So, I was wondering if I have some misconfiguration or the problems are there?. Basically I was wondering about the possibility of authenticating LRQ through RADIUS and use radius based routing as I do for ARQ. I would like to get some ideas from gnugk gurus such as Zygmuntowicz Michal
Nour Omar <nouromar@xxxxxxxxxxxxx> wrote:
I setup 2 gnu gatekeepers gk1 and gk2 both 2.2.2 version both in routing mode. LRQ is always one direction from gk1 to gk2
gk1-------------------------LRQ------------------------->gk2
before I describe my problem, let me paste the relevant config sections
For gk2, I have :
[RasSrv::Neighbors]
gk1=GnuGK
[Neighbor::gk1]
GatekeeperIdentifier=gk1
Host=xxx.xxx.xx.xxx
AcceptPrefixes=*[Gatekeeper::Auth]
RadAuth=sufficient;RRQ,ARQ,LRQFor gk1, I have:
[RasSrv::Neighbors]
gk2=GnuGK
[Neighbor::gk2]
GatekeeperIdentifier=gk2
Host=xxx.xxx.xxx.xxx
SendPrefixes=*
ForwardLRQ=always
[RoutingPolicy]
default=internal,neighbor
I have 2 problems:
1) LRQ comes to gk2 but it is not going to the radius authentication. Both RRQ and ARQ are using Radius Auth fine but not LRQ. LRQ is going directly to RoutingPolicy. In gk2's config, I do not have [RoutingPolicy] section because I do all my routing stuff in radius(except internal endpoints). So what happens is that gnugk searchs default RoutingPolicy(Internal) for destination, when it could not find one, it will send LRJ to gk1. So my first questions is how can I make LRQ use my radius for authentication/routing?
2) Let's say, I called internally registered endpoint to gk2. In this case RoutingPolicy will match endpoint and then LCF will be sent to gk1 but the setup will fail This is what is written to the log at gk2
ProxyChannel.cxx(1548) Q931s Reject unregistered call bf fc df a1 08 f3 18 10 88 00 44 45 53 54 42 00 from xx.xxx.xx.xxx:32772
xxx.xxx.xxx.xxx is gk1 ip address( remember both gk1 and gk2 are in routing mode, so all setup signalling will go between them)
I did NOT try AcceptUnregisteredCalls=1 because I do not want really do that. I think LRQ should work without opening this security hole.
I would really appreciate if you guys shed some light on these problems