IAX2 authentication error

I am having a strange issue with IAX2 where the user can register with the asterisk box fine, but when placing a call, gets an authentication error. I’ve searched relentlessly for a solution but cannot find one. Anyone’s help would be greatly appreciated.

Here is the setup:
Asterisk version 1.8.2.3
Asterisk is a live IP
User is a laptop behind NAT
User is using Zoiper Web

Here are my config files:

–iax.conf–

[code][general]
bindport=4569
iaxcompat=yes
disallow=all
allow=ulaw
allow=alaw
allow=slin
allow=gsm
jitterbuffer=no
tos=lowdelay
permit=0.0.0.0/0.0.0.0

[42]
username=42
secret=test
accountcode=42
callerid=“MyName” <8775555555>
mailbox=42
requirecalltoken=no
context=zoiper-test
type=friend
auth=plaintext
host=dynamic
permit=0.0.0.0/0.0.0.0[/code]

–extensions.conf (setup for basic testing)–

[zoiper-test] exten => echotest,1,Answer(); exten => echotest,2,Echo();

Here is the debug output (user connects, auths fine, places a call, auth fails, user logs off):

[code]Rx-Frame Retry[ No] – OSeqno: 000 ISeqno: 000 Type: IAX Subclass: REGREQ
Timestamp: 00001ms SCall: 00002 DCall: 00000 [24.140.83.62:4569]
USERNAME : 42
REFRESH : 60
CALLTOKEN : Present
FW BLOCK DATA : 34 bytes

Rx-Frame Retry[ No] – OSeqno: 000 ISeqno: 000 Type: IAX Subclass: REGREQ
Timestamp: 00001ms SCall: 00002 DCall: 00000 [24.140.83.62:4569]
USERNAME : 42
REFRESH : 60
CALLTOKEN : 51 bytes
FW BLOCK DATA : 34 bytes

Tx-Frame Retry[000] – OSeqno: 000 ISeqno: 001 Type: IAX Subclass: REGAUTH
Timestamp: 00006ms SCall: 01764 DCall: 00002 [24.140.83.62:4569]
AUTHMETHODS : 1
USERNAME : 42

Rx-Frame Retry[ No] – OSeqno: 001 ISeqno: 001 Type: IAX Subclass: REGREQ
Timestamp: 00076ms SCall: 00002 DCall: 01764 [24.140.83.62:4569]
USERNAME : 42
PASSWORD : test
REFRESH : 60
FW BLOCK DATA : 34 bytes

-- Registered IAX2 '42' (AUTHENTICATED) at 24.140.83.62:4569

Tx-Frame Retry[000] – OSeqno: 001 ISeqno: 002 Type: IAX Subclass: REGACK
Timestamp: 00098ms SCall: 01764 DCall: 00002 [24.140.83.62:4569]
USERNAME : 42
DATE TIME : 2011-08-21 14:00:36
REFRESH : 60
APPARENT ADDRES : IPV4 24.140.83.62:4569
MESSAGE COUNT : 0
CALLING NUMBER : 8775555555
CALLING NAME : MyName

Rx-Frame Retry[ No] – OSeqno: 002 ISeqno: 002 Type: IAX Subclass: ACK
Timestamp: 00098ms SCall: 00002 DCall: 01764 [24.140.83.62:4569]

main*CLI> iax2 show peer 42

• Name : 42
  Secret :
  Context : zoiper-test
  Parking lot :
  Mailbox : 42
  Dynamic : Yes
  Callnum limit: 0
  Calltoken req: No
  Trunk : No
  Encryption : No
  Callerid : “MyName” <8775555555>
  Expire : 91
  ACL : Yes
  Addr->IP : 24.140.83.62 Port 4569
  Defaddr->IP : 0.0.0.0 Port 0
  Username : 42
  Codecs : 0x4e (gsm|ulaw|alaw|slin)
  Codec Order : (ulaw|alaw|slin|gsm)
  Status : Unmonitored
  Qualify : every 60000ms when OK, every 10000ms when UNREACHABLE (sample smoothing Off)

Rx-Frame Retry[ No] – OSeqno: 000 ISeqno: 000 Type: IAX Subclass: REGREQ
Timestamp: 00001ms SCall: 00003 DCall: 00000 [24.140.83.62:4569]
USERNAME : 42
REFRESH : 60
CALLTOKEN : Present
FW BLOCK DATA : 34 bytes

