Hi Siet, what do you mean by "registration loop" ? H.460.18 requires that the endpoints res-sends its registration every ~30 seconds to keep the pin-hole open. Thats normal. Regards, Jan Siet Toorman wrote: > Hi Simon, > > Thanks, much appreciated! This now works indeed as expected for Mirial, > rejecting the registrationRequest. > > LifeSize still gets in a registration loop somehow. It does support > H460.18, so is not rejected. However the registration does not 'stick'. > H460.18 does not require any ports to be forwarded at the NAT router, > correct? There is a firewall present but it allows all outgoing TCP > connections from the endpoints, which I guess H460.18 uses for > tunneling. > > Is there any way to debug this in more detail? > > Thanks, > Siet > > -----Original Message----- > From: Simon Horne [mailto:s.horne@xxxxxxxxxxxxxx] > Sent: Monday, January 04, 2010 1:12 PM > To: 'GNU Gatekeeper Users' > Subject: Re: NAT issues with H245 > > > Siet > > For Mirial > The switch should be NATStdMin=18 not NATMinStd=18 Sorry that was my > typo in > the previous email. Try again with correct switch. > > For the LifeSize endpoint there is no nonstandard field (this is used > for > GnuGK NatMethod and omitted if using H.460.18) so this is correct. > 2010/01/04 13:53:18.449 3 RasSrv.cxx(2061) H46018 EP on > 92.67.128.131 supports H.460.18 > > Simon > > -----Original Message----- > From: Siet Toorman [mailto:siet.toorman@xxxxxxxxxxxx] > Sent: Monday, 4 January 2010 9:16 PM > To: GNU Gatekeeper Users > Subject: Re: NAT issues with H245 > > Hi Simon, Jan, thank you for the help and happy new year! > > I did a checkout of the latest GK source and compiled the binary. > Resulting in: > Gatekeeper(GNU) Version(2.3.2) > Ext(pthreads=1,radius=1,mysql=1,pgsql=0,firebird=0,odbc=0,sqlite=0,large > _fdset=0,crypto/ssl=0,h46018=1,h46023=1) Build(Jan 4 2010, 11:40:34) > Sys(Linux i686 2.6.18-164.2.1.el5.028stab066.7) > > And to the RoutedMode config I added NATMinStd=18, which resulted in: > > [RoutedMode] > GKRouted=1 > H245Routed=1 > EnableH46018=1 > NATMinStd=18 > SupportNATedEndpoints=1 > > However Mirial, which does not support H.460.18, still receives a > registrationConfirm when the GK is on the public internet and Mirial > endpoint behind closed NAT. > The registrationRequest states 0 nonStandardUsageTypes and no featureSet > field. The registrationConfirm includes the NAT=publicIP field in the > nonStandardData. > Does this indeed mean that Mirial indicates that h460.18 is not > supported, > and that the GK knows the Endpoint is behind NAT? In that case the new > NATMinStd config field seems to not be working. > The log of this registration can be found here: > http://upload.xandrios.net/gnugk_h460_mirial.log > > For LifeSize, H460 seems to indeed be supported. The registrationRequest > includes SupportedFeatures id=standard 18. However it seems that NAT is > not > detected, the nonStandardData field does not include the NAT=publicIP > field. > The log of this registration can be found here: > http://upload.xandrios.net/gnugk_h460_lifesize.log > > So the issues seem to not have been resolved completely. Something does > not > work quite right yet, however I am unable to pinpoint the exact cause > other > than that perhaps for LifeSize NAT is not detected..? > > What is your view on this? > > Thank you, > Siet > > > -----Original Message----- > From: Simon Horne [mailto:s.horne@xxxxxxxxxxxxxx] > Sent: Monday, December 28, 2009 1:50 AM > To: 'GNU Gatekeeper Users' > Subject: Re: NAT issues with H245 > > > Siet > > It is unfortunate that more vendors do not support H.460.18/.19. > Hopefully > now that it is available in open source then there might be further > impotus > to do so. > > I have added a new switch in the CVS to require all registrations that > are > detected as being behind