Re: GnuGK 2 Endpoints behind NAT

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello Jan,

i did turn on H460 in both endpoints. I don't think my firewall does H323 rewriting, I'm using pfsense for now, and I've added a pass in/out all rule for both endpoints, so this should not be a problem. I removed the ReplyToRasAddress from my config, but it does not have any effect. Only one system can call the bridge, the other always gets a "disconnect".
Do you ave any other hints for me to solve my little problem?

Regards,
Jürgen

-----Ursprüngliche Nachricht-----
Von: Jan Willamowius [mailto:jan@xxxxxxxxxxxxxx] 
Gesendet: Freitag, 8. April 2016 12:32
An: openh323gk-users@xxxxxxxxxxxxxxxxxxxxx
Betreff: Re:  GnuGK 2 Endpoints behind NAT

Hi,

that configuration sounds good and should work find with multiple endpoints calling out.

I'm a bit suprised to see [ReplyToRasAddress] section in your config.

Did you remember to turn on H.460 in both endpoints ?

Does your firewall do any H.323 rewriting ? If so, turn it off.

Regards,
Jan

--
Jan Willamowius, Founder of the GNU Gatekeeper Project EMail  : jan@xxxxxxxxxxxxxx
Website: http://www.gnugk.org
Support: http://www.willamowius.com/gnugk-support.html

Relaxed Communications GmbH
Frahmredder 91
22393 Hamburg
Geschäftsführer: Jan Willamowius
HRB 125261 (Amtsgericht Hamburg)
USt-IdNr: DE286003584


