RCF|192.168.217.80:1720|6828:dialedDigits|terminal|9739_endp
RCF|192.168.217.76:1720|videowall:h323_ID|terminal|9740_endp
I then do an inbound call to 6828@216.13.45.141 which is the external address of the gatekeeper. It replies with the called party is not registered.
So what am I missing to do the translation from 6828@216.13.45.141 to 6828@192.168.217.80?
Logs:
2011/07/06 10:01:39.080 5 yasocket.cxx(782) TCPSrv 1 sockets selected from 6, total 6/0
2011/07/06 10:01:39.080 4 yasocket.cxx(904) TCPSrv Accept request on 216.13.45.141:1720
2011/07/06 10:01:39.080 5 tlibthrd.cxx(836) PWLib Created thread 0x1056420
2011/07/06 10:01:39.080 5 job.cxx(364) JOB Worker threads: 10 total - 10 busy, 0 idle
2011/07/06 10:01:39.080 5 tlibthrd.cxx(1337) PWLib Started thread 0x1056420 Worker:01056420
2011/07/06 10:01:39.080 5 job.cxx(170) JOB Worker 140149660825360 started
2011/07/06 10:01:39.081 5 job.cxx(190) JOB Starting Job Acceptor at Worker thread 140149660825360
2011/07/06 10:01:39.099 5 ProxyChannel.cxx(649) Q931s Reading from 216.13.45.139:11000
2011/07/06 10:01:39.099 3 ProxyChannel.cxx(965) Q931s Received: Setup CRV=27782 from 216.13.45.139:11000
2011/07/06 10:01:39.321 4 ProxyChannel.cxx(908) Q931 Received: {
q931pdu = {
protocolDiscriminator = 8
callReference = 27782
from = originator
messageType = Setup
IE: Bearer-Capability = {
88 18 8c a5 ....
}
IE: Display = {
4d 41 47 4f 52 20 54 31 30 30 30 MAGOR T1000
}
IE: Calling-Party-Number = {
a1 32 31 36 2e 31 33 2e 34 35 2e 31 33 39 .216.13.45.139
}
IE: Called-Party-Number = {
a1 36 38 32 38 40 32 31 36 2e 31 33 2e 34 35 2e .6828@216.13.45.
31 34 31 141
}
IE: User-User = {
60 b8 06 00 08 91 4a 00 05 01 40 0a 00 4d 00 41 `.....J...@..M.A
00 47 00 4f 00 52 00 20 00 54 00 31 00 30 00 30 .G.O.R. .T.1.0.0
00 30 22 c0 82 01 01 00 07 54 61 6e 64 62 65 72 .0"......Tandber
67 01 35 33 50 82 01 01 00 08 54 61 6e 64 62 65 g.53P.....Tandbe
72 67 00 01 80 14 00 11 36 38 32 38 40 32 31 36 rg......6828@216
2e 31 33 2e 34 35 2e 31 34 31 00 d8 0d 2d 8d 06 .13.45.141...-..
b8 00 02 b2 1f 74 4c 00 10 00 10 0a 00 50 60 01 .....tL......P`.
bb 0c 00 d5 0d 98 00 07 00 d8 0d 2d 8b 2a f8 11 ...........-.*..
00 02 b2 1f 74 4c 00 10 00 10 09 00 50 60 01 bb ....tL......P`..
0c 01 00 01 00 01 00 01 80 01 00 01 40 10 80 01 ............@...
00 00 05 0a 4d 41 47 4f 52 20 54 31 30 30 30 ....MAGOR T1000
}
}
h225pdu = {
h323_uu_pdu = {
h323_message_body = setup {
protocolIdentifier = 0.0.8.2250.0.5
sourceAddress = 1 entries {
[0]=h323_ID 11 characters {
004d 0041 0047 004f 0052 0020 0054 0031 MAGOR T1
0030 0030 0030 000
}
}
sourceInfo = {
vendor = {
vendor = {
t35CountryCode = 130
t35Extension = 1
manufacturerCode = 256
}
productId = 8 octets {
54 61 6e 64 62 65 72 67 Tandberg
}
versionId = 2 octets {
35 33 53
}
}
terminal = {
nonStandardData = {
nonStandardIdentifier = h221NonStandard {
t35CountryCode = 130
t35Extension = 1
manufacturerCode = 256
}
data ="" 8 octets {
54 61 6e 64 62 65 72 67 Tandberg
}
}
}
mc = FALSE
undefinedNode = FALSE
}
destinationAddress = 1 entries {
[0]=url_ID "6828@216.13.45.141"
}
destCallSignalAddress = ipAddress {
ip = 4 octets {
d8 0d 2d 8d ..-.
}
port = 1720
}
activeMC = FALSE
conferenceID = 16 octets {
02 b2 1f 74 4c 00 10 00 10 0a 00 50 60 01 bb 0c ...tL......P`...
}
conferenceGoal = create <<null>>
callType = pointToPoint <<null>>
sourceCallSignalAddress = ipAddress {
ip = 4 octets {
d8 0d 2d 8b ..-.
}
port = 11000
}
callIdentifier = {
guid = 16 octets {
02 b2 1f 74 4c 00 10 00 10 09 00 50 60 01 bb 0c ...tL......P`...
}
}
mediaWaitForConnect = FALSE
canOverlapSend = FALSE
multipleCalls = FALSE
maintainConnection = TRUE
presentationIndicator = presentationAllowed <<null>>
screeningIndicator = userProvidedVerifiedAndFailed
}
h245Tunneling = FALSE
}
user_data = {
protocol_discriminator = 5
user_information = 11 octets {
4d 41 47 4f 52 20 54 31 30 30 30 MAGOR T1000
}
}
}
}
2011/07/06 10:01:39.321 4 ProxyChannel.cxx(1770) Q931s GWRewrite source for 216.13.45.139:11000: setup H323 ID or E164
2011/07/06 10:01:39.321 2 Toolkit.cxx(560) RewriteToE164: 6828@216.13.45.141 to 6828
2011/07/06 10:01:39.321 2 Toolkit.cxx(560) RewriteToE164: 6828@216.13.45.141 to 6828
2011/07/06 10:01:39.321 3 gkauth.cxx(1067) GKAUTH default Setup check ok
2011/07/06 10:01:39.321 5 Routing.cxx(197) ROUTING Checking policy Explicit for request Setup CRV=27782
2011/07/06 10:01:39.321 5 Routing.cxx(197) ROUTING Checking policy Internal for request Setup CRV=27782
2011/07/06 10:01:39.321 3 ProxyChannel.cxx(2092) Q931s No destination for unregistered call 02 b2 1f 74 4c 00 10 00 10 09 00 50 60 01 bb 0c from 216.13.45.139:11000
2011/07/06 10:01:39.321 4 ProxyChannel.cxx(2139) Q931s Unregistered party is not NATed
2011/07/06 10:01:39.321 2 RasTbl.cxx(3130) CallTable::Insert(CALL) Call No. 4, total sessions : 1
2011/07/06 10:01:39.321 2 gkacct.cxx(1043) GKACCT Successfully logged event 1 for call no. 4
2011/07/06 10:01:39.321 2 RasTbl.cxx(3538) CDR ignore not connected call
2011/07/06 10:01:39.322 2 gkacct.cxx(1043) GKACCT Successfully logged event 2 for call no. 4
2011/07/06 10:01:39.322 4 ProxyChannel.cxx(908) Q931 Send to 216.13.45.139:11000 {
q931pdu = {
protocolDiscriminator = 8
callReference = 60550
from = destination
messageType = ReleaseComplete
IE: Cause - Subscriber absent = {
80 94 ..
}
IE: User-User = {
25 80 06 00 08 91 4a 00 02 01 11 00 02 b2 1f 74 %.....J........t
4c 00 10 00 10 09 00 50 60 01 bb 0c 02 80 01 00 L......P`.......
}
}
h225pdu = {
h323_uu_pdu = {
h323_message_body = releaseComplete {
protocolIdentifier = 0.0.8.2250.0.2
callIdentifier = {
guid = 16 octets {
02 b2 1f 74 4c 00 10 00 10 09 00 50 60 01 bb 0c ...tL......P`...