a NAT to support a NAT standard. > > [RoutedMode] > NATMinStd=18 > > This will require all registrations to support H.460.18/.19 (a value of > 23 > means must support H.460.23/.24) if the endpoint does not then it will > receive an RRJ with reason requiredFeatureNotSupported. > > Thanks > > Simon > > -----Original Message----- > From: Siet Toorman [mailto:siet.toorman@xxxxxxxxxxxx] > Sent: Monday, 28 December 2009 1:43 AM > To: GNU Gatekeeper Users > Subject: Re: NAT issues with H245 > > Hi Simon, thanks for your help! > > I see, too bad that a giant like lifesize (Or is it Logitech these > days?) > does not put any effort in NAT traversal now that pretty much every > workstation in the world is behind a NAT gateway. > > Is there a way for GnuGK to detect that the Endpoint does not support > NAT > traversal? Because I would expect the gatekeeper to Reject the > registration > if something is not supported. Right now the gatekeeper accepts the > registration, and the endpoints think they are registered. When actually > placing a call however, it becomes clear at the endpoint that the > registration does not exist. It would be preferable if the GK would > reject > the registration so that the endpoint knows something does not work, and > write a logline indicating that the Endpoint was rejected due to > non-support > for NAT. > > When I disable H460.18 in the config (EnableH46018) the same issue > happens > by the way. This did not used to occur with a previous version of the > GK. > Previously i was able to register (altho not place calls). Now, even if > H460.18 disabled, the endpoints keep trying to register every 10 > seconds. Is > this expected behavior? > > Thanks & happy holidays! > -Siet > > -----Original Message----- > From: Simon Horne [mailto:s.horne@xxxxxxxxxxxxxx] > Sent: Fri 12/25/2009 10:52 PM > To: 'GNU Gatekeeper Users' > Subject: Re: NAT issues with H245 > > > Siet > > The issue is that the lifesize (you are using) and marial do not support > H.460.18/.19 > > You need to see this in the trace of the RRQ > > featureSet = { > replacementFeatureSet = false > supportedFeatures = 1 entries { > [0]={ > id = standard 18 > > Neither of them do so neither of them are able to work behind a NAT. > > Xmeeting does not support H.460.18/.19 however it is using STUN to open > pinhole in the NAT and register with gatekeeper using the detected > external > IP address and port hence the RCF with data=NoNat in the nonStandard > field. > The use of STUN only works with some NAT and not all and some of the > calls > will fail. > > There are a quite a few hardware however very few software devices that > I > know of (other than PacPhone) that actually supports H.460.18/.19. > > Simon > > -----Original Message----- > From: Siet Toorman [mailto:siet.toorman@xxxxxxxxxxxx] > Sent: Thursday, 24 December 2009 10:37 PM > To: GNU Gatekeeper Users > Subject: Re: NAT issues with H245 > > Hi Jan, thanks again for the help! > > I realized that H.460.18 is only supported in the latest release (2.3.1) > so > that is why I compiled my own version of 2.3.1. This version however has > the > issues described in my previous email: Registration of endpoints end up > in a > loop. > > > However registration for LifeSize and Merial does not go through. The > > NATed endpoints send a registrationrequest, receive a positive > > registrationConfirm...but try to register again after about 10 seconds > > Thanks! > -Siet > > -----Original Message----- > From: Jan Willamowius [mailto:jan@xxxxxxxxxxxxxx] > Sent: Thursday, December 24, 2009 1:13 PM > To: openh323gk-users@xxxxxxxxxxxxxxxxxxxxx > Subject: Re: NAT issues with H245 > > Hi Siet, > > support for H.460.18 was added in 2.3.0 and significatly improved in > 2.3.1, > it won't work in 2.2.7. > > Sorry, > Jan > > Siet Toorman wrote: > > Hi Jan, thank you for