> Is any one having problems with GNUGK dying? This only happens if I have 3 > or more T's running or if there are a lot of errors like "No Route To * Destination" I'm running 2.03 with Red hat 7.3 any help out there? [Gatekeeper::Main] ## 'config is present' indicator. Has to be 42. Fourtytwo=42 # Includes in some RAS-Msgs Name=remingtonGK # overwritten from command line parameter Home=66.54.148.27 #NetworkInterfaces= #TimeToLive=600 #TotalBandwidth=100000 #StatusPort=7000 #UseBroadcastListener=0 ## ## Failover support ## #AlternateGKs=1.2.3.4:1719:false:120:OpenH323GK2 #Sendto=1.2.3.4:1719 #EndpointIDSuffix=_gk1 #SkipForwards=4.3.2.1 #RedirectGK=Calls > 50 ## ## You should never need to change any of the following values. ## They are mainly used for testing or very sophisticated applications. ## #UnicastRasPort=1719 #MulticastPort=1718 #MulticastGroup=224.0.1.41 #EndpointSignalPort=9999 #EndpointSignalPort=1720 #ListenQueueLength=1024 # [ms], default 1000 #SignalReadTimeout=3000 # [ms], default 3000 #StatusReadTimeout=5000 [RoutedMode] GKRouted=1 H245Routed=1 CallSignalPort=1721 CallSignalHandlerNumber=1 RemoveH245AddressOnTunneling=0 AcceptNeighborsCalls=1 AcceptUnregisteredCalls=1 SupportNATedEndpoints=1 DropCallsByReleaseComplete=1 #RemoveCallOnDRQ=1 #SendReleaseCompleteOnDRQ=0 #ScreenDisplayIE= #ScreenCallingPartyNumberIE= [Proxy] Enable=1 #InternalNetwork=10.0.1.0/255.255.255.0,127.0.0.0/8 ProxyForNAT=1 ProxyForSameNAT=1 #[Endpoint] #Gatekeeper=auto #Gatekeeper=64.251.7.197 #Type=GATEWAY #H323ID=xtreme-gk #E164=95124266640 #Password= #prefix=2020# #TimeToLive=900 #RRQRetryInterval=10 #ARQTimeout=2 #UnregisterOnReload=1 #NATRetryInterval=60 #NATKeepaliveInterval=86400 #[Endpoint::RewriteE164] #188889000=9 ## ## Prefixes of e164 numbers for gateways. ## Separate list elements by one of " .,\t". ## @see RasTbl::addPrefixes ## This parameters should consider a HUP signal. [RasSrv::GWPrefixes] # NEC=53 # ## VOIPCOM waiting for dialing peer # lon04vcl001.unl=xxxxxx # XXXXXX=9 #Termination [RasSrv::RRQFeatures] #AcceptGatewayPrefixes=1 [RasSrv::ARQFeatures] ArjReasonRouteCallToSCN=0 ArjReasonRouteCallToGatekeeper=1 CallUnregisteredEndpoints=1 RemoveTrailingChar=# [RasSrv::RRQAuth] ## On a RRQ the h323-alias is queried from this section. ## If there is an entry the endpint is authenticated against the given rules. ## If there is no entry the default action is performed. The default action ## is to confirm the RRQ, unless the parameter "default=reject" is given. ## ## Notation: ## <authrules> := empty | <authrule> "&" <authrules> ## <authrule> := <authtype> ":" <authparams> ## <authtype> := "sigaddr" | "sigip" ## <autparams> := [!&]* ## The notation and meaning of <authparams> depends on <authtype>: ## - sigaddr: extended regular expression that has to match agains the ## "PrintOn(ostream)" representation of the signal address of the request. ## Example: "sigaddr:.*ipAddress .* ip = .* c3 47 e2 a5 .*port = 1720.*" ## - sigip: specialized form of "sigaddr". Write the signalling ip adresse ## using (commonly used) decimal notation: "byteA.byteB.byteC.byteD:port" ## Example of the above sigaddr: "sigip:195.71.226.165:1720" ## ## This parameters should consider a HUP signal. #rossi-gt1=sigaddr:.*ipAddress .* ip = .* c3 47 e2 a2 .*port = 1720.* #rossi-gt2=sigaddr:.*ipAddress .* ip = .* c3 47 e2 a5 .*port = 1720.* #rossi-gt3=sigip:195.71.226.165:1720 #Cisco 1750 and Snom100 VoIP Phones # AIS-CON=sigip:206.196.67.22:1720 ## The parameter "rule" may be one of the following: ## - "forbid" disallow any connection (default when no rule us given) ## - "allow" allow any connection ## - "explicit" reads the parameter #"<ip>=<value>"# with ip is the ip4-address ## if the peering client. #<value># is resolved with #Toolkit::AsBool#. If the ip ## is not listed the param "default" is used. ## - "regex" the #<ip># of the client is matched against the given regular expression. ## First the ip-rules (like "explicit") are tested. Olny of no such param exists ## the regex is tried. ## Example: "regex=^195\.71\.(129|131)\.[0-9]+$" [GkStatus::Auth] rule=allow #rule=deny rule=explicit | regex #rule=regex # - 195.71.129.* # - 195.71.100.* # - 62.52.26.[1-2][0-9][0-9] #regex=^(195\.71\.(129|100)\.[0-9]+)|(62\.52\.26\.[1-2][0-9][0-9])$ # only used when "rule=explicit" #default=forbid #rule=regex regex=^66.54.148.26|66.54.148.27|66.54.148.28|206.196.67.22 #regex=^(10.\.28\.30\.