Hi folks,
I've browsed the mailing list archives and can't seem to find an answer to my specific issue, so hopefully I'm not covering old ground.
I have setup gnugk to allow my end users to register using a variety of hardware/software. Registered endpoints can call each other and things are fine. Authenticating using radauth and it works perfectly.
I want to be able to allow my registered endpoints to make PSTN calls via a service provider which has an established Cisco VOIP network comprised of Cisco gateways around the country and an IOS based Cisco gatekeeper.
They have not previously allowed external VOIP access to their network. Their Cisco gatekeeper configuration includes the IOS "security token required-for all" command to make sure that all gateways/endpoints must be both registered with the gatekeeper before it will accept ARQ's from them.
This method also ensures that an IP endpoint (eg: gateway) can not be used to make any PSTN calls on another gateway unless the originating endpoint is registered & authenticated with their gatekeeper.
The service provider has allocated me a username/password token on the gatekeeper and I have tested this using my Cisco 827-4V registered directly with their gatekeeper, and I can make calls anywhere via their network. Works perfectly.
I am now trying to configure GnuGK to make calls via this gatekeeper network.
I've tried configuring GnuGK as an endpoint of the service provider's gatekeeper (it registers and authenticates using Cisco Access Token just fine) and tried setting it up to be a proxy for all calls coming from endpoints registered on my GnuGK, but I keep getting security denial errors from the service provider's gateways when placing calls.
Example topology:
Me at home | Analog phone | Cisco 827-4V registered to my GnuGK Proxy | GnuGK Proxy registered as an endpoint to Service Provider Cisco GK | Service Provider Cisco Gateways registered to Service Provider Cisco GK | PSTN
My calls appear to be turning up on the SP gateways, so the GnuGK LRQs and ARQs are being answered, but the Gateway's ARQ to it's gatekeeper (to verify per-call authentication) is rejected due to security denial.
It seems like GnuGK is forwarding my 827-4V's security token all the way through the foreign gateway, despite having used it's own security token to admit the call to the Service Provider's gatekeeper!
Weird, huh?
Gnu gatekeeper config bits follows:
[RoutedMode] GKRouted=0 H245Routed=0
#[Endpoint] Gatekeeper=serviceprovider Gatekeeper=192.168.0.1 Type=Gateway H323ID=myh323id Password=mypassword Prefix=* ARQTimeout=2
[Proxy] Enable=1
[RadAuth and Auth sections removed for brevity, these work fine]
Now I've tried with/without proxy, with/without GKRouted, with/without H245Routed, all the combinations thereof, but I'm still getting nowhere.
Does anyone have any idea where am I going wrong?
Thanks for reading this far if you have already :-)
Cheers
Leigh
------------------------------------------------------- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html _______________________________________________ List: Openh323gk-users@lists.sourceforge.net Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549 Homepage: http://www.gnugk.org/
