Hello,
I'm using OpenH323gk and find it very complete, but I have a few doubts:
My scenario:
1) My gatekeeper is in the DMZ with all ports open running signaling call control in 1721, windows XP based no firewalls, public static IP address internet with 64 kbps. link.
Not sure what you mean by DMZ here. Is the GK behind a third NAT? If so, you need a NetworkInterfaces statement in your config.
2) Remote endpoint (A) Cisco ATA186 (local IP: 192.168.0.250) with ADSL 1024/384 Kbps. behind a NAT BOX. 3) Remote endpoint (B) Cisco ATA186 (local IP: 192.168.1.251) with ADSL 1024/384 Kbps. behind another NAT BOX.
I want to control the call with the gatekeeper in routed mode only, having all the control signaling traffic thru the GK BUT all the voice data direct between the endpoints.
1) Is this possible??
I have a similar configuration and it works fine. My GK is on a Mac, directly on a public IP. It's conceivable that the Telephony service in XP is causing you trouble -- try disabling it.
the NAT boxes have Dynamic Public IP Addresses that change no so freq but they do.
Should not be a problem, except that when the address changes, calls in progress will drop, and you won't be able to call back for a couple of minutes until the ATAs try to register again.
2) Which ports should I open on the NAT boxes for each ENDPOINT??? the ATA's are configured to use TCP port 1720 and 1721 for each FXS respectively, and the mediadata on UDP 16384.
I typically forward TCP 1720-1721, TCP 1740-1741 (H245), and UDP 16384-16391 (default RTP ports).
3) Should I open the H245 port range in the NAT boxes???
Not needed for your present configuration, but opening these will allow you to test with tunneling off, to see if that helps.
4) Any other port to be forwarded?
At least for testing, I would try setting the ATAs as DMZ hosts. Of course, port 80 will then also be open. IMO, this is not a problem, if you use a strong UIPassword and don't use pre 2.15 code with the security bug. If you're paranoid, you can disable the web interface, and reenable it by TFTP or IVR if you need to change the config.
5) Any clues about what should I look in the logs?
One or more of your NATs may be (partially) H.323 aware and altering some signaling packets. First, make sure that the RCF message shows both the private and public address of the endpoint. If not, a NAT is probably at fault. Also, try calling from and to the second FXS on each ATA, because some NATs check for port 1720.
When you call from A to B, who can't hear? When you call from B to A, who can't hear? If it's always B, it's probably a NAT problem.
You might see if Fast Start helps (or hurts).
Make sure that your ATAs have static (private) IPs, or use static DHCP if available on your NAT. Otherwise the address may have changed so port forwarding won't work as expected.
Older ATA firmware had default RTP ports starting at 10000, instead of 16384. Make sure your forwarding agrees with the ATA settings.
H245Routed=0 makes no sense in your configuration. I believe that the GK is smart enough to route the H.245 anyway, when the call is coming via a NAT, but I would turn this on just in case.
If none of the above helps, use Ethereal on the GK machine to see what is going wrong. Pay particular attention to the media IP addresses and port numbers in the Open Logical Channel and Open Logical Channel Acks. The messages into the GK, from both ends, should advertise the private address with e.g. port 16384, and when the GK sends it on, the public address should have been substituted.
If this all looks ok, use Ethereal at the remote ends to see where the media packets are being sent and/or what is happening to them when they arrive at the other end.
--Stewart
I'm a little lost here, could somebody help me?
Today I did hear voice from point (B) but they couldn't, the log on the GK and in the ATA shows that the call is in progress and with no problems, but I cannot hear anything, maybe it's just a port problem,
I cannot route/proxy the voice traffic across the GK as it is located in a very slow link and I need the endpoints with direct voice traffic.
My GK config:
[Gatekeeper::Main] Fourtytwo=42 TimeToLive=180 Name=AdvH323GK
[RoutedMode] GKRouted=1 H245Routed=0 CallSignalPort=1721 SendReleaseCompleteOnDRQ=1 SupportNATedEndpoints=1
[Proxy] Enable=0 ProxyForNAT=0
[RasSrv::RRQAuth] default=allow
[RasSrv::RRQFeatures] OverwriteEPOnSameAddress=1
[GkStatus::Auth] rule=allow
I also changed the ConnectMode on the ATA's to enable tunneling for H245.
The NAT boxes for the endpoints have port forwarding for TCP ports 1719-1721, UDP ports 16384-16624 to the endpoint each. GK in DMZ.
ANY HELP WILL BE APPRECIATED.
THANK YOU VERY MUCH FOR YOUR TIME.
Ernesto G.
------------------------------------------------------- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl
_______________________________________________________
List: Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549 Homepage: http://www.gnugk.org/