Rx-Frame Retry[ No] – OSeqno: 000 ISeqno: 000 Type: IAX Subclass: REGREQ
Timestamp: 00001ms SCall: 00003 DCall: 00000 [24.140.83.62:4569]
USERNAME : 42
REFRESH : 60
CALLTOKEN : 51 bytes
FW BLOCK DATA : 34 bytes

Tx-Frame Retry[000] – OSeqno: 000 ISeqno: 001 Type: IAX Subclass: REGAUTH
Timestamp: 00003ms SCall: 02502 DCall: 00003 [24.140.83.62:4569]
AUTHMETHODS : 1
USERNAME : 42

Rx-Frame Retry[ No] – OSeqno: 001 ISeqno: 001 Type: IAX Subclass: REGREQ
Timestamp: 00051ms SCall: 00003 DCall: 02502 [24.140.83.62:4569]
USERNAME : 42
PASSWORD : test
REFRESH : 60
FW BLOCK DATA : 34 bytes

Tx-Frame Retry[000] – OSeqno: 001 ISeqno: 002 Type: IAX Subclass: REGACK
Timestamp: 00052ms SCall: 02502 DCall: 00003 [24.140.83.62:4569]
USERNAME : 42
DATE TIME : 2011-08-21 14:01:22
REFRESH : 60
APPARENT ADDRES : IPV4 24.140.83.62:4569
MESSAGE COUNT : 0
CALLING NUMBER : 8775555555
CALLING NAME : MyName

Rx-Frame Retry[ No] – OSeqno: 002 ISeqno: 002 Type: IAX Subclass: ACK
Timestamp: 00052ms SCall: 00003 DCall: 02502 [24.140.83.62:4569]
Rx-Frame Retry[ No] – OSeqno: 000 ISeqno: 000 Type: IAX Subclass: NEW
Timestamp: 00001ms SCall: 00004 DCall: 00000 [24.140.83.62:4569]
VERSION : 2
CALLING NUMBER :
CALLED CONTEXT : 216.116.173.211
CALLING NAME :
CALLING PRESNTN : 1
CALLING TYPEOFN : 0
CALLING TRANSIT : 0
FORMAT : 2
CAPABILITY : 1550
USERNAME : 42
CALLED NUMBER : 13301111111
DNID : 13301111111
ADSICPE : 0
CALLTOKEN : Present
FW BLOCK DATA : 34 bytes

Rx-Frame Retry[ No] – OSeqno: 000 ISeqno: 000 Type: IAX Subclass: NEW
Timestamp: 00001ms SCall: 00004 DCall: 00000 [24.140.83.62:4569]
VERSION : 2
CALLING NUMBER :
CALLED CONTEXT : 216.116.173.211
CALLING NAME :
CALLING PRESNTN : 1
CALLING TYPEOFN : 0
CALLING TRANSIT : 0
FORMAT : 2
CAPABILITY : 1550
USERNAME : 42
CALLED NUMBER : 13301111111
DNID : 13301111111
ADSICPE : 0
CALLTOKEN : 51 bytes
FW BLOCK DATA : 34 bytes

Tx-Frame Retry[000] – OSeqno: 000 ISeqno: 001 Type: IAX Subclass: AUTHREQ
Timestamp: 00014ms SCall: 04198 DCall: 00004 [24.140.83.62:4569]
AUTHMETHODS : 1
USERNAME : 42

Rx-Frame Retry[ No] – OSeqno: 001 ISeqno: 001 Type: IAX Subclass: AUTHREP
Timestamp: 00051ms SCall: 00004 DCall: 04198 [24.140.83.62:4569]
PASSWORD : test

[Aug 21 14:01:34] NOTICE[11309]: chan_iax2.c:10894 socket_process: Host 24.140.83.62 failed to authenticate as 42
Tx-Frame Retry[-01] – OSeqno: 001 ISeqno: 002 Type: IAX Subclass: ACK
Timestamp: 00051ms SCall: 04198 DCall: 00004 [24.140.83.62:4569]
Tx-Frame Retry[000] – OSeqno: 001 ISeqno: 002 Type: IAX Subclass: REJECT
Timestamp: 00065ms SCall: 04198 DCall: 00004 [24.140.83.62:4569]
CAUSE : No authority found
CAUSE CODE : 50

