.

When I run a dundi lookup on the first host with ‘dundi debug’ I get the following:

*CLI> dundi debug
DUNDi Debugging Enabled
*CLI> dundi lookup 14065551XXXX@priv
ETx-Frame Retry[No] – OSeqno: 000 ISeqno: 000 Type: DPDISCOVER (Command)
Flags: 00 STrans: 19730 DTrans: 00000 [192.168.10.5:4520]
VERSION : 1
DIRECT EID : 00:14:22:1b:33:c9
CALLED NUMBER : 14065551XXXX
CALLED CONTEXT : priv
TTL : 32

Tx-Frame Retry[No] – OSeqno: 000 ISeqno: 000 Type: ENCRYPT (Command)
Flags: 00 STrans: 19730 DTrans: 00000 [192.168.10.5:4520]
ENTITY IDENT : 00:14:22:1b:33:c9
SHAREDKEY : [ 0b e6 8b 65 45 61 89 f5 c0 e7 f0 7e 27 d6 1b 73 89 49 32 90 65 e8 2a ce 4e c3 77 64 e5 1d ff 62 f3 d8 53 df 0b f5 96 15 b5 4f 37 94 a5 7b be db 77 f1 1e fc 6a 87 47 8d 87 7c 80 6d 3e c8 bc 46 a0 d4 12 c5 8d 4c 95 4a ad ca 32 16 59 38 f0 41 09 cf 78 a0 54 1d ac 32 de 6e d1 c4 79 9a b9 c6 1b d1 5c 56 d2 4a a5 3d 12 f8 be 66 0c 8b bb 02 83 eb 27 ff 51 30 7b 9b ed d2 42 c4 42 1a c2 1b ]
SIGNATURE : [ 62 20 78 65 1f 9a 5d df af 48 c0 6d 1c fd d9 7a 02 9d 4d 58 4e 9a e4 e5 cb 76 64 d1 ef ae 55 fc 85 78 80 1b b7 65 a1 3b 45 b5 b2 fe f3 26 97 f1 d3 3d 77 5f 35 d3 fc bc 6a 8c c7 b1 51 47 6c 01 69 3b 0e 4a e4 8e 21 ef 6e 00 30 65 5f 62 02 41 9e 6d 90 0e 39 40 06 a8 80 50 c4 e7 d9 a0 0b 5e 87 22 d7 32 ee 9e 04 0c a3 0a 36 5d 68 98 54 57 f0 da df e4 db c7 6e 63 29 11 6a 3d b2 8f 6c d0 ]
ENCDATA : [IV 5cc27456234d5251e7300b5f267f5321] 4 encrypted blocks

Rx-Frame Retry[No] – OSeqno: 000 ISeqno: 001 Type: ENCREJ (Response)
Flags: 00 STrans: 03980 DTrans: 19730 [192.168.10.5:4520] (Final)
Tx-Frame Retry[No] – OSeqno: 001 ISeqno: 001 Type: ACK (Response)
Flags: 00 STrans: 19730 DTrans: 03980 [192.168.10.5:4520] (Final)
DUNDi lookup returned no results.
DUNDi lookup completed in 10 ms

and here’s what comes up on the other peer:

