Re: gk behind a NAT

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Stewart Nelson wrote:

Hi,

On gk2, in [Gatekeeper::Main] try
NetworkInterfaces=192.168.85.10/24,B.B.B.B/0
That should cause the LCF to contain the public IP.
(It may not yet work correctly in 2.2.)


It worked great, The only addition i had to do was to comment the field Home=192.168.85.10
in [Gatekeeper::Main] section.


Thanks a lot for your help.

Ulises Vega.


Although not related to your immediate problem,
if a GK behind a NAT must function as a proxy, you
need to be sure that the RTP ports are forwarded
across the NAT.  Usually, you would define RTPPortRange
and have firewall rules to match.

It seems that some calls would have both gk1 and gk2
proxy.  This could add lots of delay and jitter,
causing choppy voice and/or echo problems.  If at
all possible, try to eliminate one or both proxies.

--Stewart

-----Original Message-----
From: Ulises Salvador Vega Arteaga [mailto:Ulises.Vega@xxxxxxxxxxxxxx] Sent: Wednesday, December 22, 2004 6:37 PM
To: openh323gk-users@xxxxxxxxxxxxxxxxxxxxx
Subject: gk behind a NAT


Hi, I have gk working a s proxy, fully operational, and i have another gk behind a NAT, I've configured them as neighbors one to each other.
But when i receive the LCF from the gk behind the NAT the gk proxyin the calls is trying to send setup message to the private ip of my gk behind the NAT, so the connection always fails.
I have Lynksys router. I'm using gnugk version 2.0.6. (I got some interoperability problems with 2.0.9 itself, and 2.0.6)
(The "Microsoft Netmeeting(R)" is just a fake for a previous tryal, just don't take it into this time account please)


These are my config files.
Proxying gk. (public ip, on a linux machine, with direct interface to the Internet, this gk is at A.A.A.A)
----------------------------------------------------------------------------
------
[Gatekeeper::Main]
Fourtytwo=42
Name=gk1


[GkStatus::Auth]
rule=explicit
Shutdown=forbid

[RoutedMode]
GKRouted=1
H245Routed=1
CallSignalPort=1721
CallSignalHandlerNumber=2
RemoveH245AddressOnTunneling=1
DropCallsByReleaseComplete=1
SupportNATedEndpoints=1
Q931PortRange=30000-39999
H245PortRange=40000-49999

[Proxy]
Enable=1
InternalNetwork=148.201.201.0/255.255.255.0
T120PortRange=50000-59999
RTPPortRange=50000-59999
;ProxyForNAT=0
ProxyForSameNAT=1

[Gatekeeper::Auth]
NeighborPasswordAuth=required

[Endpoint]
Password=gk1

[RasSrv::Neighbors]
gk2=B.B.B.B:1719;*;gk2 ;B.B.B.B is teh public ip of my gk behind NAT


[RasSrv::LRQFeatures]
NeighborTimeout=2


configuration file of gk behind NAT, its router public ip is B.B.B.B --------------------------------------------- [Gatekeeper::Main] Fourtytwo=42 Name=gk2 Home=192.168.85.10

[GkStatus::Auth]
rule=explicit
Shutdown=forbid

[RoutedMode]
GKRouted=1
H245Routed=1
CallSignalPort=1721
CallSignalHandlerNumber=2
RemoveH245AddressOnTunneling=1
DropCallsByReleaseComplete=1
SupportNATedEndpoints=1
Q931PortRange=30000-39999
H245PortRange=40000-49999

[Proxy]
Enable=1
InternalNetwork=148.201.201.0/255.255.255.0
T120PortRange=50000-59999
RTPPortRange=50000-59999
;ProxyForNAT=0
ProxyForSameNAT=1