}
}
}
h245Tunneling = FALSE
}
}
}
2011/07/06 10:01:39.322 3 yasocket.cxx(576) Q931s Delete socket 216.13.45.139:11000
2011/07/06 10:01:39.322 5 job.cxx(427) JOB Job Acceptor deleted
2011/07/06 10:01:39.322 5 job.cxx(416) JOB Worker threads: 10 total - 9 busy, 1 idle
2011/07/06 10:01:39.460 3 RasTbl.cxx(2143) Gk Delete Call No. 4
2011/07/06 10:08:41.055 5 yasocket.cxx(782) TCPSrv 1 sockets selected from 6, total 6/0
2011/07/06 10:08:41.055 4 yasocket.cxx(904) TCPSrv Accept request on 127.0.0.1:7000
2011/07/06 10:08:41.073 5 job.cxx(364) JOB Worker threads: 10 total - 10 busy, 0 idle
2011/07/06 10:08:41.073 5 job.cxx(190) JOB Starting Job Acceptor at Worker thread 140149660825360
2011/07/06 10:08:41.073 4 GkStatus.cxx(1066) STATUS Authentication rule 'allow' accepted the client 127.0.0.1:52126=>127.0.0.1:7000
2011/07/06 10:08:41.073 4 GkStatus.cxx(929) STATUS New connection from 127.0.0.1:52126=>127.0.0.1:7000 accepted
2011/07/06 10:08:41.073 1 GkStatus.cxx(505) STATUS New client authenticated successfully: 1 127.0.0.1:52126=>127.0.0.1:7000 , login:
2011/07/06 10:08:41.073 5 yasocket.cxx(751) GkStatus Total sockets: 1
2011/07/06 10:08:41.073 5 job.cxx(427) JOB Job Acceptor deleted
2011/07/06 10:08:41.073 5 yasocket.cxx(782) GkStatus 1 sockets selected from 1, total 1/0
2011/07/06 10:08:41.073 5 job.cxx(416) JOB Worker threads: 10 total - 9 busy, 1 idle
2011/07/06 10:08:47.259 5 yasocket.cxx(782) GkStatus 1 sockets selected from 1, total 1/0
2011/07/06 10:08:47.259 5 job.cxx(364) JOB Worker threads: 10 total - 10 busy, 0 idle
2011/07/06 10:08:47.259 5 job.cxx(190) JOB Starting Job StatusCmd ? at Worker thread 140149660825360
2011/07/06 10:08:47.259 5 yasocket.cxx(782) GkStatus 1 sockets selected from 1, total 1/0
2011/07/06 10:08:47.259 5 GkStatus.cxx(1136) STATUS Got command ? from client 127.0.0.1:52126=>127.0.0.1:7000
2011/07/06 10:08:47.259 3 SoftPBX.cxx(59) GK SoftPBX: PrintAllRegistrations
2011/07/06 10:08:47.259 5 job.cxx(427) JOB Job StatusCmd ? deleted
2011/07/06 10:08:47.259 5 job.cxx(416) JOB Worker threads: 10 total - 9 busy, 1 idle
2011/07/06 10:10:01.830 5 yasocket.cxx(782) GkStatus 1 sockets selected from 1, total 1/0
2011/07/06 10:10:01.830 5 job.cxx(364) JOB Worker threads: 10 total - 10 busy, 0 idle
2011/07/06 10:10:01.830 5 job.cxx(190) JOB Starting Job StatusCmd fv 6828 at Worker thread 140149660825360
2011/07/06 10:10:01.830 5 yasocket.cxx(782) GkStatus 1 sockets selected from 1, total 1/0
2011/07/06 10:10:01.830 5 GkStatus.cxx(1136) STATUS Got command fv 6828 from client 127.0.0.1:52126=>127.0.0.1:7000
2011/07/06 10:10:01.830 4 RasTbl.cxx(1632) Alias match for EP 192.168.217.80:1720
2011/07/06 10:10:01.830 5 job.cxx(427) JOB Job StatusCmd fv 6828 deleted
2011/07/06 10:10:01.830 5 job.cxx(416) JOB Worker threads: 10 total - 9 busy, 1 idle
2011/07/06 10:10:44.280 5 yasocket.cxx(782) GkStatus 1 sockets selected from 1, total 1/0
2011/07/06 10:10:44.280 5 job.cxx(364) JOB Worker threads: 10 total - 10 busy, 0 idle
2011/07/06 10:10:44.280 5 job.cxx(190) JOB Starting Job StatusCmd fv 6828@216.13.45.141 at Worker thread 140149660825360
2011/07/06 10:10:44.280 5 yasocket.cxx(782) GkStatus 1 sockets selected from 1, total 1/0
2011/07/06 10:10:44.280 5 GkStatus.cxx(1136) STATUS Got command fv 6828@216.13.45.141 from client 127.0.0.1:52126=>127.0.0.1:7000
2011/07/06 10:10:44.280 2 Toolkit.cxx(560) RewriteToE164: 6828@216.13.45.141 to 6828
2011/07/06 10:10:44.330 5 job.cxx(427) JOB Job StatusCmd fv 6828@216.13.45.141 deleted
2011/07/06 10:10:44.331 5 job.cxx(416) JOB Worker threads: 10 total - 9 busy, 1 idle
2011/07/06 10:17:26.300 5 yasocket.cxx(782) GkStatus 1 sockets selected from 1, total 1/0
2011/07/06 10:17:26.300 5 job.cxx(364) JOB Worker threads: 10 total - 10 busy, 0 idle
2011/07/06 10:17:26.300 5 job.cxx(190) JOB Starting Job StatusCmd r at Worker thread 140149660825360
2011/07/06 10:17:26.300 5 yasocket.cxx(782) GkStatus 1 sockets selected from 1, total 1/0
2011/07/06 10:17:26.300 5 GkStatus.cxx(1136) STATUS Got command r from client 127.0.0.1:52126=>127.0.0.1:7000
2011/07/06 10:17:26.300 3 SoftPBX.cxx(59) GK SoftPBX: PrintAllRegistrations
2011/07/06 10:17:26.300 5 job.cxx(427) JOB Job StatusCmd r deleted
2011/07/06 10:17:26.300 5 job.cxx(416) JOB Worker threads: 10 total - 9 busy, 1 idle
Gatekeeper.ini:
root@HDPassport1:/etc# cat gatekeeper.ini
;; Boolean values.
;; Boolean Values are retresented by a case insensitive string
;; - "t"..., "y"... or "1" for TRUE
;; - all other for FALSE
;; NOTE: This parameters may be loaded at program startup and not influenced by the HUP signal.
[Gatekeeper::Main]
;; 'config is present' indicator. Has to be 42.
Fortytwo=42
; Includes in some RAS-Msgs
Name=MagorH323GK
#CompareAliasType=0
#CompareAliasCase=0
; overwritten from command line parameter
;Home=192.168.217.79,216.13.45.141
;TraceLevel=2
;NetworkInterfaces=
;TimeToLive=600
;TotalBandwidth=100000
;StatusPort=7000
;StatusTraceLevel=2
;UseBroadcastListener=0
;;
;; Failover support
;;
;AlternateGKs=1.2.3.4:1719:false:120:OpenH323GK2
;SendTo=1.2.3.4:1719
;EndpointIDSuffix=_gk1
;SkipForwards=4.3.2.1
;RedirectGK=Calls > 50
;;
;; You should never need to change any of the following values.
;; They are mainly used for testing or very sophisticated applications.
;;
;UnicastRasPort=1719
;UseMulticastListener=1
;MulticastPort=1718
;MulticastGroup=224.0.1.41
;EndpointSignalPort=1720
;ListenQueueLength=1024
;TimestampFormat=RFC822
;[LogFile]
; hourly - once per hour
; daily - once per day,
; weekly - once per week,
; monthly - once per month
;Rotate=weekly
; For weekly rotation:
; Mon, Tue, Wed, Thu, Fri, Sat, Sun
; Monday, Tuesday, Wednesday, Thursday, Friday, Saturday, Sunday
; 1, 2, 3, 4, 5, 6, 0
;RotateDay=Sun
; For monthly rotation (31th of each month, or the last day of the month
; if it has less than 31 days)
; RotateDay=31
; For daily, weekly and monthly rotation (rotation will be performed at 4:00)
;RotateTime=4:00
; For hourly rotation (rotation will be performed at 0:59, 1:59, ...)
