Hello Jan, i did turn on H460 in both endpoints. I don't think my firewall does H323 rewriting, I'm using pfsense for now, and I've added a pass in/out all rule for both endpoints, so this should not be a problem. I removed the ReplyToRasAddress from my config, but it does not have any effect. Only one system can call the bridge, the other always gets a "disconnect". Do you ave any other hints for me to solve my little problem? Regards, Jürgen -----Ursprüngliche Nachricht----- Von: Jan Willamowius [mailto:jan@xxxxxxxxxxxxxx] Gesendet: Freitag, 8. April 2016 12:32 An: openh323gk-users@xxxxxxxxxxxxxxxxxxxxx Betreff: Re: GnuGK 2 Endpoints behind NAT Hi, that configuration sounds good and should work find with multiple endpoints calling out. I'm a bit suprised to see [ReplyToRasAddress] section in your config. Did you remember to turn on H.460 in both endpoints ? Does your firewall do any H.323 rewriting ? If so, turn it off. Regards, Jan -- Jan Willamowius, Founder of the GNU Gatekeeper Project EMail : jan@xxxxxxxxxxxxxx Website: http://www.gnugk.org Support: http://www.willamowius.com/gnugk-support.html Relaxed Communications GmbH Frahmredder 91 22393 Hamburg Geschäftsführer: Jan Willamowius HRB 125261 (Amtsgericht Hamburg) USt-IdNr: DE286003584 Jürgen Wendler wrote: > Hello Jan, > > thanks for your answer. > I think i did not describe it with enough details: > > My Network is like the following: > > 2 dedicated Videoconferencing Systems in my LAN with a private IP > (192.168.88.x) behind one Router with only one public IP Address (79.142.35.177) I have an gnugk instance installed infront of my Firewall. The dedicated systems register themselves without any Problems on the gnugk. > Then I try to call a public MCU bridge with a public IP. The first system from which I call the MCU is able to connect, no matter which system I use. The second system is not able to connect, it get a "disconnect" and can't connect to the MCU. > As you now, my gnugk configuration is very basic, so I think I am missing some points to make it happen that 2 systems in on LAN can connect through one public IP on a public MCU. > I hope you understood my network now. Are there any config Options which I should use to make it work? > > Best Regards, > Jürgen > > -----Ursprüngliche Nachricht----- > Von: Jan Willamowius [mailto:jan@xxxxxxxxxxxxxx] > Gesendet: Donnerstag, 7. April 2016 16:57 > An: openh323gk-users@xxxxxxxxxxxxxxxxxxxxx > Betreff: Re: GnuGK 2 Endpoints behind NAT > > Hi Jürgen, > > you don't need more than 1 public IP if you have multiple endpoints. > But your description sounds like you have placed your GnuGk inside your firewall / NAT and thats not a good place for it. It seems like sheer luck that one of your endpoints works. > > The best place for GnuGk is outside your firewall. Then all your endpoints can live on private IPs and use H.460 NAT traversal to connect to GnuGk can dial out or be called from the internet. > > The other option is to configure port forwarding between your router with the public IP and GnuGk. But it is much more error prone and I generally don't recommend it. > > Regards, > Jan > > -- > Jan Willamowius, Founder of the GNU Gatekeeper Project EMail : > jan@xxxxxxxxxxxxxx > Website: http://www.gnugk.org > Support: http://www.willamowius.com/gnugk-support.html > > Relaxed Communications GmbH > Frahmredder 91 > 22393 Hamburg > Geschäftsführer: Jan Willamowius > HRB 125261 (Amtsgericht Hamburg) > USt-IdNr: DE286003584 > > > Jürgen Wendler wrote: > > Greetings, > > > > i have a simple quick question which i can't figure out myself: > > > > I have a small private network which has one Router and only one > > public IP from my ISP. In this very small network I have 2 videoconferencing systems from sony (xg80 and xg100). Both are connected to the gnugk, I've setup no authentication (not on gnugk side or on sony side) When I call a MCU outside my network through the gnugk from one of both systems (doesn't matter which system) I get connected. When I call with second system afterwards, I can't get connected. > > Now my question: > > Is it possible to have 2 or more systems behind a router with only one public IP and let them connect to a MCU (Tandberg, cisco e.g.) or do I need a second public IP? > > > > Here is my very basic config for gnugk: > > > > [Gatekeeper::Main] > > Name=VisionGatekeeper > > EndpointIDSuffix=_vision7639288 > > > > [GkStatus::Auth] > > rule=password > > admin=UZdh380=8 > > > > [RoutedMode] > > GKRouted=1 > > H245Routed=1 > > CallSignalPort=1721 > > AcceptUnregisteredCalls=1 > > RemoveH245AddressOnTunneling=0 > > RemoveH245AddressFromSetup=0 > > SupportNATedEndpoints=1 > > TreatUnregisteredNAT=1 > > GenerateCallProceeding=1 > > EnableH46018=1 > > AlwaysRewriteSourceCallSignalAddress=1 > > > > [Proxy] > > Enable=1 > > ProxyAlways=1 > > > > [ReplyToRasAddress] > > 79.142.35.0/24=True > > > > My Public IP is: 79.142.35.177 > > > > Here is the log snippet that is needed I think....or do I have to configure something else on gnugk? > > > > 2016/04/06 10:27:49.491 1 RasSrv.cxx(393) RAS ARQ Received from 79.142.35.177:29620 > > 2016/04/06 10:27:49.491 3 RasSrv.cxx(3120) Reply to saved rasAddress:79.142.35.177:29620 > > 2016/04/06 10:27:49.491 3 RasSrv.cxx(3396) GK ACF will grant bandwidth of 20480 > > 2016/04/06 10:27:49.492 2 RasTbl.cxx(4746) CallTable::Insert(CALL) Call No. 1, total sessions : 1 > > 2016/04/06 10:27:49.492 2 RasSrv.cxx(446) ACF|79.142.35.177:29620|3873891045_vision7639288|23091|511:dialedDigits|3873891045_vision7639288:h323_ID|false|30-40-de-6c-20-01-00-1f-24-08-a1-c6-87-b4-dd-53|ToBeDecided; > > 2016/04/06 10:27:49.492 3 RasSrv.cxx(266) RAS Send to 79.142.35.177:29620 > > > > 2016/04/06 10:27:49.558 3 ProxyChannel.cxx(1878) Q931s Received: Setup CRV=23091 from 79.142.35.177:57347 > > 2016/04/06 10:27:49.559 2 gkacct.cxx(965) GKACCT Successfully logged event 1 for call no. 1 > > 2016/04/06 10:27:49.559 3 ProxyChannel.cxx(4811) GK Call 1 proxy enabled (H.460.18/.19) > > 2016/04/06 10:27:49.560 3 ProxyChannel.cxx(5155) Q931s Call 1 is NAT type 1 > > 2016/04/06 10:27:49.560 3 ProxyChannel.cxx(1592) GK Call 1 proxy enabled. (ProxyAlways) > > 2016/04/06 10:27:49.560 1 ProxyChannel.cxx(1634) Call 1: h245Routed=1 proxy=1 > > 2016/04/06 10:27:49.560 3 ProxyChannel.cxx(1672) GK Call 1 proxy enabled > > 2016/04/06 10:27:49.562 3 ProxyChannel.cxx(8093) Q931 Connect to 79.142.32.144:1720 from 79.142.32.168:0 