Hi Simon, Thanks, much appreciated! This now works indeed as expected for Mirial, rejecting the registrationRequest. LifeSize still gets in a registration loop somehow. It does support H460.18, so is not rejected. However the registration does not 'stick'. H460.18 does not require any ports to be forwarded at the NAT router, correct? There is a firewall present but it allows all outgoing TCP connections from the endpoints, which I guess H460.18 uses for tunneling. Is there any way to debug this in more detail? Thanks, Siet -----Original Message----- From: Simon Horne [mailto:s.horne@xxxxxxxxxxxxxx] Sent: Monday, January 04, 2010 1:12 PM To: 'GNU Gatekeeper Users' Subject: Re: NAT issues with H245 Siet For Mirial The switch should be NATStdMin=18 not NATMinStd=18 Sorry that was my typo in the previous email. Try again with correct switch. For the LifeSize endpoint there is no nonstandard field (this is used for GnuGK NatMethod and omitted if using H.460.18) so this is correct. 2010/01/04 13:53:18.449 3 RasSrv.cxx(2061) H46018 EP on 92.67.128.131 supports H.460.18 Simon -----Original Message----- From: Siet Toorman [mailto:siet.toorman@xxxxxxxxxxxx] Sent: Monday, 4 January 2010 9:16 PM To: GNU Gatekeeper Users Subject: Re: NAT issues with H245 Hi Simon, Jan, thank you for the help and happy new year! I did a checkout of the latest GK source and compiled the binary. Resulting in: Gatekeeper(GNU) Version(2.3.2) Ext(pthreads=1,radius=1,mysql=1,pgsql=0,firebird=0,odbc=0,sqlite=0,large _fdset=0,crypto/ssl=0,h46018=1,h46023=1) Build(Jan 4 2010, 11:40:34) Sys(Linux i686 2.6.18-164.2.1.el5.028stab066.7) And to the RoutedMode config I added NATMinStd=18, which resulted in: [RoutedMode] GKRouted=1 H245Routed=1 EnableH46018=1 NATMinStd=18 SupportNATedEndpoints=1 However Mirial, which does not support H.460.18, still receives a registrationConfirm when the GK is on the public internet and Mirial endpoint behind closed NAT. The registrationRequest states 0 nonStandardUsageTypes and no featureSet field. The registrationConfirm includes the NAT=publicIP field in the nonStandardData. Does this indeed mean that Mirial indicates that h460.18 is not supported, and that the GK knows the Endpoint is behind NAT? In that case the new NATMinStd config field seems to not be working. The log of this registration can be found here: http://upload.xandrios.net/gnugk_h460_mirial.log For LifeSize, H460 seems to indeed be supported. The registrationRequest includes SupportedFeatures id=standard 18. However it seems that NAT is not detected, the nonStandardData field does not include the NAT=publicIP field. The log of this registration can be found here: http://upload.xandrios.net/gnugk_h460_lifesize.log So the issues seem to not have been resolved completely. Something does not work quite right yet, however I am unable to pinpoint the exact cause other than that perhaps for LifeSize NAT is not detected..? What is your view on this? Thank you, Siet -----Original Message----- From: Simon Horne [mailto:s.horne@xxxxxxxxxxxxxx] Sent: Monday, December 28, 2009 1:50 AM To: 'GNU Gatekeeper Users' Subject: Re: NAT issues with H245 Siet It is unfortunate that more vendors do not support H.460.18/.19. Hopefully now that it is available in open source then there might be further impotus to do so. I have added a new switch in the CVS to require all registrations that are detected as being behind a NAT to support a NAT standard. [RoutedMode] NATMinStd=18 This will require all registrations to support H.460.18/.19 (a value of 23 means must support H.460.23/.24) if the endpoint does not then it will receive an RRJ with reason requiredFeatureNotSupported. Thanks Simon -----Original Message----- From: Siet Toorman [mailto:siet.toorman@xxxxxxxxxxxx] Sent: Monday, 28 December 2009 1:43 AM To: GNU Gatekeeper Users Subject: Re: NAT issues with H245 Hi Simon, thanks for your help! I see, too bad that a giant like lifesize (Or is it Logitech these days?) does not put any effort in NAT traversal now that pretty much every workstation in the world is behind a NAT gateway. Is there a way for GnuGK to detect that the Endpoint does not support NAT traversal? Because I would expect the gatekeeper to Reject the registration if something is not supported. Right now the gatekeeper accepts the registration, and the endpoints think they are registered. When actually placing a call however, it becomes clear at the endpoint that the registration does not exist. It would be preferable if the GK would reject the registration so that the endpoint knows something does not work, and write a logline indicating that the Endpoint was rejected due to non-support for NAT. When I disable H460.18 in the config (EnableH46018) the same issue happens by the way. This did not used to occur with a previous version of the GK. Previously i was able to register (altho not place calls). Now, even if H460.18 disabled, the endpoints keep trying to register every 10 seconds. Is this expected behavior? Thanks & happy holidays! -Siet -----Original Message----- From: Simon Horne [mailto:s.horne@xxxxxxxxxxxxxx] Sent: Fri 12/25/2009 10:52 PM To: 'GNU Gatekeeper Users' Subject: Re: NAT issues with H245 Siet The issue is that the lifesize (you are using) and marial do not support H.460.18/.19 You need to see this in the trace of the RRQ featureSet = { replacementFeatureSet = false supportedFeatures = 1 entries { [0]={ id = standard 18 Neither of them do so neither of them are able to work behind a NAT. Xmeeting does not support H.460.18/.19 however it is using STUN to open pinhole in the NAT and register with gatekeeper using the detected external IP address and port hence the RCF with data=NoNat in the nonStandard field. The use of STUN only works with some NAT and not all and some of the calls will fail. There are a quite a few hardware however very few software devices that I know of (other than PacPhone) that actually supports H.460.18/.19. Simon -----Original Message----- From: Siet Toorman [mailto:siet.toorman@xxxxxxxxxxxx] Sent: Thursday, 24 December 2009 10:37 PM To: GNU Gatekeeper Users Subject: Re: NAT issues with H245 Hi Jan, thanks again for the help! I realized that H.460.18 is only supported in the latest release (2.3.1) so that is why I compiled my own version of 2.3.1. This version however has the issues described in my previous email: Registration of endpoints end up in a loop. > However registration for LifeSize and Merial does not go through. The > NATed endpoints send a registrationrequest, receive a positive > registrationConfirm...but try to register again after about 10 seconds Thanks! -Siet -----Original Message----- From: Jan Willamowius [mailto:jan@xxxxxxxxxxxxxx] Sent: Thursday, December 24, 2009 1:13 PM To: openh323gk-users@xxxxxxxxxxxxxxxxxxxxx Subject: Re: NAT issues with H245 Hi Siet, support for H.460.18 was added in 2.3.0 and significatly improved in 2.3.1, it won't work in 2.2.7. Sorry, Jan Siet Toorman wrote: > Hi Jan, thank you for the help. > > Reason for using 2.2.7 is that this is the packaged version with Ubuntu. > Compiling the libraries from SVN/CVS head did not work, however the > 'known good' lib combinations from Nov 16 compiles and runs cleanly. > > With this version I am having registration issues unfortunately. I used > the following Routed/proxy config: > > [RoutedMode] > GKRouted=1 > H245Routed=1 > EnableH46018=1 > SupportNATedEndpoints=1 > > [Proxy] > Enable=1 > ProxyForNAT=1 > ProxyForSameNAT=1 > > However registration for LifeSize and Merial does not go through. The > NATed endpoints send a registrationrequest, receive a positive > registrationConfirm...but try to register again after about 10 seconds. > I confirmed this using a packet sniffer at the Endpoint (Wireshark: > http://upload.xandrios.net/gnugk_2.3.1_reregistration_loop.pcap). > > I noticed that a Xmeeting endpoint does get registered. The difference > between Xmeeting and LifeSize is that Xmeeting receives a data=noNAT in > the nonStandardData field. Also, Xmeeting receives a serviceControl > field with a sessionId=0, while Lifesize does not. > > A trace from a successful xmeeting registration from behind NAT can be > found here: > http://upload.xandrios.net/gnugk_2.3.1_registration_xmeeting.pcap > > Any advice on how to continue? > > Thank you! > -Siet > > > -----Original Message----- > From: Jan Willamowius [mailto:jan@xxxxxxxxxxxxxx] > Sent: Wednesday, December 23, 2009 5:38 PM > To: openh323gk-users@xxxxxxxxxxxxxxxxxxxxx > Subject: Re: NAT issues with H245 > > Hi Siet, > > your first step should be to upgrade to GnuGk 2.3.1 and then enable > H.460.18 in GnuGk and all your endpoints. > The only problem will be the Mirial since it doesn't support any NAT > traversal method as far as I know. > > Regards, > Jan > > > Siet Toorman wrote: > > Hi, > > > > I'm trying to create a test setup with GnuGK and Lifesize > conferencing. > > I have the following available: > > > > - GnuGK server on public internet, no NAT no Firewall. > > - Endpoint Lifesize Conference / passport behind NAT > > - Endpoint Lifesize passport behind NAT > > - Endpoint Mirial behind NAT > > - Endpoint PacPhone behind NAT > > > > My Goal is to allow each device to call each other, without the need > to > > open/forward ports at the Endpoint's NAT router. > > > > This works only in case of PacPhone since this supports the NAT > > Traversal functionality. However Mirial is supposed to support H245 > and > > I expected it to be able to overcome the NAT issues that way (?) > > > > I'm using GnuGK v2.2.7 with the following (very basic) config: > > > > [Gatekeeper::Main] > > Fortytwo=42 > > > > [RoutedMode] > > GKRouted=1 > > H245Routed=1 > > SupportNATedEndpoints=1 > > > > [Proxy] > > Enable=1 > > ProxyForNAT=1 > > ProxyForSameNAT=1 > > > > >From what I understand this should route all data (control messages + > > media) through the GK. However when I place a call the GK still tries > to > > connect outwards to the public IP of the Endpoint(s). Since these > ports > > are not forwarded the call fails. > > > > Am I missing something? I would have expected all traffic to be routed > > over the one connection that is setup from the endpoint to the GK. The > > GK connecting to the endpoints does not work due to the NAT router in > > front of them. > > > > All help is greatly appreciated! > > > > Thank you, > > Siet -- Jan Willamowius, jan@xxxxxxxxxxxxxx, http://www.gnugk.org/ ------------------------------------------------------------------------ ------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________________ Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users Homepage: http://www.gnugk.org/ ------------------------------------------------------------------------ ---- -- This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________________ Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users Homepage: http://www.gnugk.org/ ------------------------------------------------------------------------ ---- -- This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________________ Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users Homepage: http://www.gnugk.org/ ------------------------------------------------------------------------ ------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________________ Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users Homepage: http://www.gnugk.org/ ------------------------------------------------------------------------ ---- -- This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________________ Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users Homepage: http://www.gnugk.org/ ------------------------------------------------------------------------ ------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________________ Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users Homepage: http://www.gnugk.org/ ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________________ Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users Homepage: http://www.gnugk.org/
