Hi Jan,
Thank you for your advice, but this really knocks me down.
How the hell would we receive calls from outside without port forwarding to our GnuGK or directly to one of the endpoints (we don't have enough public IPs to expose endpoints or a GK to the Internet)?
From what I've heard from some IT guys with whom we had to talk and test VCs, they were using endpoints directly connected to the Internet and if you can afford that, isn't this a security concern? From what I've seen in our SX20 they have a lot of services running and possibly some vulnerabilities.
By the way, do you have anymore tips regarding my questions and also David comments?
Cheers,
Joao
On Tue, Jun 25, 2013 at 12:37 PM, Jan Willamowius <jan@xxxxxxxxxxxxxx> wrote:
Hi,
I just want to quickly warn anybody to rely on port forwarding for any
production setup.
Yes, in principle it is possible to configure port forwarding
correctly, but is one of the hardest things you can attempt in H.323
configurations and its one of the most common errors I see supporting
clients. In this day and age where traversal protocols are widely
available there really is no need to try something that hard.
Use NAT traversal protocols (H.460.18/.19).
Regards,
Jan
Joao Alexandre wrote:
> Hi David,
>
> Thank you very much for your quick response.
>
> > One GK per site enables you to be able to place phone
> > calls within one site, even if the VPN is down.
>
> This makes sense, specially in the cases where the VPN doesn't depend on
> Internet access or where we have more than one endpoint.
>
> >The next questions would be, how exactly shall a "NUMBER@IP" be resolved
> >if one of your external partners calls in, or you're calling out to them
> >(i.e. RAS/LRQ or no RAS)? Can you dial IP addresses on your phone? Or
> >would you have to adjust your dial-plan to enable outgoing dialling?
>
> By the way, our endpoints are Cisco SX20 and Sony PCG-50 , so we can dial
> NUMBER@IP and IP#NUMBER respectively. We've also 1 LifeTime Passport.
>
> Where does or doesn't the neighbor feature fits in?
>
> Right now in production we've only one GnuGK(Debian, 3.3), nated with port
> forwarding, and all the endpoint registered with it. We can dial outside
> from any endpoint (most of the time) but receiving calls from the outside
> doesn't work most of the time.
>
> I've done some tests with 2 GnuGK (3.3) with neighbor configuration, I
> could receive calls (using for test a PC with Polycom PVX) either on both
> GK using NUMBER@GatewayIP (wether the endpoints were registered on anyone
> of the GKs), could dial outside to an IP, but when I tried to dial inside
> out to NUMBER@IP it fails saying calledPartyNotRegistered.
>
> >From your comments, I think that the best for us would be 2 GnuGK (acting
> as gatekeeper and gateway, nated with port forwarding) at our two main
> sites, wether they should be configured as neighbors depends on my ability
> to make them work.
>
> Thanks again.
>
> Regards,
>
> Joao
--
Jan Willamowius, jan@xxxxxxxxxxxxxx, http://www.gnugk.org/
------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:
Build for Windows Store.
http://p.sf.net/sfu/windows-dev2dev
_______________________________________________________
Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx
Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users
Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users
Homepage: http://www.gnugk.org/
------------------------------------------------------------------------------ This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev
_______________________________________________________ Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users Homepage: http://www.gnugk.org/