successful > > 2016/04/06 10:27:49.708 3 ProxyChannel.cxx(1878) Q931d Received: Alerting CRV=23091 from 79.142.32.144:1720 > > 2016/04/06 10:27:49.708 2 gkacct.cxx(965) GKACCT Successfully logged event 64 for call no. 1 > > 2016/04/06 10:27:49.717 3 ProxyChannel.cxx(1878) Q931d Received: Connect CRV=23091 from 79.142.32.144:1720 > > 2016/04/06 10:27:49.718 2 gkacct.cxx(965) GKACCT Successfully logged event 32 for call no. 1 > > 2016/04/06 10:27:49.718 3 ProxyChannel.cxx(8896) H245 Set h245Address to 79.142.32.168:59676 > > 2016/04/06 10:27:49.790 3 ProxyChannel.cxx(8776) H245 Connected from 79.142.35.177:22833 on 79.142.32.168:59676 > > 2016/04/06 10:27:49.791 3 ProxyChannel.cxx(8809) H245 Connect to 79.142.32.144:5601 from 79.142.32.168:0 successful > > 2016/04/06 10:27:49.793 2 RasSrv.cxx(177) RAS Read from 79.142.35.177:29620 > > > > 2016/04/06 10:27:49.793 1 RasSrv.cxx(393) RAS BRQ Received from 79.142.35.177:29620 > > 2016/04/06 10:27:49.793 3 RasSrv.cxx(3787) Reply to saved rasAddress:79.142.35.177:29620 > > 2016/04/06 10:27:49.793 2 RasSrv.cxx(446) BCF|79.142.35.177|3873891045_vision7639288|20480; > > 2016/04/06 10:27:49.793 3 RasSrv.cxx(266) RAS Send to 79.142.35.177:29620 > > > > > > 2016/04/06 10:28:03.652 1 RasSrv.cxx(393) RAS ARQ Received from 79.142.35.177:9101 > > 2016/04/06 10:28:03.653 3 RasSrv.cxx(3120) Reply to saved rasAddress:79.142.35.177:9101 > > 2016/04/06 10:28:03.653 3 RasSrv.cxx(3396) GK ACF will grant bandwidth of 20480 > > 2016/04/06 10:28:03.653 2 RasTbl.cxx(4746) CallTable::Insert(CALL) Call No. 2, total sessions : 2 > > 2016/04/06 10:28:03.654 2 RasSrv.cxx(446) ACF|79.142.35.177:9101|3142736620_vision7639288|3696|511:dialedDigits|3142736620_vision7639288:h323_ID|false|f5-7a-31-dc-3c-05-00-1f-05-17-04-ed-22-b3-70-e9|ToBeDecided; > > 2016/04/06 10:28:03.654 3 RasSrv.cxx(266) RAS Send to 79.142.35.177:9101 > > > > > > 2016/04/06 10:28:07.659 1 RasSrv.cxx(393) RAS ARQ Received from 79.142.35.177:9101 > > 2016/04/06 10:28:07.659 3 RasSrv.cxx(3120) Reply to saved rasAddress:79.142.35.177:9101 > > 2016/04/06 10:28:07.660 3 RasSrv.cxx(3396) GK ACF will grant bandwidth of 20480 > > 2016/04/06 10:28:07.660 3 RasSrv.cxx(3440) GK ACF: found existing call no 2 > > 2016/04/06 10:28:07.660 2 RasSrv.cxx(446) ACF|79.142.35.177:9101|3142736620_vision7639288|3696|511:dialedDigits|3142736620_vision7639288:h323_ID|false|f5-7a-31-dc-3c-05-00-1f-05-17-04-ed-22-b3-70-e9| ; > > 2016/04/06 10:28:07.660 3 RasSrv.cxx(266) RAS Send to 79.142.35.177:9101 > > > > Can anyone point me to the right direction or give me a hint where I need to look for? > > > > Thanks in advance > > > > Jürgen ------------------------------------------------------------------------------ _______________________________________________________ Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users Homepage: http://www.gnugk.org/ ------------------------------------------------------------------------------ Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! http://pubads.g.doubleclick.net/ gampad/clk?id=1444514301&iu=/ca-pub-7940484522588532 _______________________________________________________ Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users Homepage: http://www.gnugk.org/