;RotateTime=59
[RoutedMode]
GKRouted=1
H245Routed=1
;RemoveH245AddressOnTunneling=0
;AcceptNeighborsCalls=1
AcceptUnregisteredCalls=1
SupportNATedEndpoints=1
SupportCallingNATedEndpoints=1
;DropCallsByReleaseComplete=1
CallSignalPort=1720
;CallSignalHandlerNumber=5
;RtpHandlerNumber=1
;RemoveCallOnDRQ=1
;SendReleaseCompleteOnDRQ=0
;ScreenDisplayIE=
;ScreenCallingPartyNumberIE=
;ScreenSourceAddress=
;ForwardOnFacility=1
;ShowForwarderNumber=1
Q931PortRange=20000-20999
H245PortRange=30000-30999
;SetupTimeout=8000
;SignalTimeout=15000
;AlertingTimeout=60000
TcpKeepAlive=1
;TranslateFacility=1
;SocketCleanupTimeout=5000
;ActivateFailover=1
;FailoverCauses=1-15,21-127
;CpsLimit=10
;CpsCheckInterval=5
;; Gatekeeper generated CallProceeding (experimental)
;GenerateCallProceeding=1
;UseProvisionalRespToH245Tunneling=1
;EnableH46018=1
[Proxy]
Enable=1
#InternalNetwork=192.168.216.0/22
ProxyAlways=1
T120PortRange=40000-40999
RTPPortRange=50000-59999
ProxyForNAT=1
ProxyForSameNAT=1
EnableRTPMute=1
[ModeSelection]
216.13.45.0/24=PROXY
192.168.217.0/24=PROXY
192.168.216.0/24=PROXY
[Endpoint]
;Gatekeeper=no
;Gatekeeper=auto
;Gatekeeper=210.58.112.188
;Type=Gateway
;H323ID=CitronProxy
;E164=18888600000
;Password=
;Prefix=18888600,1888890003
;TimeToLive=900
;RRQRetryInterval=10
;UnregisterOnReload=0
;NATRetryInterval=60
;NATKeepaliveInterval=86400
;Discovery=1
;GatekeeperIdentifier=ParentGKId
;UseAlternateGK=1
;EndpointIdentifier=ChildGKId
;Vendor=Cisco
[Endpoint::RewriteE164]
;188889000=9
;;
;; Prefixes of e164 numbers for gateways.
;; A dot (.) matches any digit, ! at the beginning disables the prefix
;; Separate list elements by one of " ,;\t".
;; @see RasTbl::addPrefixes
;; This parameters should consider a HUP signal.
[RasSrv::GWPrefixes]
;; Test-Gateways
; 195.71.226.162
;rossi-gt2=80,90
;rossi-gt2=0
; 195.71.226.165
;rossi-gt3=80,90
;rossi-gt3=05241,0521,5241,521
; 195.71.129.254
;ip400-v1=12
;ip400-wi1=0
[RasSrv::RRQFeatures]
;OverwriteEPOnSameAddress=1
AcceptEndpointIdentifier=0
;AcceptGatewayPrefixes=1
;IRQPollCount=0
#AliasTypeFilter=terminal;dialeddigits
#AliasTypeFilter=gateway;h323id
[RasSrv::ARQFeatures]
CallUnregisteredEndpoints=1
;ArjReasonRouteCallToGatekeeper=1
;RemoveTrailingChar=#
;RoundRobinGateways=1
;; Routing polices define how the message destination is located
;; and where the call is routed. Currently the following policies
;; are implemented:
;;
;; explicit (only ARQ,Setup,Facility)
;;
;; If destCallSignalAddress is specified by the message,
;; the call is routed to this address - aliases, prefixes,
;; parent, neighbors are not further checked.
;;
;; internal
;;
;; A local GK registration table is checked for matching alias.
;;
;; parent
;;
;; A parent gatekeeper (if this GK is registered as a child GK)
;; is queried with ARQ or LRQ.
;;
;; dns
;;
;; Routing request aliases are scanned for presence of 'name@domain'
;; alias types - if such an alias is found, domain part is removed
;; and the call is routed to the endpoint 'name' at domain:1720.
;;
;; vqueue (only ARQ)
;;
;; Destination alises are checked for match with a virtual queue name
;; (configure via CTI::Agents). If there is a match, RoutingRequest
;; is signalled and the call is routed to the destination specified
;; by some external application (like ACD).
;;
;; neighbor
;;
;; The gatekeeper neighbors are queries with LRQ for the destination
;; of this routing request.
;;
;; numberanalysis
;;
;; Check length of dialed numbers.
;;
;; enum
;;
;; Tries to find a call destination using ENUM service.
[RoutingPolicy]
;default=explicit,internal,parent,neighbor
default=explicit,internal
;[RoutingPolicy::OnARQ]
;h323_ID=vqueue,internal
;default=explicit,internal
;[RoutingPolicy::OnLRQ]
;0048=internal
;default=neighbor
;[RoutingPolicy::OnSetup]
;dialedDigits=internal,neighbor
;default=explicit,internal,parent,neighbor
;[RoutingPolicy::OnFacility]
;default=internal
[Routing::Explicit]
#216.13.45.141=192.168.217.80
[RewriteCLI]
#in:216.13.45.139=dno:6828=6828@192.168.217.80
[RasSrv::RRQAuth]
;; On a RRQ the h323-alias is queried from this section.
;; If there is an entry the endpoint is authenticated against the given rules.
;; If there is no entry the default action is performed. The default action
;; is to confirm the RRQ, unless the parameter "default=reject" is given.
;;
;; Notation:
;; <authrules> := empty | <authrule> "&" <authrules>
;; <authrule> := <authtype> ":" <authparams>
;; <authtype> := "sigaddr" | "sigip"
;; <autparams> := [!&]*
;; The notation and meaning of <authparams> depends on <authtype>:
;; - sigaddr: extended regular _expression_ that has to match agains the
;; "PrintOn(ostream)" representation of the signal address of the request.
;; Example: "sigaddr:.*ipAddress .* ip = .* c3 47 e2 a5 .*port = 1720.*"
;; - sigip: specialized form of "sigaddr". Write the signalling ip adresse
;; using (commonly used) decimal notation: "byteA.byteB.byteC.byteD:port"
;; Example of the above sigaddr: "sigip:195.71.226.165:1720"
;;
;; This parameters should consider a HUP signal.
;rossi-gt1=sigaddr:.*ipAddress .* ip = .* c3 47 e2 a2 .*port = 1720.*
;rossi-gt2=sigaddr:.*ipAddress .* ip = .* c3 47 e2 a5 .*port = 1720.*
;rossi-gt3=sigip:195.71.226.165:1720
;default=confirm
;; The parameter "rule" may be one of the following:
;; - "forbid" disallow any connection (default when no rule us given)
;; - "allow" allow any connection
;; - "explicit" reads the parameter ;"<ip>=<value>"; with ip is the ip4-address
;; if the peering client. ;<value>; is resolved with ;Toolkit::AsBool;. If the ip
;; is not listed the param "default" is used.
;; - "regex" the ;<ip>; of the client is matched against the given regular _expression_.
;; First the ip-rules (like "explicit") are tested. Olny of no such param exists
;; the regex is tried.
;; Example: "regex=^195\.71\.(129|131)\.[0-9]+$"
;; - "password" queries remote user for login/password combination and checks
;; it against username/password stored in this section. Passwords are encrypted
;; with addpasswd utility using KeyFilled encryption key. DelayReject defines
;; delay before reject is sent.
[GkStatus::Auth]
rule=allow
;rule=deny
;rule=explicit
;rule=regex
; - 195.71.129.*
; - 195.71.100.*
; - 62.52.26.[1-2][0-9][0-9]
;regex=^(195\.71\.(129|100)\.[0-9]+)|(62\.52\.26\.[1-2][0-9][0-9])$
; only used when "rule=explicit"
;default=forbid
;Shutdown=0
;KeyFilled=123
;DelayReject=5
;LoginTimeout=120
;;
;; Beside other things every number to rewrite has its
;; own key/value-line. The implemententation is such that
;; all numbers that shell be rewritten have to begin
;; with a common prefix given by 'Fastmatch'.
;;
;; Doc From the code:
;; // Do rewrite to ;newE164;. Append the suffix too.
;; // old: 01901234999
;; // 999 Suffix
;; // 0190 Fastmatch
;; // 01901234 prefix, Config-Rule: 01901234=0521321
;; // new: 0521321999
;;
;; The rewrite-numbers function take care of reloads/a HUP signal.
[RasSrv::RewriteE164]
;; Only if an e164 number begins with ;Fastmatch; the
;; the further rewriting is done. Only one #Fastmatch# can be given.
;Fastmatch=
;0190703100=052418088663
;01903142=0521178260
;5241908601903142=521178260
;7777.=.