Tx-Frame Retry[001] – OSeqno: 001 ISeqno: 002 Type: IAX Subclass: REJECT
Timestamp: 00065ms SCall: 04198 DCall: 00004 [24.140.83.62:4569]
CAUSE : No authority found
CAUSE CODE : 50

Rx-Frame Retry[ No] – OSeqno: 002 ISeqno: 002 Type: IAX Subclass: ACK
Timestamp: 00065ms SCall: 00004 DCall: 04198 [24.140.83.62:4569]
Rx-Frame Retry[ No] – OSeqno: 000 ISeqno: 000 Type: IAX Subclass: REGREL
Timestamp: 00001ms SCall: 00005 DCall: 00000 [24.140.83.62:4569]
USERNAME : 42
CALLTOKEN : Present
FW BLOCK DATA : 34 bytes

Rx-Frame Retry[ No] – OSeqno: 000 ISeqno: 000 Type: IAX Subclass: REGREL
Timestamp: 00001ms SCall: 00005 DCall: 00000 [24.140.83.62:4569]
USERNAME : 42
CALLTOKEN : 51 bytes
FW BLOCK DATA : 34 bytes

Tx-Frame Retry[000] – OSeqno: 000 ISeqno: 001 Type: IAX Subclass: REGAUTH
Timestamp: 00008ms SCall: 03315 DCall: 00005 [24.140.83.62:4569]
AUTHMETHODS : 1
USERNAME : 42

Rx-Frame Retry[ No] – OSeqno: 001 ISeqno: 001 Type: IAX Subclass: REGREL
Timestamp: 00051ms SCall: 00005 DCall: 03315 [24.140.83.62:4569]
USERNAME : 42
PASSWORD : test
FW BLOCK DATA : 34 bytes

-- Unregistered IAX2 '42' (AUTHENTICATED)

Tx-Frame Retry[000] – OSeqno: 001 ISeqno: 002 Type: IAX Subclass: REGACK
Timestamp: 00059ms SCall: 03315 DCall: 00005 [24.140.83.62:4569]
USERNAME : 42
DATE TIME : 2011-08-21 14:01:38

Rx-Frame Retry[ No] – OSeqno: 002 ISeqno: 002 Type: IAX Subclass: ACK
Timestamp: 00059ms SCall: 00005 DCall: 03315 [24.140.83.62:4569][/code]

I hope someone can point me in the right direction.
Thank you,
Dickon…

Problem still persists. Does anyone have any input on how to resolve this issue?

Thank you,
Dickon…

Try adding in the general section:

calltokenoptional=0.0.0.0/0.0.0.0
requierecalltoken=no
maxcallnumbers=16381

I added those lines to the iax.conf, restarted asterisk, and tried the phone again. The same problem exists.

[code]Tx-Frame Retry[000] – OSeqno: 000 ISeqno: 001 Type: IAX Subclass: AUTHREQ
Timestamp: 00017ms SCall: 00741 DCall: 00003 [216.130.3.146:16483]
AUTHMETHODS : 1
USERNAME : 42

Rx-Frame Retry[ No] – OSeqno: 001 ISeqno: 001 Type: IAX Subclass: AUTHREP
Timestamp: 00067ms SCall: 00003 DCall: 00741 [216.130.3.146:16483]
PASSWORD : test

[Aug 26 08:25:27] NOTICE[18942]: chan_iax2.c:10894 socket_process: Host 216.130.3.146 failed to authenticate as 42
Tx-Frame Retry[-01] – OSeqno: 001 ISeqno: 002 Type: IAX Subclass: ACK
Timestamp: 00067ms SCall: 00741 DCall: 00003 [216.130.3.146:16483]
Tx-Frame Retry[000] – OSeqno: 001 ISeqno: 002 Type: IAX Subclass: REJECT
Timestamp: 00082ms SCall: 00741 DCall: 00003 [216.130.3.146:16483]
CAUSE : No authority found
CAUSE CODE : 50[/code]

Hi

I would set the auth to md5 “auth=md5” and not plain text

Ian

I have tried that too, it doesn’t affect this issue. It is currently set to plain text for debugging since I’m having authentication errors. Once the problem is resolved, I will return it to MD5.