*CLI> dundi debug
DUNDi Debugging Enabled
*CLI> Rx-Frame Retry[No] – OSeqno: 000 ISeqno: 000 Type: ENCRYPT (Command)
Flags: 00 STrans: 19730 DTrans: 00000 [192.168.10.7:4520]
ENTITY IDENT : 00:14:22:1b:33:c9
SHAREDKEY : [ 0b e6 8b 65 45 61 89 f5 c0 e7 f0 7e 27 d6 1b 73 89 49 32 90 65 e8 2a ce 4e c3 77 64 e5 1d ff 62 f3 d8 53 df 0b f5 96 15 b5 4f 37 94 a5 7b be db 77 f1 1e fc 6a 87 47 8d 87 7c 80 6d 3e c8 bc 46 a0 d4 12 c5 8d 4c 95 4a ad ca 32 16 59 38 f0 41 09 cf 78 a0 54 1d ac 32 de 6e d1 c4 79 9a b9 c6 1b d1 5c 56 d2 4a a5 3d 12 f8 be 66 0c 8b bb 02 83 eb 27 ff 51 30 7b 9b ed d2 42 c4 42 1a c2 1b ]
SIGNATURE : [ 62 20 78 65 1f 9a 5d df af 48 c0 6d 1c fd d9 7a 02 9d 4d 58 4e 9a e4 e5 cb 76 64 d1 ef ae 55 fc 85 78 80 1b b7 65 a1 3b 45 b5 b2 fe f3 26 97 f1 d3 3d 77 5f 35 d3 fc bc 6a 8c c7 b1 51 47 6c 01 69 3b 0e 4a e4 8e 21 ef 6e 00 30 65 5f 62 02 41 9e 6d 90 0e 39 40 06 a8 80 50 c4 e7 d9 a0 0b 5e 87 22 d7 32 ee 9e 04 0c a3 0a 36 5d 68 98 54 57 f0 da df e4 db c7 6e 63 29 11 6a 3d b2 8f 6c d0 ]
ENCDATA : [IV 5cc27456234d5251e7300b5f267f5321] 4 encrypted blocks

Tx-Frame Retry[No] – OSeqno: 000 ISeqno: 001 Type: ENCREJ (Response)
Flags: 00 STrans: 03980 DTrans: 19730 [192.168.10.7:4520] (Final)
Rx-Frame Retry[No] – OSeqno: 001 ISeqno: 001 Type: ACK (Response)
Flags: 00 STrans: 19730 DTrans: 03980 [192.168.10.7:4520] (Final)

Here’s the var/lib/asterisk/keys directories on both:
[pbx12@bil-pdev-4 ~]$ ls -l var/lib/asterisk/keys
total 20
-rw-r–r-- 1 pbx12 pbx12 272 Nov 17 15:26 five.pub
-rw-r–r-- 1 pbx12 pbx12 272 Nov 15 17:24 freeworlddialup.pub
-rw-r–r-- 1 pbx12 pbx12 272 Nov 15 17:24 iaxtel.pub
-rw-r–r-- 1 pbx12 pbx12 891 Nov 17 15:25 seven.key
-rw-r–r-- 1 pbx12 pbx12 272 Nov 17 15:25 seven.pub

[pbx12@bil-pdev-2 ~]$ ls -l var/lib/asterisk/keys
total 68
-rw-r–r-- 1 pbx12 pbx12 887 Nov 17 15:29 five.key
-rw-r–r-- 1 pbx12 pbx12 272 Nov 17 15:29 five.pub
-rw-rw-r-- 1 pbx12 pbx12 48889 Nov 17 16:38 foo
-rw-r–r-- 1 pbx12 pbx12 272 Nov 15 17:33 freeworlddialup.pub
-rw-r–r-- 1 pbx12 pbx12 272 Nov 15 17:33 iaxtel.pub
-rw-r–r-- 1 pbx12 pbx12 272 Nov 17 15:29 seven.pub

Here’s dundi.conf for the first peer:
[00:0D:56:8A:8F:66]
model = symmetric
host = 192.168.10.5
inkey = five
outkey = seven
include = priv
permit = priv
order = primary
;register = yes
;qualify = yes

and here’s dundi.conf for the second peer:

[00:0D:88:37:10:CC]
model = symmetric
host = 192.168.10.7
inkey = seven
outkey = five
include = priv
permit = priv
order = secondary
;qualify = yes
;register = yes

The ENCREJ response that the remote peer is sending seems to be indicative of some sort of key error. What key error!?!? It all looks fine to me! This is completely INSANE!


#2

yawn