;%%%%48=48
;; Neighbor gatekeepers are listed in this section. The list has the following
;; format:
;; GkId=GkProfile
;; where GkProfile can be one of:
;; GkProfile := "GnuGK" | "CiscoGK" | "ClarentGK" | "GlonetGK"
;; | <OldGk - old gnu gk format>
;;
;; Configuration settings for each neighbor are then stored in [Neighbor::GkId]
;; sections. One exception to this rule is OldGK neighbor type - the configuration
;; settings are then read directly from this section
[RasSrv::Neighbors]
;GK1=203.60.151.9:1719;02,003;gk1pass;false
;GK2=GnuGK
;GK3=CiscoGK
;GK4=203.60.151.10:1719;*
;; For compatibility with old GK 2.0 config type - neighbors of all other types
;; read their settings directly from their [Neighbor::GkId] sections
[RasSrv::LRQFeatures]
; how long to wait for LCF from neighbors (seconds)
;NeighborTimeout=2
; hop count to be set for LRQs generated by the gk and sent to this neighbor
; this also applies to LRQs being forwarded and which did not contain hop count
;ForwardHopCount=2
; whether to wait for LCF when forwarding LRQ or to just forward and forget
;ForwardResponse=0
; forwarding policy for this neighbor:
; never - do not forward LRQs received from this neighbor
; always - forward all LRQs with hop count > 1 or without hop count (the hop count
; is then set to ForwardHopCount for each neighbor)
; depends - forward only LRQs containing hop count > 1
;ForwardLRQ=never
;ForwardLRQ=always
;ForwardLRQ=depends
; whether forwarded LRQs from this neighbor should be accepted
;AcceptForwardedLRQ=1
; this setting applies only to OldGK neighbor types and is a global one
; if set to 1 has the same effect as ForwardLRQ=always would have
;AlwaysForwardLRQ=0
; allow LRQs from gatekeepers not listed as neighbors
;AcceptNonNeighborLRQ=0
; allow responding LCFs to be received from anywhere after sending LRQ
;AcceptNonNeighborLCF=0
;; Sample configuration for GK1 neighbor. It can be of
[Neighbor::GK1]
;GatekeeperIdentifier=GK1
;Host=203.60.151.5:1719
;Password=secret_not_encrypted
;Dynamic=0
;SendPrefixes=url_ID,email_ID
;SendPrefixes=02:=1,003:=2,0048
;SendPrefixes=*
;AcceptPrefixes=*
;AcceptPrefixes=0059,001
;AcceptPrefixes=h323_ID,dialedDigits
;ForwardHopCount=2
;AcceptForwardedLRQ=1
;ForwardResponse=0
;ForwardLRQ=always
;ForwardLRQ=never
;ForwardLRQ=0
;UseH46018=1
;;
;; In this section you can put endpoints that don't have RAS support
;; or that you don't want to be expired. The records will always
;; in GK's registration table.
;; However, You can still unregister it via status thread.
;;
;
; ip[:port]=alias,alias,...[;prefix,prefix,...]
;
[RasSrv::PermanentEndpoints]
; For gateway
;10.0.1.5=Citron;009,008
; For terminal
;10.0.1.10=798
#216.13.45.139=1000
192.168.217.80=6828
192.168.217.76=6869
;;
;; Authentication mechanism
;;
;; Syntax:
;; authrule=actions
;;
;; <authrule> := SimplePasswordAuth | AliasAuth | SQLAliasAuth
;; | SQLPasswordAuth | RadAuth | RadAliasAuth |...
;; <actions> := <control>[;<ras>|<q931>,<ras>|<q931>,...]
;; <control> := optional | required | sufficient
;; <ras> := GRQ | RRQ | URQ | ARQ | BRQ | DRQ | LRQ | IRQ
;; <q931> := Setup | SetupUnreg
;;
;; Currently supported modules:
;;
;; SimplePasswordAuth/SQLPasswordAuth
;;
;; The module checks the tokens or cryptoTokens
;; fields of RAS message. The tokens should contain
;; at least generalID and password. For cryptoTokens,
;; cryptoEPPwdHash tokens hashed by simple MD5 and
;; nestedcryptoToken tokens hashed by HMAC-SHA1-96
;; (libssl must be installed!) are supported now.
;; The ID and password are read from [SimplePasswordAuth] section
;; for SimplePasswordAuth or from an SQL database
;; for SQLPasswordAuth.
;;
;; AliasAuth/SQLAliasAuth
;;
;; The IP of an endpoint with given alias should
;; match a specified pattern. For AliasAuth the pattern
;; is defined in [RasSrv::RRQAuth] section. For SQLAliasAuth
;; the authentication condition strings are read
;; from an SQL database.
;;
;; PrefixAuth
;;
;; RRQ or ARQ requests can be checked for a specific
;; aliases combination, IP address or destination prefix.
;;
;; RadAuth/RadAliasAuth
;;
;; The H.235 username/password from RRQ/ARQ message
;; or endpoint alias/IP from RRQ/ARQ/Setup message
;; is used to authenticate an endpoint/a call using
;; RADIUS server.
;;
;; A rule may results in one of the three codes: ok, fail, pass.
;;
;; ok The request is authenticated by this module
;; fail The authentication fails and should be rejected
;; next The rule cannot determine the request
;;
;; There are also three ways to control a rule:
;;
;; optional If the rule cannot determine the request, it is passed
;; to next rule.
;; required The requests should be authenticated by this module,
;; or it would be rejected. The authenticated request would
;; then be passwd to next rule.
;; sufficient If the request is authenticated, it is accepted,
;; or it would be rejected. That is, the rule determines
;; the fate of the request. No rule should be put after
;; a sufficient rule, since it won't take effect.
;;
;; You can also configure a rule to check only for some particular RAS
;; messages. For example, to configure SimplePasswordAuth as a required
;; rule to check RRQ, ARQ and LRQ:
;; SimplePasswordAuth=required;RRQ,ARQ,LRQ
;
[Gatekeeper::Auth]
SimplePasswordAuth=optional
;AliasAuth=sufficient;RRQ
;RadAuth=required;RRQ,ARQ
;RadAliasAuth=required;SetupUnreg
;default=reject
default=allow
;;
;; Use 'make addpasswd' to generate the utility addpasswd
;; Usage:
;; addpasswd config userid password
;;
;[SimplePasswordAuth]
;KeyFilled=123
;CheckID=FALSE
;PasswordTimeout=0
;(id=cwhuang, password=123456)
;cwhuang=UGwUtpy837k=
;[SQLPasswordAuth]
;Driver=MySQL
;Host=localhost:1234
;Database=billing
;Username=gnugk
;Password=secret
;Table=customer
;Query=SELECT password FROM users WHEN alias = '%1'
;CacheTimeout=30
;MinPoolSize=5
;[SQLAliasAuth]
;Driver=PostgreSQL
;Host=localhost:1234
;Database=billing
;Username=gnugk
;Password=secret
;Table=customer
;Query=SELECT authcondition FROM users WHEN alias = '%1'
;CacheTimeout=30
;MinPoolSize=1
; Configuration section for RadAuth authenticator module
;[RadAuth]
;Servers=192.168.1.2:1645;123.123.123.2;radius1.mycompany.com
;LocalInterface=192.168.1.1
;RadiusPortRange=10000-11000
;DefaultAuthPort=1645
;SharedSecret=0wnd239eqhq!*kajw821osa
;RequestTimeout=2000
;IdCacheTimeout=9000
;SocketDeleteTimeout=60000
;RequestRetransmissions=2
;RoundRobinServers=1
;AppendCiscoAttributes=1
;IncludeTerminalAliases=1
;UseDialedNumber=1
; Configuration section for RadAuth authenticator module
;[RadAliasAuth]
;Servers=192.168.1.2:1645;123.123.123.2;radius1.mycompany.com
;LocalInterface=192.168.1.1
;RadiusPortRange=10000-11000
;DefaultAuthPort=1645
;SharedSecret=0wnd239eqhq!*kajw821osa
;RequestTimeout=2000
;IdCacheTimeout=9000
;SocketDeleteTimeout=60000
;RequestRetransmissions=2
;RoundRobinServers=1
;AppendCiscoAttributes=1
;IncludeTerminalAliases=1
;FixedUsername=
;FixedPassword=fixed_user_pwd
;UseDialedNumber=1
;[PrefixAuth]
;0048=deny !ipv4:192.168.1.0/255.255.255.0
;0033=allow alias:^777.*
;0049=deny ipv4:192.168.1.1 | allow ipv4:192.168.1.0/255.255.255
;ALL=allow ipv4:ALL
;default=deny
[CallTable]
;GenerateNBCDR=TRUE
;GenerateUCCDR=TRUE
;DefaultCallDurationLimit=21600
;AcctUpdateInterval=0
;TimestampFormat=RFC822
;IRRFrequency=120
;IRRCheck=FALSE
;SingleFailoverCDR=0
[H225toQ931]
;0=34 # noBandwidth
;1=47 # gatekeeperResources
;2=3 # unreachableDestination
;3=16 # destinationRejection
;4=88 # invalidRevision
;5=111 # noPermission
;6=38 # unreachableGatekeeper
;7=42 # gatewayResources
;8=28 # badFormatAddress
;9=41 # adaptiveBusy
;10=17 # inConf
;11=31 # undefinedReason
;12=16 # facilityCallDeflection
;13=31 # securityDenied
;14=20 # calledPartyNotRegistered
;15=31 # callerNotRegistered
;16=47 # newConnectionNeeded
;17=127 # nonStandardReason
;18=31 # replaceWithConferenceInvite
;19=31 # genericDataReason
;20=31 # neededFeatureNotSupported
;21=127 # tunnelledSignallingRejected
;;
;; Accounting mechanism
;;
;; Syntax:
;; acctmod=actions
;; ...