Jürgen Wendler wrote:
> Hello Jan,
> 
> thanks for your answer.
> I think i did not describe it with enough details:
> 
> My Network is like the following:
> 
> 2 dedicated Videoconferencing Systems in my LAN with a private IP 
> (192.168.88.x) behind one Router with only one public IP Address (79.142.35.177) I have an gnugk instance installed infront of my Firewall. The dedicated systems register themselves without any Problems on the gnugk.
> Then I try to call a public MCU bridge with a public IP. The first system from which I call the MCU is able to connect, no matter which system I use. The second system is not able to connect, it get a "disconnect" and can't connect to the MCU.
> As you now, my gnugk configuration is very basic, so I think I am missing some points to make it happen that 2 systems in on LAN can connect through one public IP on a public MCU.
> I hope you understood my network now. Are there any config Options which I should use to make it work?
> 
> Best Regards,
> Jürgen
> 
> -----Ursprüngliche Nachricht-----
> Von: Jan Willamowius [mailto:jan@xxxxxxxxxxxxxx]
> Gesendet: Donnerstag, 7. April 2016 16:57
> An: openh323gk-users@xxxxxxxxxxxxxxxxxxxxx
> Betreff: Re:  GnuGK 2 Endpoints behind NAT
> 
> Hi Jürgen,
> 
> you don't need more than 1 public IP if you have multiple endpoints.
> But your description sounds like you have placed your GnuGk inside your firewall / NAT and thats not a good place for it. It seems like sheer luck that one of your endpoints works.
> 
> The best place for GnuGk is outside your firewall. Then all your endpoints can live on private IPs and use H.460 NAT traversal to connect to GnuGk can dial out or be called from the internet.
> 
> The other option is to configure port forwarding between your router with the public IP and GnuGk. But it is much more error prone and I generally don't recommend it.
> 
> Regards,
> Jan
> 
> --
> Jan Willamowius, Founder of the GNU Gatekeeper Project EMail  : 
> jan@xxxxxxxxxxxxxx
> Website: http://www.gnugk.org
> Support: http://www.willamowius.com/gnugk-support.html
> 
> Relaxed Communications GmbH
> Frahmredder 91
> 22393 Hamburg
> Geschäftsführer: Jan Willamowius
> HRB 125261 (Amtsgericht Hamburg)
> USt-IdNr: DE286003584
> 
> 
> Jürgen Wendler wrote:
> > Greetings,
> > 
> > i have a simple quick question which i can't figure out myself:
> > 
> > I have a small private network which has one Router and only one 
> > public IP from my ISP. In this very small network I have 2 videoconferencing systems from sony (xg80 and xg100). Both are connected to the gnugk, I've setup no authentication (not on gnugk side or on sony side) When I call a MCU outside my network through the gnugk from one of both systems (doesn't matter which system) I get connected. When I call with second system afterwards, I can't get connected.
> > Now my question:
> > Is it possible to have 2 or more systems behind a router with only one public IP and let them connect to a MCU (Tandberg, cisco e.g.) or do I need a second public IP?
> > 
> > Here is my very basic config for gnugk:
> > 
> > [Gatekeeper::Main]
> > Name=VisionGatekeeper
> > EndpointIDSuffix=_vision7639288
> > 
> > [GkStatus::Auth]
> > rule=password
> > admin=UZdh380=8
> > 
> > [RoutedMode]
> > GKRouted=1
> > H245Routed=1
> > CallSignalPort=1721
> > AcceptUnregisteredCalls=1
> > RemoveH245AddressOnTunneling=0
> > RemoveH245AddressFromSetup=0
> > SupportNATedEndpoints=1
> > TreatUnregisteredNAT=1
> > GenerateCallProceeding=1
> > EnableH46018=1
> > AlwaysRewriteSourceCallSignalAddress=1
> > 
> > [Proxy]
> > Enable=1
> > ProxyAlways=1
> > 
> > [ReplyToRasAddress]
> > 79.142.35.0/24=True
> > 
> > My Public IP is: 79.142.35.177
> > 
> > Here is the log snippet that is needed I think....or do I have to configure something else on gnugk?
> > 
> > 2016/04/06 10:27:49.491 1             RasSrv.cxx(393)   RAS     ARQ Received from 79.142.35.177:29620
> > 2016/04/06 10:27:49.491 3             RasSrv.cxx(3120)  Reply to saved rasAddress:79.142.35.177:29620
> > 2016/04/06 10:27:49.491 3             RasSrv.cxx(3396)  GK      ACF will grant bandwidth of 20480
> > 2016/04/06 10:27:49.492 2             RasTbl.cxx(4746)  CallTable::Insert(CALL) Call No. 1, total sessions : 1
> > 2016/04/06 10:27:49.492 2             RasSrv.cxx(446)   ACF|79.142.35.177:29620|3873891045_vision7639288|23091|511:dialedDigits|3873891045_vision7639288:h323_ID|false|30-40-de-6c-20-01-00-1f-24-08-a1-c6-87-b4-dd-53|ToBeDecided;
> > 2016/04/06 10:27:49.492 3             RasSrv.cxx(266)   RAS     Send to 79.142.35.177:29620
> > 
> > 2016/04/06 10:27:49.558 3       ProxyChannel.cxx(1878)  Q931s   Received: Setup CRV=23091 from 79.142.35.177:57347