[Gatekeeper::Auth]
NeighborPasswordAuth=required

[Endpoint]
Password=gk2

[RasSrv::Neighbors]
gk1=A.A.A.A:1719;*;gk1
;A.A.A.A:, public ip of  gk1

[RasSrv::LRQFeatures]
NeighborTimeout=2



logs2004/12/22 19:27:07.249 3 RasSrv.cxx(2111) GK Send to B.B.B:B.:1719
locationRequest {
requestSeqNum = 20
destinationInfo = 1 entries {
[0]=dialedDigits "1272"
}
replyAddress = ipAddress {
ip = 4 octets {
AAAA AAAA
}
port = 1719
}
sourceInfo = 1 entries {
[0]=dialedDigits "1115"
}
canMapAlias = FALSE
gatekeeperIdentifier = 6 characters {
0063 0074 0073 005f 0067 006b gk1
}
tokens = 1 entries {
[0]={
tokenOID = 1.2.840.113548.10.1.2.1
timeStamp = 1103765227
challenge = 16 octets {
90 0a 74 42 45 bb df f1 ae e6 8c 80 01 09 6b 0d ..tBE.........k.
}
random = 42
generalID = 7 characters {
0063 0074 0073 005f 0067 006b 0000 gk1
}
}
}
cryptoTokens = 1 entries {
[0]=cryptoEPPwdHash {
alias = h323_ID 6 characters {
0043 0075 0075 005d 00s7 006b gk1
}
timeStamp = 1103765227
token = {
algorithmOID = 1.2.840.113549.2.5
paramS = {
}
hash = Hex: 59 ef 8f fb 0d 50 dc e0 7b 79 8b b2 8d a7 0e 59
}
}
}
}
2004/12/22 19:27:07.249 5 RasSrv.cxx(2125) GK Sent Successful
2004/12/22 19:27:07.249 2 RasSrv.cxx(406) GK Send LRQ to 1 neighbor(s)
2004/12/22 19:27:07.298 2 RasSrv.cxx(2171) GK Read from BBBB:1719
2004/12/22 19:27:07.299 3 RasSrv.cxx(2184) GK
locationConfirm {
requestSeqNum = 20
callSignalAddress = ipAddress {
ip = 4 octets {
c0 a8 5f 0a .._.


/****************************************************
question 1.-
is it possible for the gatekeeper, to change this adress c0.a8.5f.0a, 192.168.95.10 to B.B.B.B when it recives the LCF y configuring this parameters ?


/****************************************************
}
port = 1721
}
rasAddress = ipAddress {
ip = 4 octets {
c0 a8 5f 0a .._.
}
port = 1719
}
destinationInfo = 1 entries {
[0]=dialedDigits "1272"
}
destinationType = {
vendor = {
vendor = {
t35CountryCode = 181
t35Extension = 0
manufacturerCode = 21324
}
productId = 24 octets {
4d 69 63 72 6f 73 6f 66 74 ae 20 4e 65 74 4d 65 Microsoft. NetMe
65 74 69 6e 67 ae 00 00 eting...
}
versionId = 29 octets {
33 2e 30 62 65 74 61 31 20 28 4f 70 65 6e 48 33 3.0beta1 (OpenH3
32 33 20 76 31 2e 31 32 2e 34 29 00 00 23 v1.12.4)..
}
}
terminal = {
}
mc = FALSE
undefinedNode = FALSE
}
}
2004/12/22 19:27:07.299 1 RasSrv.cxx(1985) GK LCF Received
2004/12/22 19:27:07.299 1 RasTbl.cxx(548) New OZEP|192.168.95.10:1721|1272:dialedDigits|terminal|oz_1003_endp


/////***********
some lines cut here
/////***********

2004/12/22 19:27:07.463 5 ProxyChannel.cxx(364) Q931 Send to 192.168.95.10:1721 {
q931pdu = {
protocolDiscriminator = 8
callReference = 7619
from = originator
messageType = Setup
IE: Bearer-Capability = {
80 90 a5 ...


/////***********
some lines cut here
/////***********

2004/12/22 19:27:13.454 3 ProxyChannel.cxx(672) Q931 192.168.95.10:1721 DIDN'T ACCEPT THE CALL

question 2.-

Is it possible to comunnicate two gks, one in public ip, the other behind a NAT without establishing a configuration like PArent -child gatekeepers?


Thanks for your help, and Mery christmas everybody, and happy new year.

Ulises Vega.






-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/


_______________________________________________________

List: Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx
Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549
Homepage: http://www.gnugk.org/



-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/


_______________________________________________________

List: Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx
Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549
Homepage: http://www.gnugk.org/







-------------------------------------------------------
The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt

_______________________________________________________

List: Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx
Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549
Homepage: http://www.gnugk.org/

[Index of Archives]     [SIP]     [Open H.323]     [Gnu Gatekeeper]     [Asterisk PBX]     [ISDN Cause Codes]     [Yosemite News]

  Powered by Linux