Asterisk upgrade breaks IAX extensions

If you have upgraded your version of Asterisk and find that your IAX2 extensions no longer work then the cause could be a change to the IAX protocol. This was made to resolve a security issue that could result in a denial of service attack.

You will see this error in the Asterisk log file if you are suffering from this issue –

chan_iax2.c: Call rejected, CallToken Support required.

If you use FreePBX then Asterisk can be made to function the same as before by adding the following 2 lines to /etc/asterisk/iax_general_custom.conf –

calltokenoptional = 0.0.0.0/0.0.0.0
maxcallnumbers = 16382

You will also need to do a –

 iax2 reload

or restart Asterisk for the changes to take effect.

More information about the reason for this change and the implications for disabling call token checking can be found here –
http://svn.digium.com/svn/asterisk/branches/1.6.0/doc/IAX2-security.pdf

4 thoughts on “Asterisk upgrade breaks IAX extensions

  1. Frode

    When implementing the workaround as mentioned above, and in the original Digium document, connections to external IAX trunks (such as Les.net) stop working. In addition, an internal S100-FX IAX analog converter is still unable to connect to * after this change has been performed.

  2. joish

    I am haveing simular problems with a 1.4.38 build shows in core as 1.4.29rc1 I have calltokenoptional=0.0.0.0/0.0.0.0
    maxcallnumbers = 16382

    My ATA is just a chepo but it does work on version of asterisk 1.2 and 1.4.26 down… and I can not nor software zoiper IAX2 clients..

    what am I missing? do I have to downgrade to 1.4.26 I don’t want to run 1.8 yet

  3. Matt Post author

    You are correct. If there’s another option available rather than disabling the security you should do that.

Comments are closed.