> > 2016/04/06 10:27:49.559 2             gkacct.cxx(965)   GKACCT  Successfully logged event 1 for call no. 1
> > 2016/04/06 10:27:49.559 3       ProxyChannel.cxx(4811)  GK      Call 1 proxy enabled (H.460.18/.19)
> > 2016/04/06 10:27:49.560 3       ProxyChannel.cxx(5155)  Q931s   Call 1 is NAT type 1
> > 2016/04/06 10:27:49.560 3       ProxyChannel.cxx(1592)  GK      Call 1 proxy enabled. (ProxyAlways)
> > 2016/04/06 10:27:49.560 1       ProxyChannel.cxx(1634)  Call 1: h245Routed=1 proxy=1
> > 2016/04/06 10:27:49.560 3       ProxyChannel.cxx(1672)  GK      Call 1 proxy enabled
> > 2016/04/06 10:27:49.562 3       ProxyChannel.cxx(8093)  Q931    Connect to 79.142.32.144:1720 from 79.142.32.168:0 successful
> > 2016/04/06 10:27:49.708 3       ProxyChannel.cxx(1878)  Q931d   Received: Alerting CRV=23091 from 79.142.32.144:1720
> > 2016/04/06 10:27:49.708 2             gkacct.cxx(965)   GKACCT  Successfully logged event 64 for call no. 1
> > 2016/04/06 10:27:49.717 3       ProxyChannel.cxx(1878)  Q931d   Received: Connect CRV=23091 from 79.142.32.144:1720
> > 2016/04/06 10:27:49.718 2             gkacct.cxx(965)   GKACCT  Successfully logged event 32 for call no. 1
> > 2016/04/06 10:27:49.718 3       ProxyChannel.cxx(8896)  H245    Set h245Address to 79.142.32.168:59676
> > 2016/04/06 10:27:49.790 3       ProxyChannel.cxx(8776)  H245    Connected from 79.142.35.177:22833 on 79.142.32.168:59676
> > 2016/04/06 10:27:49.791 3       ProxyChannel.cxx(8809)  H245    Connect to 79.142.32.144:5601 from 79.142.32.168:0 successful
> > 2016/04/06 10:27:49.793 2             RasSrv.cxx(177)   RAS     Read from 79.142.35.177:29620
> > 
> > 2016/04/06 10:27:49.793 1             RasSrv.cxx(393)   RAS     BRQ Received from 79.142.35.177:29620
> > 2016/04/06 10:27:49.793 3             RasSrv.cxx(3787)  Reply to saved rasAddress:79.142.35.177:29620
> > 2016/04/06 10:27:49.793 2             RasSrv.cxx(446)   BCF|79.142.35.177|3873891045_vision7639288|20480;
> > 2016/04/06 10:27:49.793 3             RasSrv.cxx(266)   RAS     Send to 79.142.35.177:29620
> > 
> > 
> > 2016/04/06 10:28:03.652 1             RasSrv.cxx(393)   RAS     ARQ Received from 79.142.35.177:9101
> > 2016/04/06 10:28:03.653 3             RasSrv.cxx(3120)  Reply to saved rasAddress:79.142.35.177:9101
> > 2016/04/06 10:28:03.653 3             RasSrv.cxx(3396)  GK      ACF will grant bandwidth of 20480
> > 2016/04/06 10:28:03.653 2             RasTbl.cxx(4746)  CallTable::Insert(CALL) Call No. 2, total sessions : 2
> > 2016/04/06 10:28:03.654 2             RasSrv.cxx(446)   ACF|79.142.35.177:9101|3142736620_vision7639288|3696|511:dialedDigits|3142736620_vision7639288:h323_ID|false|f5-7a-31-dc-3c-05-00-1f-05-17-04-ed-22-b3-70-e9|ToBeDecided;
> > 2016/04/06 10:28:03.654 3             RasSrv.cxx(266)   RAS     Send to 79.142.35.177:9101
> > 
> > 
> > 2016/04/06 10:28:07.659 1             RasSrv.cxx(393)   RAS     ARQ Received from 79.142.35.177:9101
> > 2016/04/06 10:28:07.659 3             RasSrv.cxx(3120)  Reply to saved rasAddress:79.142.35.177:9101
> > 2016/04/06 10:28:07.660 3             RasSrv.cxx(3396)  GK      ACF will grant bandwidth of 20480
> > 2016/04/06 10:28:07.660 3             RasSrv.cxx(3440)  GK      ACF: found existing call no 2
> > 2016/04/06 10:28:07.660 2             RasSrv.cxx(446)   ACF|79.142.35.177:9101|3142736620_vision7639288|3696|511:dialedDigits|3142736620_vision7639288:h323_ID|false|f5-7a-31-dc-3c-05-00-1f-05-17-04-ed-22-b3-70-e9| ;
> > 2016/04/06 10:28:07.660 3             RasSrv.cxx(266)   RAS     Send to 79.142.35.177:9101
> > 
> > Can anyone point me to the right direction or give me a hint where I need to look for?
> > 
> > Thanks in advance
> > 
> > Jürgen

------------------------------------------------------------------------------
_______________________________________________________

Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx
Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users
Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users
Homepage: http://www.gnugk.org/

------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial! http://pubads.g.doubleclick.net/
gampad/clk?id=1444514301&iu=/ca-pub-7940484522588532
_______________________________________________________

Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx
Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users
Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users
Homepage: http://www.gnugk.org/




[Index of Archives]     [SIP]     [Open H.323]     [Gnu Gatekeeper]     [Asterisk PBX]     [ISDN Cause Codes]     [Yosemite News]

  Powered by Linux