Multiple times in the past 36 hours, since deploying IAX2 encryption on multiple nodes, Asterisk switches have been crashing in a rather bizarre way.
Here’s what happens leading up to a crash. I can reproduce it by, it seems, dialing a number that requires MD5 encryption but not providing the secret. Only in certain cases, though. It wasn’t happening yesterday when I was messing around, but this happens not just on my Asterisk switch but multiple different switches. The below is a verbose 10, iax2 debug on CLI output from one switch:
[Jan 26 20:30:46] – Executing [start@dialredacted:9] Dial(“Local/211@dt-ld-00000000;2”, “IAX2/redacted@example.com/211,60,hg”) in new stack
[Jan 26 20:30:46] Tx-Frame Retry[000] – OSeqno: 000 ISeqno: 000 Type: IAX Subclass: NEW
[Jan 26 20:30:46] Timestamp: 00010ms SCall: 10373 DCall: 00000 1.1.1.1:4569
[Jan 26 20:30:46] VERSION : 2
[Jan 26 20:30:46] CALLED NUMBER : 211
[Jan 26 20:30:46] – Called IAX2/redacted@example.com/211
[Jan 26 20:30:46] CODEC_PREFS : (ulaw|gsm|ilbc|speex|lpc10|g729|g723|alaw|g726|g726aal2|adpcm|slin|slin16|speex16|g722|siren7|siren14|testlaw|g719|opus|jpeg|png|h261|h263|h263p|h264|mpeg4|vp8|red|t140)
[Jan 26 20:30:46] CALLING NUMBER : 2311126
[Jan 26 20:30:46] CALLING PRESNTN : 0
[Jan 26 20:30:46] CALLING TYPEOFN : 0
[Jan 26 20:30:46] CALLING TRANSIT : 0
[Jan 26 20:30:46] CALLING NAME : John Smith via redactedCFL01
[Jan 26 20:30:46] LANGUAGE : en
[Jan 26 20:30:46] USERNAME : redacted
[Jan 26 20:30:46] ENCRYPTION : 32769
[Jan 26 20:30:46] FORMAT : 4
[Jan 26 20:30:46] FORMAT2 : ulaw
[Jan 26 20:30:46] CAPABILITY : 218103807
[Jan 26 20:30:46] CAPABILITY2 : Unknown
[Jan 26 20:30:46] ADSICPE : 0
[Jan 26 20:30:46] DATE TIME : 2021-01-26 20:30:46
[Jan 26 20:30:46] VARIABLE : redactedmlpp=0
[Jan 26 20:30:46] VARIABLE : clidverif=10
[Jan 26 20:30:46] VARIABLE : DISAVIA=6461111
[Jan 26 20:30:46]
[Jan 26 20:30:46] Rx-Frame Retry[ No] – OSeqno: 000 ISeqno: 001 Type: IAX Subclass: CTOKEN
[Jan 26 20:30:46] Timestamp: 00010ms SCall: 00001 DCall: 10373 1.1.1.1:4569
[Jan 26 20:30:46] CALLTOKEN : 51 bytes
[Jan 26 20:30:46]
[Jan 26 20:30:46] Tx-Frame Retry[000] – OSeqno: 000 ISeqno: 000 Type: IAX Subclass: NEW
[Jan 26 20:30:46] Timestamp: 00049ms SCall: 10373 DCall: 00000 1.1.1.1:4569
[Jan 26 20:30:46] VERSION : 2
[Jan 26 20:30:46] CALLED NUMBER : 211
[Jan 26 20:30:46] CODEC_PREFS : (ulaw|gsm|ilbc|speex|lpc10|g729|g723|alaw|g726|g726aal2|adpcm|slin|slin16|speex16|g722|siren7|siren14|testlaw|g719|opus|jpeg|png|h261|h263|h263p|h264|mpeg4|vp8|red|t140)
[Jan 26 20:30:46] CALLING NUMBER : 2311126
[Jan 26 20:30:46] CALLING PRESNTN : 0
[Jan 26 20:30:46] CALLING TYPEOFN : 0
[Jan 26 20:30:46] CALLING TRANSIT : 0
[Jan 26 20:30:46] CALLING NAME : John Smith via redactedCFL01
[Jan 26 20:30:46] LANGUAGE : en
[Jan 26 20:30:46] USERNAME : redacted
[Jan 26 20:30:46] ENCRYPTION : 32769
[Jan 26 20:30:46] FORMAT : 4
[Jan 26 20:30:46] FORMAT2 : ulaw
[Jan 26 20:30:46] CAPABILITY : 218103807
[Jan 26 20:30:46] CAPABILITY2 : Unknown
[Jan 26 20:30:46] ADSICPE : 0
[Jan 26 20:30:46] DATE TIME : 2021-01-26 20:30:46
[Jan 26 20:30:46] VARIABLE : redactedmlpp=0
[Jan 26 20:30:46] VARIABLE : clidverif=10
[Jan 26 20:30:46] VARIABLE : DISAVIA=6461111
[Jan 26 20:30:46] CALLTOKEN : 51 bytes
[Jan 26 20:30:46]
[Jan 26 20:30:46] Rx-Frame Retry[ No] – OSeqno: 000 ISeqno: 001 Type: IAX Subclass: ACK
[Jan 26 20:30:46] Timestamp: 00049ms SCall: 02985 DCall: 10373 1.1.1.1:4569
[Jan 26 20:30:46] Rx-Frame Retry[ No] – OSeqno: 000 ISeqno: 001 Type: IAX Subclass: AUTHREQ
[Jan 26 20:30:46] Timestamp: 00013ms SCall: 02985 DCall: 10373 1.1.1.1:4569
[Jan 26 20:30:46] AUTHMETHODS : 2
[Jan 26 20:30:46] CHALLENGE : \x36\x39\x35\x35\x30\x39\x34\x36\x30