;;
;; <acctmod> := RadAcct | FileAcct | SQLAcct | ...
;; <actions> := <control>[;<event>,<event>,...]
;; <control> := optional | required | sufficient | alternative
;; <event> := start | stop | connect | update | on | off
;;
;; One special module is the "default" module - it can be used
;; to determine a final accounting status:
;;
;; default=<status>[;<event>,<event>]
;;
;; <status> := accept | reject
;; <event> := start | stop | connect | update | on | off
;;
;; Currently supported modules:
;;
;; RadAcct
;;
;; Provides accounting through RADIUS protocol.
;;
;; FileAcct
;;
;; Provides accounting to a plain text file using GK status line CDR format.
;;
;; SQLAcct
;;
;; Provides accounting directly to an SQL database.
;;
;; StatusAcct
;;
;; Logs accounting events on the status port.
;;
;; SyslogAcct
;;
;; Logs accounting events on the Unix syslog.
;;
;; default
;;
;; Determines the final status, if not already set by another module
;; (it can be helpful with optional or alternative actions).
;;
;; Processing of an accounting event by an accounting module may results
;; in one of the three codes: ok, fail, next.
;;
;; ok the accounting event has been succesfully processed (logged) by this module
;; fail the accounting event has not been logged by this module (due to failure)
;; next the accounting event has not been logged by this module,
;; either because the module does not support this event type
;; or the event type has not been configured to be processed
;;
;; There are also three ways to control how an accounting event is passed down
;; through a stack of modules:
;;
;; optional the module tries to log the accounting event. Success or
;; failure does not determine the final status for all modules
;; (except when the rule is the last one). The event is then
;; passed down to remaining modules.
;; required if the module fails to log the event, the final status is set
;; to failure. If the event is logged successfully, the final status
;; is determined by any remaining modules (except when the rule is the last one).
;; sufficient if the module logs the event successfully, remaining modules
;; are not processed and the final status is success. Otherwise
;; the final status is failure and the event is passed down
;; to any remaining modules.
;; alternative if the module logs the event successfully, remaining modules
;; are not processed and the final status is success. Otherwise
;; the final status is determined by any remaining modules.
;;
;; You can configure a module to log only some particular accounting events.
;; For example, to configure RadAcct as a required module to log call "start"
;; and "stop" events only, write:
;; RadAcct=required;start,stop
;;
;; Recognized accounting event types:
;;
;; start call start
;; stop call stop (disconnect)
;; connect call connected
;; update call update
;; on GK start
;; off GK stop
;;
[Gatekeeper::Acct]
;RadAcct=optional;start,stop,on,off
;FileAcct=sufficient;stop
; if the GK can't auto detect your NATed EP
; set it here
[NATedEndpoints]
;704=11.1.1.111
;705=allow
; settings for inbound call distribution with virtual queue
;[CTI::Agents]
;VirtualQueueAliases=CC
;VirtualQueuePrefixes=001,0044,0049
;VirtualQueueRegex=^(001|04)[0-9]*$
;RequestTimeout=10
; settings for status port command MakeCall
[CTI::MakeCall]
EndpointAlias=DialOut
TransferMethod=FacilityForward
UseH450=0
Interface=192.168.217.79:1722
Gatekeeper=192.168.217.79
DisableFastStart=1
DisableH245Tunneling=1
; Configuration section for RadAcct accounting module
; Currently supported accounting events:
; start,stop,update,on,off
;[RadAcct]
;Servers=192.168.1.2;radius1.mycompany.com
;LocalInterface=192.168.1.1
;RadiusPortRange=10000-11000
;DefaultAcctPort=1646
;SharedSecret=testing
;RequestTimeout=3500
;IdCacheTimeout=9000
;SocketDeleteTimeout=60000
;RequestRetransmissions=3
;RoundRobinServers=1
;AppendCiscoAttributes=1
;FixedUsername=
;TimestampFormat=Cisco
;UseDialedNumber=1
;[StatusAcct]
;StartEvent=CALL|Start|%{caller-ip}:%{caller-port}|%{callee-ip}:%{callee-port}|%{CallId}
;StopEvent=CALL|Stop|%{caller-ip}:%{caller-port}|%{callee-ip}:%{callee-port}|%{CallId}
;UpdateEvent=CALL|Update|%{caller-ip}:%{caller-port}|%{callee-ip}:%{callee-port}|%{CallId}
;ConnectEvent=CALL|Connect|%{caller-ip}:%{caller-port}|%{callee-ip}:%{callee-port}|%{CallId}
;TimestampFormat=MySQL
;[SyslogAcct]
;StartEvent=CALL|Start|%{caller-ip}:%{caller-port}|%{callee-ip}:%{callee-port}|%{CallId}
;StopEvent=CALL|Stop|%{caller-ip}:%{caller-port}|%{callee-ip}:%{callee-port}|%{CallId}
;UpdateEvent=CALL|Update|%{caller-ip}:%{caller-port}|%{callee-ip}:%{callee-port}|%{CallId}
;ConnectEvent=CALL|Connect|%{caller-ip}:%{caller-port}|%{callee-ip}:%{callee-port}|%{CallId}
;TimestampFormat=MySQL
; Using EP::ALIAS sections you can specify per-endpoint configuration settings
;[EP::GW1]
;Capacity=10
;GatewayPriority=1
;GatewayPrefixes=0048,0049,0044
;PrefixCapacities=^0049:=10,^(0044|0045):=20
;CalledTypeOfNumber=1
;CallingTypeOfNumber=1
;Proxy=1
;TranslateReceivedQ931Cause=21:=34
;TranslateSentQ931Cause=21:=34
;DisableH46018=1
root@HDPassport1:/etc# clear
root@HDPassport1:/etc# cat gatekeeper.ini
;; Boolean values.
;; Boolean Values are retresented by a case insensitive string
;; - "t"..., "y"... or "1" for TRUE
;; - all other for FALSE
;; NOTE: This parameters may be loaded at program startup and not influenced by the HUP signal.
[Gatekeeper::Main]
;; 'config is present' indicator. Has to be 42.
Fortytwo=42
; Includes in some RAS-Msgs
Name=MagorH323GK
#CompareAliasType=0
#CompareAliasCase=0
; overwritten from command line parameter
;Home=192.168.217.79,216.13.45.141
;TraceLevel=2
;NetworkInterfaces=
;TimeToLive=600
;TotalBandwidth=100000
;StatusPort=7000
;StatusTraceLevel=2
;UseBroadcastListener=0
;;
;; Failover support
;;
;AlternateGKs=1.2.3.4:1719:false:120:OpenH323GK2
;SendTo=1.2.3.4:1719
;EndpointIDSuffix=_gk1
;SkipForwards=4.3.2.1
;RedirectGK=Calls > 50
;;
;; You should never need to change any of the following values.
;; They are mainly used for testing or very sophisticated applications.
