Iscriviti   Guestbook   Immagini   Forum   Download   Mappa   58 utenti on line 


IAX Configuration

From the sample IAX.CONF in the distribution:

Further user sections may be added, specifying a context and a secret used for connections with that given authentication name. Limited IP based access control is allowed by use of "permit" and "deny" keywords. Multiple rules are permitted. Multiple permitted contexts may be specified, in which case the first will be the default.

You can also override caller*ID so that when you receive a call you set the Caller*ID to be what you want instead of trusting what the remote user provides

There are three authentication methods that are supported: md5, plaintext and rsa?. The least secure is "plaintext", which sends passwords cleartext across the net. "md5" uses a challenge/response md5 sum arrangement, but still requires both ends have plain text access to the secret. "rsa" allows unidirectional secret knowledge through public/private keys. If "rsa" authentication is used, "inkeys" is a list of acceptable public keys on the local system that can be used to authenticate the remote peer, separated by the ":" character. "outkey" is a single, private key to use to authenticate to the other side.

Public keys are named /var/lib/asterisk/keys/.pub while private keys are named /var/lib/asterisk/keys/.key. Private keys should always be 3DES encrypted.


The follow codecs are valid for the allow/disallow parameter:
  • g723.1
  • gsm
  • ulaw
  • alaw
  • g726
  • slinear
  • lpc10
  • adpcm
  • g729
  • speex
  • ilbc
  • h261
  • h263
  • all

Controlling the media path

With notransfer=yes you can prohibit Asterisk to step out of the media path and let the two endpoints connect directly to each other. This, of course, has a direct effect you e.g. your call detail records (CDR) and billing information.
Note: This is quite similar to the sip.conf setting canreinvite=no


Alternatively you can directly set the bit vlues:

 tos=0x18   ; where the tos bits are set individually and in combination

For example

  tos=0x10 = low delay
  tos=0x08 = high throughput
  tos=0x04 = high reliability
  tos=0x02 = ECT bit set
  tos=0x01 = CE bit set

or set multiple bits, such as


to set both low delay and high throughput.

The qualify option

Some IAX clients including firefly, diax, IAXphone, IAXComm don't seem to like being monitored with the qualify=1000 option. If you have this option, you will see messages like this on the console:

   Peer '2004' is now UNREACHABLE!

For those clients, set qualify=no.

Dialing without duplicating information in extensions.conf

As opposed to specifying the username, secret, port number and/or destination context in the IAX2 channel name provided to the Dial command, it is possible to store all of this information in the iax.conf file and simplify your Dial command to just:


For example, to call IAXtel you can create an entry in iax.conf like this:


Then use a Dial command of:

 exten => _1700XXXXXX,1,Dial(IAX2/iaxtel-outbound/${EXTEN},60,trd)

Note: The "peercontext" setting is only available in Asterisk CVS as of 2004-06-26.


  • Register commands to connect to another IAX server has to be in the [general] section of iax.conf.
  • To set up IAX in trunk mode, add "trunk=yes" to your definition in iax.conf. IAX Trunking needs support of a hardware timer. See Asterisk timer for more information.
  • Do not use both "host=dynamic" and "defaultip=111.222.333.444", make sure it is just one or the other (see bugs 558 (cache) and 673 (cache)).
  • If you do not use IP-based access control for all of your "type='user" entries, your iax.conf file must contain a "guest" entry with no secret specified if you expect your Asterisk installation to be reasonably secure. If you do not have a guest entry, when a remote system connects to yours, they can connect without specifying a username (anonymously), in which case Asterisk will allow them to connect with any secret specified in the file. This means that if you have a large number of "type=user" entries in iax.conf and no "guest" entry, someone only has to guess any one of your secrets to connect to your server as that user (i.e. they do not need to know both the username and the secret, the secret alone is enough). Asterisk gives preference to a "guest" entry (no secret specified) for anonymous incoming connections, though, so the addition of a "guest" entry will solve this problem.


Valid CSS!