Dickon…

What if you change your context “zoiper-test” for “zoiper” only? And add defaultuser=42

I changed the context everywhere to be just “zoiper” and the problem persists.

Where does the “defaultuser” setting go? I’m willing to try anything to get this working, but ultimately I’ll need multiple users active rather than defaulting to just 42.

Thank you,
Dickon…

I have tried upgrading the server to the latest asterisk version (currently 1.8.5.0) and the problem persists.

If anyone has anything else I can try it would be greatly appreciated. I have to find a solution to this problem and get the web phone working.

Thank you,
Dickon…

Bump. Problem still exists. Anyone have any input?

Dickon…

I’ve been trying various things on my own. To get over this hurdle, I decided to change the source code which is giving me my auth error in hopes that the error is elsewhere. Once I can locate the true source of my problem, I can restore the source code.

I removed the section of code from chan_iax.c giving me my auth problem, and I got to a new error:
[quote][Sep 5 20:36:09] NOTICE[22627]: chan_iax2.c:10915 socket_process: Rejected connect attempt from x.x.x.x, request '1xxxxxxxxxx@x.x.x.x’ does not exist[/quote]

The first blanked IP is my client (running zoiper), and the second is my cell phone I’m trying to dial “@” my asterisk server IP.

Even though my iax.conf specifies the “zoiper” context, asterisk isn’t using it (zoiper complained with a no route error). For some reason, asterisk is trying to use my server IP as the context. I added that context with basic testing dialplan steps. This got me a little further. This time it was happy with the context and routing, but had a new error:
[quote][Sep 5 20:38:46] NOTICE[22735]: chan_iax2.c:10967 socket_process: Rejected connect attempt from x.x.x.x, requested/capability ‘0x2 (gsm)’/‘0x60e (gsm|ulaw|alaw|speex|ilbc)’ incompatible with our capability ‘0x0 (nothing)’.[/quote]
Again, blanked IP is my client ip.

Now I’m trying to figure out why my server doesn’t think it has any codecs. I looked again at the source code and understood the message better. Zoiper is asking for GSM, but supports GSM/ULAW/etc….but my server is saying “0x0 (nothing)”. I tried digging and digging and cannot see why my server thinks is doesn’t have codecs.

Since there have been many changes, here’s my iax.conf again:

[code][general]
bindport=4569
iaxcompat=yes
;bandwidth=high
disallow=all
allow=ulaw
allow=alaw
allow=slin
allow=gsm
jitterbuffer=no
tos=lowdelay

[42]
username=42
secret=test
accountcode=42
callerid=“Admin Phone” <>
mailbox=42
requirecalltoken=no
context=zoiper
type=friend
auth=md5
host=dynamic[/code]

Reseaching online doesn’t provide many results on why asterisk would think it doesn’t have codecs except for the “disallow” then “allow” statements in my iax.conf.

My modules.conf has autoload=yes and in “CLI> modules show” I can see the gsm, ulaw, alaw codecs. I also did a module reload on gsm and I get the same error below.

I hope this lights a bulb for someone and they can help me locate the root of my problems. Once I can isolate the main issue I hope to back out my code changes and restore it back to normal. My source changes don’t make me too comfortable, but it does appear to be helping me locate the problem.

Dickon…

bump…problem still exists…

Problem is now resolved. It appears asterisk doesn’t give any information as to what the root cause of the problem was. I downloaded the Zoiper softphone app (regular windows app, not web phone), and it worked perfectly. When dissecting the debugging to see how the application version differs from the web version, I added a “context=” to the HTML on the zoiper settings. This fixed the problem.

Please note, that zoiper ignored my context settings in iax.conf which were correct. And when backing in a context based on what zoiper was sending over by default (the IP of the server), it still didn’t work. This is an obscure fix to an obscure problem.

I hope this thread can be of use to other users out there.

Hi,

I realise it is a while since you had this issue but wondered if you can perhaps help with my similar issue?

I have softphones which register fine using IAX (Can’t use SIP for security reasons) but as soon as I place a call I get an error saying “Can’t match codec in IAX call (16)”

I have checked the conf files as per your post above and cannot see anything glaringly obvious - any suggestions you or anyone else may have would be gratefully received.