;;
;UnicastRasPort=1719
;UseMulticastListener=1
;MulticastPort=1718
;MulticastGroup=224.0.1.41
;EndpointSignalPort=1720
;ListenQueueLength=1024
;TimestampFormat=RFC822
;[LogFile]
; hourly - once per hour
; daily - once per day,
; weekly - once per week,
; monthly - once per month
;Rotate=weekly
; For weekly rotation:
; Mon, Tue, Wed, Thu, Fri, Sat, Sun
; Monday, Tuesday, Wednesday, Thursday, Friday, Saturday, Sunday
; 1, 2, 3, 4, 5, 6, 0
;RotateDay=Sun
; For monthly rotation (31th of each month, or the last day of the month
; if it has less than 31 days)
; RotateDay=31
; For daily, weekly and monthly rotation (rotation will be performed at 4:00)
;RotateTime=4:00
; For hourly rotation (rotation will be performed at 0:59, 1:59, ...)
;RotateTime=59
[RoutedMode]
GKRouted=1
H245Routed=1
;RemoveH245AddressOnTunneling=0
;AcceptNeighborsCalls=1
AcceptUnregisteredCalls=1
SupportNATedEndpoints=1
SupportCallingNATedEndpoints=1
;DropCallsByReleaseComplete=1
CallSignalPort=1720
;CallSignalHandlerNumber=5
;RtpHandlerNumber=1
;RemoveCallOnDRQ=1
;SendReleaseCompleteOnDRQ=0
;ScreenDisplayIE=
;ScreenCallingPartyNumberIE=
;ScreenSourceAddress=
;ForwardOnFacility=1
;ShowForwarderNumber=1
Q931PortRange=20000-20999
H245PortRange=30000-30999
;SetupTimeout=8000
;SignalTimeout=15000
;AlertingTimeout=60000
TcpKeepAlive=1
;TranslateFacility=1
;SocketCleanupTimeout=5000
;ActivateFailover=1
;FailoverCauses=1-15,21-127
;CpsLimit=10
;CpsCheckInterval=5
;; Gatekeeper generated CallProceeding (experimental)
;GenerateCallProceeding=1
;UseProvisionalRespToH245Tunneling=1
;EnableH46018=1
[Proxy]
Enable=1
#InternalNetwork=192.168.216.0/22
ProxyAlways=1
T120PortRange=40000-40999
RTPPortRange=50000-59999
ProxyForNAT=1
ProxyForSameNAT=1
EnableRTPMute=1
[ModeSelection]
216.13.45.0/24=PROXY
192.168.217.0/24=PROXY
192.168.216.0/24=PROXY
[Endpoint]
;Gatekeeper=no
;Gatekeeper=auto
;Gatekeeper=210.58.112.188
;Type=Gateway
;H323ID=CitronProxy
;E164=18888600000
;Password=
;Prefix=18888600,1888890003
;TimeToLive=900
;RRQRetryInterval=10
;UnregisterOnReload=0
;NATRetryInterval=60
;NATKeepaliveInterval=86400
;Discovery=1
;GatekeeperIdentifier=ParentGKId
;UseAlternateGK=1
;EndpointIdentifier=ChildGKId
;Vendor=Cisco
[Endpoint::RewriteE164]
;188889000=9
;;
;; Prefixes of e164 numbers for gateways.
;; A dot (.) matches any digit, ! at the beginning disables the prefix
;; Separate list elements by one of " ,;\t".
;; @see RasTbl::addPrefixes
;; This parameters should consider a HUP signal.
[RasSrv::GWPrefixes]
;; Test-Gateways
; 195.71.226.162
;rossi-gt2=80,90
;rossi-gt2=0
; 195.71.226.165
;rossi-gt3=80,90
;rossi-gt3=05241,0521,5241,521
; 195.71.129.254
;ip400-v1=12
;ip400-wi1=0
[RasSrv::RRQFeatures]
;OverwriteEPOnSameAddress=1
AcceptEndpointIdentifier=0
;AcceptGatewayPrefixes=1
;IRQPollCount=0
#AliasTypeFilter=terminal;dialeddigits
#AliasTypeFilter=gateway;h323id
[RasSrv::ARQFeatures]
CallUnregisteredEndpoints=1
;ArjReasonRouteCallToGatekeeper=1
;RemoveTrailingChar=#
;RoundRobinGateways=1
;; Routing polices define how the message destination is located
;; and where the call is routed. Currently the following policies
;; are implemented:
;;
;; explicit (only ARQ,Setup,Facility)
;;
;; If destCallSignalAddress is specified by the message,
;; the call is routed to this address - aliases, prefixes,
;; parent, neighbors are not further checked.
;;
;; internal
;;
;; A local GK registration table is checked for matching alias.
;;
;; parent
;;
;; A parent gatekeeper (if this GK is registered as a child GK)
;; is queried with ARQ or LRQ.
;;
;; dns
;;
;; Routing request aliases are scanned for presence of 'name@domain'
;; alias types - if such an alias is found, domain part is removed
;; and the call is routed to the endpoint 'name' at domain:1720.
;;
;; vqueue (only ARQ)
;;
;; Destination alises are checked for match with a virtual queue name
;; (configure via CTI::Agents). If there is a match, RoutingRequest
;; is signalled and the call is routed to the destination specified
;; by some external application (like ACD).
;;
;; neighbor
;;
;; The gatekeeper neighbors are queries with LRQ for the destination
;; of this routing request.
;;
;; numberanalysis
;;
;; Check length of dialed numbers.
;;
;; enum
;;
;; Tries to find a call destination using ENUM service.
[RoutingPolicy]
;default=explicit,internal,parent,neighbor
default=explicit,internal
;[RoutingPolicy::OnARQ]
;h323_ID=vqueue,internal
;default=explicit,internal
;[RoutingPolicy::OnLRQ]
;0048=internal
;default=neighbor
;[RoutingPolicy::OnSetup]
;dialedDigits=internal,neighbor
;default=explicit,internal,parent,neighbor
;[RoutingPolicy::OnFacility]
;default=internal
[Routing::Explicit]
#216.13.45.141=192.168.217.80
[RewriteCLI]
#in:216.13.45.139=dno:6828=6828@192.168.217.80
[RasSrv::RRQAuth]
;; On a RRQ the h323-alias is queried from this section.
;; If there is an entry the endpoint is authenticated against the given rules.
;; If there is no entry the default action is performed. The default action
;; is to confirm the RRQ, unless the parameter "default=reject" is given.
;;
;; Notation:
;; <authrules> := empty | <authrule> "&" <authrules>
;; <authrule> := <authtype> ":" <authparams>
;; <authtype> := "sigaddr" | "sigip"
;; <autparams> := [!&]*
;; The notation and meaning of <authparams> depends on <authtype>:
;; - sigaddr: extended regular _expression_ that has to match agains the
;; "PrintOn(ostream)" representation of the signal address of the request.
;; Example: "sigaddr:.*ipAddress .* ip = .* c3 47 e2 a5 .*port = 1720.*"
;; - sigip: specialized form of "sigaddr". Write the signalling ip adresse
;; using (commonly used) decimal notation: "byteA.byteB.byteC.byteD:port"
;; Example of the above sigaddr: "sigip:195.71.226.165:1720"
;;
;; This parameters should consider a HUP signal.
;rossi-gt1=sigaddr:.*ipAddress .* ip = .* c3 47 e2 a2 .*port = 1720.*
;rossi-gt2=sigaddr:.*ipAddress .* ip = .* c3 47 e2 a5 .*port = 1720.*
;rossi-gt3=sigip:195.71.226.165:1720
;default=confirm
;; The parameter "rule" may be one of the following:
;; - "forbid" disallow any connection (default when no rule us given)
;; - "allow" allow any connection
;; - "explicit" reads the parameter ;"<ip>=<value>"; with ip is the ip4-address
;; if the peering client. ;<value>; is resolved with ;Toolkit::AsBool;. If the ip
;; is not listed the param "default" is used.
;; - "regex" the ;<ip>; of the client is matched against the given regular _expression_.
;; First the ip-rules (like "explicit") are tested. Olny of no such param exists
;; the regex is tried.
;; Example: "regex=^195\.71\.(129|131)\.[0-9]+$"
;; - "password" queries remote user for login/password combination and checks
;; it against username/password stored in this section. Passwords are encrypted
;; with addpasswd utility using KeyFilled encryption key. DelayReject defines
;; delay before reject is sent.
[GkStatus::Auth]
rule=allow
;rule=deny
;rule=explicit
;rule=regex
; - 195.71.129.*
; - 195.71.100.*
; - 62.52.26.[1-2][0-9][0-9]
;regex=^(195\.71\.(129|100)\.[0-9]+)|(62\.52\.26\.[1-2][0-9][0-9])$
; only used when "rule=explicit"
;default=forbid
;Shutdown=0
;KeyFilled=123
;DelayReject=5
;LoginTimeout=120
;;
;; Beside other things every number to rewrite has its
;; own key/value-line. The implemententation is such that
;; all numbers that shell be rewritten have to begin
;; with a common prefix given by 'Fastmatch'.
