Hi, I have modified gatekeeper source code and AcceptUnregisteredCalls=0 (under [RoutedMode] section) also works if GKRouted=0 (with Direct Endpoint Call Signalling). The modification is very easy, I only have added some code to OnARQ method of H323RasSrv: /* Admission Request */ BOOL H323RasSrv::OnARQ(const PIPSocket::Address & rx_addr, H225_RasMessage & obj_arq, H225_RasMessage & obj_rpl) { PTRACE(1, "GK\tARQ Received"); H225_AdmissionRequest & obj_rr = obj_arq; BOOL bReject = FALSE; long callDurationLimit = -1; unsigned rejectReason = 0; unsigned rsn = H225_AdmissionRejectReason::e_securityDenial; // find the caller const endptr RequestingEP = EndpointTable->FindByEndpointId(obj_rr.m_endpointIdentifier); //////////////////////////////////////////////////////////////////////////// ///////////////////////////////////// // BEGIN OF ADDED CODE if(obj_rr.m_answerCall && !AcceptUnregCalls) { PStringArray alias=H323GetAliasAddressStrings(obj_rr.m_srcInfo); H225_ArrayOf_AliasAddress EpAlias; EpAlias.SetSize(alias.GetSize()); PINDEX i,at; for(i=0; i< alias.GetSize(); i++) { at = alias[i].Find('['); if(at!=P_MAX_INDEX) alias[i]=alias[i].Left(at); alias[i]=alias[i].Trim(); H323SetAliasAddress(alias[i], EpAlias[i]); } const endptr caller = EndpointTable->FindByAliases(EpAlias); if(caller==NULL) { bReject=TRUE; rejectReason=H225_AdmissionRejectReason::e_callerNotRegistered; } } // END OF ADDED CODE //////////////////////////////////////////////////////////////////////////// ///////////////////////////////////// endptr CalledEP(0); PString calledPartyNumber; if (CallTbl->Size() >= callLimit && !obj_rr.m_answerCall) { bReject = TRUE; rejectReason = H225_AdmissionRejectReason::e_resourceUnavailable; PTRACE(1, "GK\tWarning: Exceed call limit!!"); } else if (RequestingEP) { // Is the ARQ from a registered endpoint? bool bHasDestInfo = (obj_rr.HasOptionalField(H225_AdmissionRequest::e_destinationInfo) && obj_rr.m_destinationInfo.GetSize() >= 1); if (bHasDestInfo) // apply rewriting rules Toolkit::Instance()->RewriteE164(obj_rr.m_destinationInfo[0]); ... I don't know if this modification may cause problems... Miguel Rodriguez. ----- Original Message ----- From: "Freddy Parra" <fparra@xxxxxxxxxx> To: <openh323gk-users@xxxxxxxxxxxxxxxxxxxxx> Sent: Wednesday, September 08, 2004 8:23 PM Subject: RE: Unregistered endpoints The two sections [Gatekeeper::Auth] and [RasSrv::RRQAuth] show work for direct mode which is for RAS messages only. Since these two sections restrict access to which endpoints are allowed to register to the Gatekeeper. It will authenticate based on H323 Alias and IP. Freddy -----Original Message----- From: openh323gk-users-admin@xxxxxxxxxxxxxxxxxxxxx [mailto:openh323gk-users-admin@xxxxxxxxxxxxxxxxxxxxx]On Behalf Of Miguel Rodríguez Álvarez Sent: Wednesday, September 08, 2004 2:02 PM To: openh323gk-users@xxxxxxxxxxxxxxxxxxxxx Subject: Re: Unregistered endpoints Hi AcceptUnregisteredCalls=0 only works if GKRouted=1 (also under [RoutedMode] Section). But I would like to use Direct Endpoint Call Signalling (GKRounted=0). Miguel Rodriguez ----- Original Message ----- From: "Freddy Parra" <fparra@xxxxxxxxxx> To: <openh323gk-users@xxxxxxxxxxxxxxxxxxxxx> Sent: Wednesday, September 08, 2004 6:40 PM Subject: RE: Unregistered endpoints Your gatekeeper can reject calls from any unregistered endpoint by simply having AcceptUnregisteredCalls=0 under [RoutedMode] Section. This still will not protect your system since you can still have unregistered endpoints register to your gatekeeper if you don't have the following sections set. Example: ;############################################################ ;#Gatekeeper Authentication Section Defined. # ;############################################################ [Gatekeeper::Auth] AliasAuth=required;RRQ default=allow ;############################################################ ;#RRQ Authentication Section Defined. # ;############################################################ [RasSrv::RRQAuth] ENDPOINT1=sigip:xxx.xxx.xxx.xxx:1720 ENDPOINT2=sigip:xxx.xxx.xxx.xxx:1720 ENDPOINT3=sigip:xxx.xxx.xxx.xxx:1720 ENDPOINT4=sigip:xxx.xxx.xxx.xxx:1720 Adding these two sections will make sure that only Endpoints 1 thru 4 coming from the following IPs(xxx.xxx.xxx.xxx) can register to your gatekeeper and therefore call other register endpoints. I hope this helps. Regards, Freddy -----Original Message----- From: openh323gk-users-admin@xxxxxxxxxxxxxxxxxxxxx [mailto:openh323gk-users-admin@xxxxxxxxxxxxxxxxxxxxx]On Behalf Of Miguel Rodríguez Álvarez Sent: Wednesday, September 08, 2004 12:08 PM To: openh323gk-users@xxxxxxxxxxxxxxxxxxxxx Subject: Unregistered endpoints Hi, I would like that registered endpoints reject calls from unregistered endpoints. What should I do? I don't know what parameters must been changed in gatekeeper config file. Could anyone help me? Miguel Rodriguez. ------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click _______________________________________________________ List: Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549 Homepage: http://www.gnugk.org/ ------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_idP47&alloc_id808&op=ick _______________________________________________________ List: Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx Archive: http://sourceforge.net/mailarchive/forum.php?forum_id.49 Homepage: http://www.gnugk.org/ ------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click _______________________________________________________ List: Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549 Homepage: http://www.gnugk.org/ ------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_idP47&alloc_id808&op=ick _______________________________________________________ List: Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx Archive: http://sourceforge.net/mailarchive/forum.php?forum_id.49 Homepage: http://www.gnugk.org/ ------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click _______________________________________________________ List: Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549 Homepage: http://www.gnugk.org/