[Jan 26 20:30:46] ENCRYPTION : 1
[Jan 26 20:30:46] USERNAME : redacted
[Jan 26 20:30:46]
[Jan 26 20:30:46] WARNING[18195][C-00000000]: chan_iax2.c:11212 socket_process_helper: I don’t know how to authenticate redacted to 1.1.1.1:4569
[Jan 26 20:30:46] TE-Frame Retry[-01] – OSeqno: 001 ISeqno: 001 Type: IAX Subclass: ACK
[Jan 26 20:30:46] Timestamp: 00013ms SCall: 10373 DCall: 02985 1.1.1.1:4569
redactedcfl01*CLI>
Disconnected from Asterisk server
[Jan 26 20:30:46] Asterisk cleanly ending (0).
[Jan 26 20:30:46] Executing last minute cleanups
root@cfl01:~#
Not long afterwards, on the switch I called into that switch from and the switch I was trying to call, I see:
[2021-01-26 20:30:56] WARNING[20129]: chan_iax2.c:6725 iax2_send: Supposed to send packet encrypted, but no key?
[Jan 26 20:30:57] -- Executing [s@carriercrosstalk:9] Goto("Local/s@carriercrosstalk-000000f1;2", "loop") in new stack
[Jan 26 20:30:57] -- Goto (carriercrosstalk,s,6)
[Jan 26 20:30:57] -- Executing [s@carriercrosstalk:6] ExecIf("Local/s@carriercrosstalk-000000f1;2", "1?Hangup") in new stack
[Jan 26 20:30:57] == Spawn extension (carriercrosstalk, s, 6) exited non-zero on 'Local/s@carriercrosstalk-000000f1;2'
[2021-01-26 20:31:06] WARNING[20125]: chan_iax2.c:6725 iax2_send: Supposed to send packet encrypted, but no key?
[2021-01-26 20:31:07] WARNING[20126]: chan_iax2.c:6725 iax2_send: Supposed to send packet encrypted, but no key?
[2021-01-26 20:31:16] WARNING[20131]: chan_iax2.c:6725 iax2_send: Supposed to send packet encrypted, but no key?
No surprise here. The remote Asterisk has crashed, so that’s probably where this is coming from.
The only thing in the error log (messages) is:
[Jan 26 20:30:46] WARNING[18195][C-00000000] chan_iax2.c: I don't know how to authenticate readacted to redacted:4569
debug log is… completely empty! (Yes, I have it enabled in logger.conf)
No duh… but why does this crash the entire Asterisk process? I’ve tried this before where if the secret is not provided, the call fails - so why is Asterisk crashing consistently in this case? This happens on multiple versions of Asterisk: 13.23.1, 13.36, and 16, every single time if the secret is not provided.
As expected, as soon as I provide in Dial() the secret required by the peer, the call completes normally and does not crash. Why is it crashing when the secret is not provided?
Here are a few additional observations:
-
If the wrong secret is provided (but one IS provided), it will attempt the call for about 30 seconds or so before timing out CHANUNAVAIL - Max retries exceeded. Makes perfect sense to me and this seems like expected behavior.
-
It does not seem to matter if the called IAX user is “recognized” as requiring IAX authentication or not. I tried with a brand new one, omitting the password, and Asterisk also crashes as before.
-
If the requested IAX2 user does NOT exist on the remote end, this does not happen. I suppose that also makes sense. So, it seems to me that somehow the failed negotiation/authentication of a user where an MD5 secret is required but no secret is required causes Asterisk to crash.
-
This only happens with MD5 authentication. If I change auth=md5 to auth=plaintext on the called node, the calling node no longer crashes, it just has the same behavior as if the wrong secret was provided (CHANUNAVAIL / I don’t know how to authenticate). So, plain text “works”. Something is wrong with MD5.
Just to be clear, I also see the “I don’t know how to authenticate” message in the console on MD5 calls, but Asterisk crashes immediately afterwards.
I enabled the option to dump core when Asterisk crashes, and I tried to inspect this, but it appears to be a binary file so I am not really sure how to read that.