Here is a small overview whats new in H.235 password authentication in GnuGk 4.0: Until now, GnuGk only supported MD5 password tokens well. The password only secured RRQ and ARQ messages in the direction from the endpoint to the gatekeeper and MD5 is considered a pretty weak algorithm. MD5 tokens are widely supported by vendors and are usually called "H.235", but strictly speaking they aren't part of any ITU spec. The new implementation in GnuGk closely follows the H.235.1 specification. It secures all RAS (RRQ, ARQ, BRQ, DRQ etc.) and all Q.931 (Setup, Alerting etc.) messages. It also secures both directions, so the gatekeeper can check every message if it is really from the endpoint and also the endpoint can make sure its really talking to its gatekeeper. The interpretation of H.235.1 varies between vendors (or their implementation is just buggy, your call). Thats why GnuGk defaults to rather strict checks, but has configuration switches ([H235] config section) to enable interoperability with vendor implementations. During development I ran tests with AudioCodes, Polycom, Inovaphone and H323Plus endpoints. For example if you are using a AudioCodes gateway, you should set [Gatekeeper::Auth] SimplePasswordAuth=required;RRQ,ARQ,DRQ,RAI,Setup,Alerting,Connect,ReleaseComplete,Facility [H235] UseEndpointIdentifier=1 RequireH2351GeneralID=0 FullQ931Checking=1 You can even tighten security with CheckID=1 in [SimplePasswordAuth]. The purpose of this beta release is to get feedback how the new implementation works with other vendors. So please test and let me know! http://www.gnugk.org/gnugk-4.0-beta.html Regards, Jan -- Jan Willamowius, Founder of the GNU Gatekeeper Project EMail : jan@xxxxxxxxxxxxxx Website: http://www.gnugk.org Support: http://www.willamowius.com/gnugk-support.html Relaxed Communications GmbH Frahmredder 91 22393 Hamburg Geschäftsführer: Jan Willamowius HRB 125261 (Amtsgericht Hamburg) USt-IdNr: DE286003584 ------------------------------------------------------------------------------ _______________________________________________________ Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users Homepage: http://www.gnugk.org/
