Hi Jan,
Thank you for your advice, but this really knocks me down.
How the hell would we receive calls from outside without port forwarding to
our GnuGK or directly to one of the endpoints (we don't have enough public
IPs to expose endpoints or a GK to the Internet)?
>From what I've heard from some IT guys with whom we had to talk and test
VCs, they were using endpoints directly connected to the Internet and if
you can afford that, isn't this a security concern? From what I've seen in
our SX20 they have a lot of services running and possibly some
vulnerabilities.
By the way, do you have anymore tips regarding my questions and also David
comments?
Cheers,
Joao
On Tue, Jun 25, 2013 at 12:37 PM, Jan Willamowius <[email protected]>wrote:
> Hi,
>
> I just want to quickly warn anybody to rely on port forwarding for any
> production setup.
>
> Yes, in principle it is possible to configure port forwarding
> correctly, but is one of the hardest things you can attempt in H.323
> configurations and its one of the most common errors I see supporting
> clients. In this day and age where traversal protocols are widely
> available there really is no need to try something that hard.
>
> Use NAT traversal protocols (H.460.18/.19).
>
> Regards,
> Jan
>
>
> Joao Alexandre wrote:
> > Hi David,
> >
> > Thank you very much for your quick response.
> >
> > > One GK per site enables you to be able to place phone
> > > calls within one site, even if the VPN is down.
> >
> > This makes sense, specially in the cases where the VPN doesn't depend on
> > Internet access or where we have more than one endpoint.
> >
> > >The next questions would be, how exactly shall a "NUMBER@IP" be
> resolved
> > >if one of your external partners calls in, or you're calling out to them
> > >(i.e. RAS/LRQ or no RAS)? Can you dial IP addresses on your phone? Or
> > >would you have to adjust your dial-plan to enable outgoing dialling?
> >
> > By the way, our endpoints are Cisco SX20 and Sony PCG-50 , so we can dial
> > NUMBER@IP and IP#NUMBER respectively. We've also 1 LifeTime Passport.
> >
> > Where does or doesn't the neighbor feature fits in?
> >
> > Right now in production we've only one GnuGK(Debian, 3.3), nated with
> port
> > forwarding, and all the endpoint registered with it. We can dial outside
> > from any endpoint (most of the time) but receiving calls from the outside
> > doesn't work most of the time.
> >
> > I've done some tests with 2 GnuGK (3.3) with neighbor configuration, I
> > could receive calls (using for test a PC with Polycom PVX) either on both
> > GK using NUMBER@GatewayIP (wether the endpoints were registered on
> anyone
> > of the GKs), could dial outside to an IP, but when I tried to dial inside
> > out to NUMBER@IP it fails saying calledPartyNotRegistered.
> >
> > >From your comments, I think that the best for us would be 2 GnuGK
> (acting
> > as gatekeeper and gateway, nated with port forwarding) at our two main
> > sites, wether they should be configured as neighbors depends on my
> ability
> > to make them work.
> >
> > Thanks again.
> >
> > Regards,
> >
> > Joao
>
>
> --
> Jan Willamowius, [email protected], http://www.gnugk.org/
>
>
> ------------------------------------------------------------------------------
> This SF.net email is sponsored by Windows:
>
> Build for Windows Store.
>
> http://p.sf.net/sfu/windows-dev2dev
> _______________________________________________________
>
> Posting: mailto:[email protected]
> Archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users
> Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users
> Homepage: http://www.gnugk.org/
>
------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:
Build for Windows Store.
http://p.sf.net/sfu/windows-dev2dev
_______________________________________________________
Posting: mailto:[email protected]
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users
Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users
Homepage: http://www.gnugk.org/