[0-9]+)$ #default=allow ## ## Beside other things every number to rewrite has its ## own key/value-line. The implemententation is such that ## all numbers that shell be rewritten have to begin ## with a common prefix given by 'Fastmatch'. ## ## Doc From the code: ## // Do rewrite to #newE164#. Append the suffix too. ## // old: 01901234999 ## // 999 Suffix ## // 0190 Fastmatch ## // 01901234 prefix, Config-Rule: 01901234=0521321 ## // new: 0521321999 ## ## The rewrite-numbers function take care of reloads/a HUP signal. [RasSrv::RewriteE164] ## Only if an e164 number begins with #Fastmatch# the ## the further rewriting is done. Only one #Fastmatch# can be given. #Fastmatch= 4=9 ## The GK would send LRQ to its neighbors if the destination of ARQ is unknown. ## A neighbor is selected if its prefix match the destination or ## it has prefix '*'. ## Currently only one prefix is supported. ## # # GKID=ip[:port;prefix;password;dynamic] # [RasSrv::Neighbors] #XXXXX XXXX=203.166.XX.XX; ## [RasSrv::LRQFeatures] #NeighborTimeout=2 #ForwardHopCount=2 #AlwaysForwardLRQ=0 #AlwaysForwardLRQ=0 #IncludeDestinationInfoInLCF=1 # Uncommented & changed 1 to 0 to pass # correctly Convergia 03/10/2003 dwf CiscoGKCompatible=1 ## ## In this section you can put endpoints that don't have RAS support ## or that you don't want to be expired. The records will always ## in GK's registration table. ## However, You can still unregister it via status thread. ## # # ip[:port]=alias,alias,...[;prefix,prefix,...] # [RasSrv::PermanentEndpoints] # For gateway #10.0.1.5=Citron;009,008 # For terminal #Base Telecom ## ## Authentication mechanism ## ## Syntax: ## authrule=actions ## ## <authrule> := SimplePasswordAuth | LDAPPasswordAuth ## | AliasAuth | LDAPAliasAuth | ... ## <actions> := <control>[;<ras>,<ras>,...] ## <control> := optional | required | sufficient ## <ras> := GRQ | RRQ | URQ | ARQ | BRQ | DRQ | LRQ | IRQ ## ## Currently supported modules: ## ## SimplePasswordAuth/MySQLAuth/LDAPPasswordAuth ## ## The module checks the tokens or cryptoTokens ## fields of RAS message. The tokens should contain ## at least generalID and password. For cryptoTokens, ## cryptoEPPwdHash tokens hashed by simple MD5 and ## nestedcryptoToken tokens hashed by HMAC-SHA1-96 ## (libssl must be installed!) are supported now. ## The ID and password are read from [Password] section ## / MySQL / LDAP. Support for other backend databases ## is easily to add. ## ## NeighborPasswordAuth ## ## The module only check LRQs from neighbors. The ID and ## password are defined in [RasSrv::Neighbors] section. ## ## AliasAuth/ ## LDAPAliasAuth The IP of an endpoint with given alias should ## match a specified pattern. For AliasAuth the pattern ## is defined in [RasSrv::RRQAuth] section. ## For LDAPAliasAuth the alias (default: mail attribute) ## and IP (default: voIPIpAddress attribute) must be found ## in one LDAP entry. ## ## A rule may results in one of the three codes: ok, fail, pass. ## ## ok The request is authenticated by this module ## fail The authentication fails and should be rejected ## next The rule cannot determine the request ## ## There are also three ways to control a rule: ## ## optional If the rule cannot determine the request, it is passed ## to next rule. ## required The requests should be authenticated by this module, ## or it would be rejected. The authenticated request would ## then be passwd to next rule. ## sufficient If the request is authenticated, it is accepted, ## or it would be rejected. That is, the rule determines ## the fate of the request. No rule should be put after ## a sufficient rule, since it won't take effect. ## ## You can also configure a rule to check only for some particular RAS ## messages. For example, to configure SimplePasswordAuth as a required ## rule to check RRQ, ARQ and LRQ: ## SimplePasswordAuth=required;RRQ,ARQ,LRQ # [Gatekeeper::Auth] #SimplePasswordAuth=optional #LDAPPasswordAuth=optional AliasAuth=sufficient;RRQ #LDAPAliasAuth=sufficient;RRQ #default=reject #default=allow > > Thanks > Mike > > -- ------------------------------------------------------- This SF.NET email is sponsored by: eBay Great deals on office technology -- on eBay now! Click here: http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 _______________________________________________ List: Openh323gk-users@lists.sourceforge.net Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549 Homepage: http://www.gnugk.org/
