Hello everyone, Let me appologize in advance if my questions are dumb ones, and also let me appologize for writing so much all at once; I am trying really hard to learn a lot of H.323 stuff really quickly, but I have never used/implemented it before so I am still kind of uncertain about some things. Basically, here is my situation. I have been assigned the task of setting up a secure tunnel for the purpose of allowing two polycom view stations to communicate between offices in two different locations through their respective firewalls. My superior wants me to use an application level tunnel called Zebedee (http://www.winton.org.uk/zebedee/) to encrypt the traffic. Here is how I imagined the topology: Behind the firewall at each location would be a gatekeeper and a polycom unit. Each gatekeeper would be setup running the tunnel and would direct its traffic to the 'localhost' which in turn forwards all that traffic through the tunnel to the remote gatekeeper. The polycom unit at each end would register with its respective GK and then each GK would register with the other. Let me explain why I thought this would be good. When I originally set out to tunnel the H.323 stuff just between two client endpoints, it seemed as though it would be impossible or very difficult at least becuase the port range was huge and unpredictable. I was hoping that for some magic reason, the traffic between two gatekeepers would be more simplistic and I could setup each gakekeeper to have the address of the remote gatekeeper being 127.0.0.1 ala the tunnel. I am not really sure if this is the case yet or not. When I started to experiment I was using a program called AquaGateKeeper, and I got it to work almost completely. The problem I was having was that the call negotiatons would function properly through the tunnel, but the gatekeepers were sending packets to eachother which contained a 'reply to' address which was equivalent to their 'actual' IP address and not the 127.0.0.1 address used to push traffic through the tunnel. So even though they used the tunnel for part of their traffic, they were basically just talking directly to eachother for the rest of it. Does this make sense? My idea was that if I could modify the gatekeeper to specify an arbitrary reply-to IP address when communicating with remote gatekeepers, then I could get them to properly route all of their traffic through the tunnel. That project however is not open source, and I cannot even attempt to make those changes. So now I am curious at capalities of the GnuGK to do something like this out-of-the-box or via some code modifications. My question here is multiple: first, what is the general consensus about trying to tunnel H.323? Is it considered ridiculous/impossible to tunnel it using an application level program like that? What do other people do? Consider for all intents and purposes I pretty much have to find a way to get all H.323 traffic through the firewall by opening only 1 port which would be for the tunnel. The author of AquaGateKeeper told me that he doesn't think it is the right way to go to try and tunnel it in this fashion, and that we should consider setting up a VPN or something similar. It seems to me like that would probably be true, but I don't really think setting up a VPN is going to be an option. Again, I apopoloigze -- I know this probably isn't of relevance to the GnuGK community, but I plead for your advice. Thank you very much for any information at all that you have! John :) ------------------------------------------------------- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 _______________________________________________________ List: Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx Archive: http://sourceforge.net/mailarchive/forum.php?forum_id?49 Homepage: http://www.gnugk.org/
