I do enjoy working with NAT. I just wouldn't make things more difficult than they need to be. Jan Robert Edeker wrote: > Thank you Jan, I appreciate it. Was curious on the cached registrations, > but is not a big deal. I saw the reload command in the status port, but > didn't know about sending a HUP. That should help. > > On NAT, you don't think it's fun dealing with that mess? :) > > I tried some additional forwarding of the H245 and Q931 narrow port ranges, > but nothing was consistent. I think that part is moot anyway since the > Fortigate was automatically opening them on-demand. (tcp/1720,1503 and > udp/1719 are the only ones statically forwarded) > > Q931PortRange =30011-30020 > H245PortRange =30000-30010 > > I'll keep testing and see how that goes. > > On Tue, May 19, 2015 at 2:02 PM Jan Willamowius <jan@xxxxxxxxxxxxxx> wrote: > > > Hi Robert, > > > > GnuGk does not cache registrations. Endpoints are only available after > > they have actively registered and thats intended. > > You can make endpoints available independently from their registration. > > GnuGk calls that feature 'permanent endpoints'. > > > > But this is really is a non-issue, because you can make virtually all > > configuration changes without restarting GnuGk - you simply reload the > > configuration (either via the status port, thats what the GUI does when > > you click 'Apply' or by sending the Unix process a HUP signal). > > > > Running Gnugk inside a VM is fine. Just make sure it has enough CPU > > power so the VM doesn't introduce additional latency when it proxies your > > RTP media streams. > > > > > > Running any H.323 device behind a NAT is very tricky. Look at the > > configuration for your V2IU: It has direct connectivity to the internet > > (it _is_ the firewall). You can do exactly that with GnuGk, too and it > > will work fine. > > > > If you want to use a dedicated firewall, put GnuGk _outside_ the > > firewall, no need to open any ports and let the H.460 NAT traversal > > protocols handle all the tunneling issues. > > > > GnuGk also supports running behind firewalls and NAT using port > > forwarding etc., but its hard to get right. These setups tend to work > > a little right from the start and fail in strange not until you get it > > right. I configure such configurations when I get paid, but not for > > fun. ;-) > > > > Regards, > > Jan > > > > -- > > Jan Willamowius, Founder of the GNU Gatekeeper Project > > EMail : jan@xxxxxxxxxxxxxx > > Website: http://www.gnugk.org > > Support: http://www.willamowius.com/gnugk-support.html > > > > Relaxed Communications GmbH > > Frahmredder 91 > > 22393 Hamburg > > Geschäftsführer: Jan Willamowius > > HRB 125261 (Amtsgericht Hamburg) > > USt-IdNr: DE286003584 > > > > > > Robert Edeker wrote: > > > Hello, > > > > > > First off it's been great to find a project like this, am hoping this > > will > > > assist us in enhancing our video connectivity. > > > > > > While I realize that placing the GK behind a firewall is not ideal that's > > > what I'm looking to do at this time to reduce other infrastructure > > changes > > > and allow us to use our fiber connection. Below is where I'm at which is > > > basically working well except for calls from Polycom CMA Desktop devices. > > > > > > Our other goal is to possibly replace an old V2IU or have GNUGK as a > > > neighbor gatekeeper for redundancy. (neighbor dialing from gnugk to v2iu > > is > > > working great, but not the other way around) > > > > > > Before the network part, some unrelated questions: > > > > > > 1) Does gnugk save/cache registrations? Say I restart the server and > > > someone calls before the endpoint re-registers. (TTL is 300, but still) > > > > > > 2) Any concerns using this on a VM? testing with 3.5.0 on a ubuntu VM. > > > Plan to upgrade to 3.8.0 soon. We only have about 15 endpoints and most > > of > > > the calls are to external entities. Maybe 3-4 concurrent calls are > > > average, but this is becoming an issue with the V2IU bandwidth especially > > > as we use video more. > > > > > > ////////////////////// > > > // Network > > > /////////////////////// > > > Current: > > > T1/Cable Internet ---- V2IU WAN (embedded gatekeeper) --- LAN ---- > > Polycom > > > HDX endpoints > > > > > > We've outgrown the T1, cable isn't reliable all the time and we're > > bumping > > > up on a 3Mbps throttle that the V2IU is enforcing. > > > > > > New/Testing: > > > Fiber Internet ---- Fortigate Firewall ---- VIP (Destination NAT) --- LAN > > > V2IU or GNUGK ---- Polycom HDX > > > Outbound from HDX's or GNUGK NAT's with the public VIP we're using. > > > > > > I've setup the VIP policies on the Fortigate with h323 and ras session > > > helpers to dynamically open the pinhole ports needed. > > > > > > This works with both the V2IU and GNUGK when calling in from most > > devices. > > > (Other HDX's, Lifesize, etc..) When calling from CMA I keep getting > > Q931 > > > errors on both. I suppose this points to something on the firewall, > > though > > > it seems I'll have more options with gnugk. Am not sure what to try > > next. > > > > > > Sample call output is below. I've been through various iterations of > > > settings without any success. At the moment it's basically just > > > GKRouted=1. h245Routed, proxy mode and all kinds of port settings have > > > been tried as well. > > > > > > ProxyChannel.cxx(1723) Q931s Received: Setup CRV=10425 from > > > EXTERNAL.CMA-IP:14712 > > > singleton.cxx(24) Create instance: PreliminaryCallTable(9) > > > RasTbl.cxx(4640) CallTable::Insert(CALL) Call No. 1, total > > sessions > > > : 1 > > > gkacct.cxx(964) GKACCT Successfully logged event 1 for call no. > > 1 > > > ProxyChannel.cxx(4606) Q931s Call 1 is NAT type 0 > > > ProxyChannel.cxx(1519) Call 1: h245Routed=0 proxy=0 > > > ProxyChannel.cxx(7389) Q931d Could not open/connect Q.931 socket at > > > GNUGK.LAN.IP:0 - error 9/110: Connection timed out > > > ProxyChannel.cxx(6997) Q931 EXTERNAL.FIBER.IP:1720 DIDN'T ACCEPT THE > > > CALL > > > RasTbl.cxx(5114) CDR ignore not connected call > > > gkacct.cxx(964) GKACCT Successfully logged event 2 for call no. > > 1 > > > yasocket.cxx(821) Q931d Delete socket EXTERNAL.FIBER.IP:1720 > > > yasocket.cxx(821) Q931s Delete socket EXTERNAL.CMA-IP:14712 > > > RasTbl.cxx(2667) Gk Delete Call No. 1 > > > > > > > > > Thank You, ------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y _______________________________________________________ Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users Homepage: http://www.gnugk.org/