the help. > > > > Reason for using 2.2.7 is that this is the packaged version with > Ubuntu. > > Compiling the libraries from SVN/CVS head did not work, however the > > 'known good' lib combinations from Nov 16 compiles and runs cleanly. > > > > With this version I am having registration issues unfortunately. I > used > > the following Routed/proxy config: > > > > [RoutedMode] > > GKRouted=1 > > H245Routed=1 > > EnableH46018=1 > > SupportNATedEndpoints=1 > > > > [Proxy] > > Enable=1 > > ProxyForNAT=1 > > ProxyForSameNAT=1 > > > > However registration for LifeSize and Merial does not go through. The > > NATed endpoints send a registrationrequest, receive a positive > > registrationConfirm...but try to register again after about 10 > seconds. > > I confirmed this using a packet sniffer at the Endpoint (Wireshark: > > http://upload.xandrios.net/gnugk_2.3.1_reregistration_loop.pcap). > > > > I noticed that a Xmeeting endpoint does get registered. The difference > > > between Xmeeting and LifeSize is that Xmeeting receives a data=noNAT > in > > the nonStandardData field. Also, Xmeeting receives a serviceControl > > field with a sessionId=0, while Lifesize does not. > > > > A trace from a successful xmeeting registration from behind NAT can be > > > found here: > > http://upload.xandrios.net/gnugk_2.3.1_registration_xmeeting.pcap > > > > Any advice on how to continue? > > > > Thank you! > > -Siet > > > > > > -----Original Message----- > > From: Jan Willamowius [mailto:jan@xxxxxxxxxxxxxx] > > Sent: Wednesday, December 23, 2009 5:38 PM > > To: openh323gk-users@xxxxxxxxxxxxxxxxxxxxx > > Subject: Re: NAT issues with H245 > > > > Hi Siet, > > > > your first step should be to upgrade to GnuGk 2.3.1 and then enable > > H.460.18 in GnuGk and all your endpoints. > > The only problem will be the Mirial since it doesn't support any NAT > > traversal method as far as I know. > > > > Regards, > > Jan > > > > > > Siet Toorman wrote: > > > Hi, > > > > > > I'm trying to create a test setup with GnuGK and Lifesize > > conferencing. > > > I have the following available: > > > > > > - GnuGK server on public internet, no NAT no Firewall. > > > - Endpoint Lifesize Conference / passport behind NAT > > > - Endpoint Lifesize passport behind NAT > > > - Endpoint Mirial behind NAT > > > - Endpoint PacPhone behind NAT > > > > > > My Goal is to allow each device to call each other, without the need > > to > > > open/forward ports at the Endpoint's NAT router. > > > > > > This works only in case of PacPhone since this supports the NAT > > > Traversal functionality. However Mirial is supposed to support H245 > > and > > > I expected it to be able to overcome the NAT issues that way (?) > > > > > > I'm using GnuGK v2.2.7 with the following (very basic) config: > > > > > > [Gatekeeper::Main] > > > Fortytwo=42 > > > > > > [RoutedMode] > > > GKRouted=1 > > > H245Routed=1 > > > SupportNATedEndpoints=1 > > > > > > [Proxy] > > > Enable=1 > > > ProxyForNAT=1 > > > ProxyForSameNAT=1 > > > > > > >From what I understand this should route all data (control messages > + > > > media) through the GK. However when I place a call the GK still > tries > > to > > > connect outwards to the public IP of the Endpoint(s). Since these > > ports > > > are not forwarded the call fails. > > > > > > Am I missing something? I would have expected all traffic to be > routed > > > over the one connection that is setup from the endpoint to the GK. > The > > > GK connecting to the endpoints does not work due to the NAT router > in > > > front of them. > > > > > > All help is greatly appreciated! > > > > > > Thank you, > > > Siet -- Jan Willamowius, jan@xxxxxxxxxxxxxx, http://www.gnugk.org/ ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________________ Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users Homepage: http://www.gnugk.org/