;;
;; Doc From the code:
;; // Do rewrite to ;newE164;. Append the suffix too.
;; // old: 01901234999
;; // 999 Suffix
;; // 0190 Fastmatch
;; // 01901234 prefix, Config-Rule: 01901234=0521321
;; // new: 0521321999
;;
;; The rewrite-numbers function take care of reloads/a HUP signal.
[RasSrv::RewriteE164]
;; Only if an e164 number begins with ;Fastmatch; the
;; the further rewriting is done. Only one #Fastmatch# can be given.
;Fastmatch=
;0190703100=052418088663
;01903142=0521178260
;5241908601903142=521178260
;7777.=.
;%%%%48=48
;; Neighbor gatekeepers are listed in this section. The list has the following
;; format:
;; GkId=GkProfile
;; where GkProfile can be one of:
;; GkProfile := "GnuGK" | "CiscoGK" | "ClarentGK" | "GlonetGK"
;; | <OldGk - old gnu gk format>
;;
;; Configuration settings for each neighbor are then stored in [Neighbor::GkId]
;; sections. One exception to this rule is OldGK neighbor type - the configuration
;; settings are then read directly from this section
[RasSrv::Neighbors]
;GK1=203.60.151.9:1719;02,003;gk1pass;false
;GK2=GnuGK
;GK3=CiscoGK
;GK4=203.60.151.10:1719;*
;; For compatibility with old GK 2.0 config type - neighbors of all other types
;; read their settings directly from their [Neighbor::GkId] sections
[RasSrv::LRQFeatures]
; how long to wait for LCF from neighbors (seconds)
;NeighborTimeout=2
; hop count to be set for LRQs generated by the gk and sent to this neighbor
; this also applies to LRQs being forwarded and which did not contain hop count
;ForwardHopCount=2
; whether to wait for LCF when forwarding LRQ or to just forward and forget
;ForwardResponse=0
; forwarding policy for this neighbor:
; never - do not forward LRQs received from this neighbor
; always - forward all LRQs with hop count > 1 or without hop count (the hop count
; is then set to ForwardHopCount for each neighbor)
; depends - forward only LRQs containing hop count > 1
;ForwardLRQ=never
;ForwardLRQ=always
;ForwardLRQ=depends
; whether forwarded LRQs from this neighbor should be accepted
;AcceptForwardedLRQ=1
; this setting applies only to OldGK neighbor types and is a global one
; if set to 1 has the same effect as ForwardLRQ=always would have
;AlwaysForwardLRQ=0
; allow LRQs from gatekeepers not listed as neighbors
;AcceptNonNeighborLRQ=0
; allow responding LCFs to be received from anywhere after sending LRQ
;AcceptNonNeighborLCF=0
;; Sample configuration for GK1 neighbor. It can be of
[Neighbor::GK1]
;GatekeeperIdentifier=GK1
;Host=203.60.151.5:1719
;Password=secret_not_encrypted
;Dynamic=0
;SendPrefixes=url_ID,email_ID
;SendPrefixes=02:=1,003:=2,0048
;SendPrefixes=*
;AcceptPrefixes=*
;AcceptPrefixes=0059,001
;AcceptPrefixes=h323_ID,dialedDigits
;ForwardHopCount=2
;AcceptForwardedLRQ=1
;ForwardResponse=0
;ForwardLRQ=always
;ForwardLRQ=never
;ForwardLRQ=0
;UseH46018=1
;;
;; In this section you can put endpoints that don't have RAS support
;; or that you don't want to be expired. The records will always
;; in GK's registration table.
;; However, You can still unregister it via status thread.
;;
;
; ip[:port]=alias,alias,...[;prefix,prefix,...]
;
[RasSrv::PermanentEndpoints]
; For gateway
;10.0.1.5=Citron;009,008
; For terminal
;10.0.1.10=798
#216.13.45.139=1000
192.168.217.80=6828
192.168.217.76=6869
;;
;; Authentication mechanism
;;
;; Syntax:
;; authrule=actions
;;
;; <authrule> := SimplePasswordAuth | AliasAuth | SQLAliasAuth
;; | SQLPasswordAuth | RadAuth | RadAliasAuth |...
;; <actions> := <control>[;<ras>|<q931>,<ras>|<q931>,...]
;; <control> := optional | required | sufficient
;; <ras> := GRQ | RRQ | URQ | ARQ | BRQ | DRQ | LRQ | IRQ
;; <q931> := Setup | SetupUnreg
;;
;; Currently supported modules:
;;
;; SimplePasswordAuth/SQLPasswordAuth
;;
;; The module checks the tokens or cryptoTokens
;; fields of RAS message. The tokens should contain
;; at least generalID and password. For cryptoTokens,
;; cryptoEPPwdHash tokens hashed by simple MD5 and
;; nestedcryptoToken tokens hashed by HMAC-SHA1-96
;; (libssl must be installed!) are supported now.
;; The ID and password are read from [SimplePasswordAuth] section
;; for SimplePasswordAuth or from an SQL database
;; for SQLPasswordAuth.
;;
;; AliasAuth/SQLAliasAuth
;;
;; The IP of an endpoint with given alias should
;; match a specified pattern. For AliasAuth the pattern
;; is defined in [RasSrv::RRQAuth] section. For SQLAliasAuth
;; the authentication condition strings are read
;; from an SQL database.
;;
;; PrefixAuth
;;
;; RRQ or ARQ requests can be checked for a specific
;; aliases combination, IP address or destination prefix.
;;
;; RadAuth/RadAliasAuth
;;
;; The H.235 username/password from RRQ/ARQ message
;; or endpoint alias/IP from RRQ/ARQ/Setup message
;; is used to authenticate an endpoint/a call using
;; RADIUS server.
;;
;; A rule may results in one of the three codes: ok, fail, pass.
;;
;; ok The request is authenticated by this module
;; fail The authentication fails and should be rejected
;; next The rule cannot determine the request
;;
;; There are also three ways to control a rule:
;;
;; optional If the rule cannot determine the request, it is passed
;; to next rule.
;; required The requests should be authenticated by this module,
;; or it would be rejected. The authenticated request would
;; then be passwd to next rule.
;; sufficient If the request is authenticated, it is accepted,
;; or it would be rejected. That is, the rule determines
;; the fate of the request. No rule should be put after
;; a sufficient rule, since it won't take effect.
;;
;; You can also configure a rule to check only for some particular RAS
;; messages. For example, to configure SimplePasswordAuth as a required
;; rule to check RRQ, ARQ and LRQ:
;; SimplePasswordAuth=required;RRQ,ARQ,LRQ
;
[Gatekeeper::Auth]
SimplePasswordAuth=optional
;AliasAuth=sufficient;RRQ
;RadAuth=required;RRQ,ARQ
;RadAliasAuth=required;SetupUnreg
;default=reject
default=allow
;;
;; Use 'make addpasswd' to generate the utility addpasswd
;; Usage:
;; addpasswd config userid password
;;
;[SimplePasswordAuth]
;KeyFilled=123
;CheckID=FALSE
;PasswordTimeout=0
;(id=cwhuang, password=123456)
;cwhuang=UGwUtpy837k=
;[SQLPasswordAuth]
;Driver=MySQL
;Host=localhost:1234
;Database=billing
;Username=gnugk
;Password=secret
;Table=customer
;Query=SELECT password FROM users WHEN alias = '%1'
;CacheTimeout=30
;MinPoolSize=5
;[SQLAliasAuth]
;Driver=PostgreSQL
;Host=localhost:1234
;Database=billing
;Username=gnugk
;Password=secret
;Table=customer
;Query=SELECT authcondition FROM users WHEN alias = '%1'
;CacheTimeout=30
;MinPoolSize=1
; Configuration section for RadAuth authenticator module
;[RadAuth]
;Servers=192.168.1.2:1645;123.123.123.2;radius1.mycompany.com
;LocalInterface=192.168.1.1
;RadiusPortRange=10000-11000
;DefaultAuthPort=1645
;SharedSecret=0wnd239eqhq!*kajw821osa
;RequestTimeout=2000
;IdCacheTimeout=9000
;SocketDeleteTimeout=60000
;RequestRetransmissions=2
;RoundRobinServers=1
;AppendCiscoAttributes=1
;IncludeTerminalAliases=1
;UseDialedNumber=1
; Configuration section for RadAuth authenticator module
;[RadAliasAuth]
;Servers=192.168.1.2:1645;123.123.123.2;radius1.mycompany.com
;LocalInterface=192.168.1.1
;RadiusPortRange=10000-11000
;DefaultAuthPort=1645
;SharedSecret=0wnd239eqhq!*kajw821osa
;RequestTimeout=2000
;IdCacheTimeout=9000
;SocketDeleteTimeout=60000
;RequestRetransmissions=2
;RoundRobinServers=1
;AppendCiscoAttributes=1
;IncludeTerminalAliases=1
;FixedUsername=
;FixedPassword=fixed_user_pwd
;UseDialedNumber=1
;[PrefixAuth]
;0048=deny !ipv4:192.168.1.0/255.255.255.0
;0033=allow alias:^777.*
;0049=deny ipv4:192.168.1.1 | allow ipv4:192.168.1.0/255.255.255
;ALL=allow ipv4:ALL
;default=deny
[CallTable]
;GenerateNBCDR=TRUE
;GenerateUCCDR=TRUE
;DefaultCallDurationLimit=21600
;AcctUpdateInterval=0
;TimestampFormat=RFC822
;IRRFrequency=120
;IRRCheck=FALSE
;SingleFailoverCDR=0
[H225toQ931]
;0=34 # noBandwidth
;1=47 # gatekeeperResources
;2=3 # unreachableDestination
;3=16 # destinationRejection
;4=88 # invalidRevision
;5=111 # noPermission
;6=38 # unreachableGatekeeper
;7=42 # gatewayResources
;8=28 # badFormatAddress
;9=41 # adaptiveBusy
;10=17 # inConf
;11=31 # undefinedReason
;12=16 # facilityCallDeflection
;13=31 # securityDenied
;14=20 # calledPartyNotRegistered
;15=31 # callerNotRegistered
;16=47 # newConnectionNeeded
;17=127 # nonStandardReason
;18=31 # replaceWithConferenceInvite
;19=31 # genericDataReason
;20=31 # neededFeatureNotSupported
;21=127 # tunnelledSignallingRejected
;;
;; Accounting mechanism
;;
;; Syntax:
;; acctmod=actions
;; ...
;;
;; <acctmod> := RadAcct | FileAcct | SQLAcct | ...
;; <actions> := <control>[;<event>,<event>,...]
;; <control> := optional | required | sufficient | alternative
;; <event> := start | stop | connect | update | on | off
;;
;; One special module is the "default" module - it can be used
;; to determine a final accounting status:
;;
;; default=<status>[;<event>,<event>]
;;
;; <status> := accept | reject
;; <event> := start | stop | connect | update | on | off
;;
;; Currently supported modules:
;;
;; RadAcct
;;
;; Provides accounting through RADIUS protocol.
;;
;; FileAcct
;;
;; Provides accounting to a plain text file using GK status line CDR format.
;;
;; SQLAcct
;;
;; Provides accounting directly to an SQL database.
;;
;; StatusAcct
;;
;; Logs accounting events on the status port.
;;
;; SyslogAcct
;;
;; Logs accounting events on the Unix syslog.
;;
;; default
;;
;; Determines the final status, if not already set by another module
;; (it can be helpful with optional or alternative actions).
;;
;; Processing of an accounting event by an accounting module may results
;; in one of the three codes: ok, fail, next.
;;
;; ok the accounting event has been succesfully processed (logged) by this module
;; fail the accounting event has not been logged by this module (due to failure)
;; next the accounting event has not been logged by this module,
;; either because the module does not support this event type
;; or the event type has not been configured to be processed
;;
;; There are also three ways to control how an accounting event is passed down
;; through a stack of modules:
;;
;; optional the module tries to log the accounting event. Success or
;; failure does not determine the final status for all modules
;; (except when the rule is the last one). The event is then
;; passed down to remaining modules.
;; required if the module fails to log the event, the final status is set
;; to failure. If the event is logged successfully, the final status
;; is determined by any remaining modules (except when the rule is the last one).
;; sufficient if the module logs the event successfully, remaining modules
;; are not processed and the final status is success. Otherwise
;; the final status is failure and the event is passed down
;; to any remaining modules.
;; alternative if the module logs the event successfully, remaining modules
;; are not processed and the final status is success. Otherwise
;; the final status is determined by any remaining modules.
;;
;; You can configure a module to log only some particular accounting events.
;; For example, to configure RadAcct as a required module to log call "start"
;; and "stop" events only, write:
;; RadAcct=required;start,stop
;;
;; Recognized accounting event types:
;;
;; start call start
;; stop call stop (disconnect)
;; connect call connected
;; update call update
;; on GK start
;; off GK stop
;;
[Gatekeeper::Acct]
;RadAcct=optional;start,stop,on,off
;FileAcct=sufficient;stop
; if the GK can't auto detect your NATed EP
; set it here
[NATedEndpoints]
;704=11.1.1.111
;705=allow
; settings for inbound call distribution with virtual queue
;[CTI::Agents]
;VirtualQueueAliases=CC
;VirtualQueuePrefixes=001,0044,0049
;VirtualQueueRegex=^(001|04)[0-9]*$
;RequestTimeout=10
; settings for status port command MakeCall
[CTI::MakeCall]
EndpointAlias=DialOut
TransferMethod=FacilityForward
UseH450=0
Interface=192.168.217.79:1722
Gatekeeper=192.168.217.79
DisableFastStart=1
DisableH245Tunneling=1
; Configuration section for RadAcct accounting module
; Currently supported accounting events:
; start,stop,update,on,off
;[RadAcct]
;Servers=192.168.1.2;radius1.mycompany.com
;LocalInterface=192.168.1.1
;RadiusPortRange=10000-11000
;DefaultAcctPort=1646
;SharedSecret=testing
;RequestTimeout=3500
;IdCacheTimeout=9000
;SocketDeleteTimeout=60000
;RequestRetransmissions=3
;RoundRobinServers=1
;AppendCiscoAttributes=1
;FixedUsername=
;TimestampFormat=Cisco
;UseDialedNumber=1
;[StatusAcct]
;StartEvent=CALL|Start|%{caller-ip}:%{caller-port}|%{callee-ip}:%{callee-port}|%{CallId}
;StopEvent=CALL|Stop|%{caller-ip}:%{caller-port}|%{callee-ip}:%{callee-port}|%{CallId}
;UpdateEvent=CALL|Update|%{caller-ip}:%{caller-port}|%{callee-ip}:%{callee-port}|%{CallId}
;ConnectEvent=CALL|Connect|%{caller-ip}:%{caller-port}|%{callee-ip}:%{callee-port}|%{CallId}
;TimestampFormat=MySQL
;[SyslogAcct]
;StartEvent=CALL|Start|%{caller-ip}:%{caller-port}|%{callee-ip}:%{callee-port}|%{CallId}
;StopEvent=CALL|Stop|%{caller-ip}:%{caller-port}|%{callee-ip}:%{callee-port}|%{CallId}
;UpdateEvent=CALL|Update|%{caller-ip}:%{caller-port}|%{callee-ip}:%{callee-port}|%{CallId}
;ConnectEvent=CALL|Connect|%{caller-ip}:%{caller-port}|%{callee-ip}:%{callee-port}|%{CallId}
;TimestampFormat=MySQL
; Using EP::ALIAS sections you can specify per-endpoint configuration settings
;[EP::GW1]
;Capacity=10
;GatewayPriority=1
;GatewayPrefixes=0048,0049,0044
;PrefixCapacities=^0049:=10,^(0044|0045):=20
;CalledTypeOfNumber=1
;CallingTypeOfNumber=1
;Proxy=1
;TranslateReceivedQ931Cause=21:=34
;TranslateSentQ931Cause=21:=34
;DisableH46018=1
A.J. Gillette Director Applications Engineering & IT Fred.Gillette@xxxxxxxxxxxxx North America toll free: 1 877 888-5468 T: +1 613 686-1731 ext. 5508 
Magor Communications 350 Terry Fox Drive, Suite 300 Ottawa, Ontario Canada K2K 2W5 http://www.magorcorp.com |
------------------------------------------------------------------------------ AppSumo Presents a FREE Video for the SourceForge Community by Eric Ries, the creator of the Lean Startup Methodology on "Lean Startup Secrets Revealed." This video shows you how to validate your ideas, optimize your ideas and identify your business strategy. http://p.sf.net/sfu/appsumosfdev2dev
_______________________________________________________ Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users Homepage: http://www.gnugk.org/
