Thank you Jan, I appreciate it. Was curious on the cached registrations,
but is not a big deal. I saw the reload command in the status port, but
didn't know about sending a HUP. That should help.
On NAT, you don't think it's fun dealing with that mess? :)
I tried some additional forwarding of the H245 and Q931 narrow port ranges,
but nothing was consistent. I think that part is moot anyway since the
Fortigate was automatically opening them on-demand. (tcp/1720,1503 and
udp/1719 are the only ones statically forwarded)
Q931PortRange =30011-30020
H245PortRange =30000-30010
I'll keep testing and see how that goes.
On Tue, May 19, 2015 at 2:02 PM Jan Willamowius <[email protected]> wrote:
> Hi Robert,
>
> GnuGk does not cache registrations. Endpoints are only available after
> they have actively registered and thats intended.
> You can make endpoints available independently from their registration.
> GnuGk calls that feature 'permanent endpoints'.
>
> But this is really is a non-issue, because you can make virtually all
> configuration changes without restarting GnuGk - you simply reload the
> configuration (either via the status port, thats what the GUI does when
> you click 'Apply' or by sending the Unix process a HUP signal).
>
> Running Gnugk inside a VM is fine. Just make sure it has enough CPU
> power so the VM doesn't introduce additional latency when it proxies your
> RTP media streams.
>
>
> Running any H.323 device behind a NAT is very tricky. Look at the
> configuration for your V2IU: It has direct connectivity to the internet
> (it _is_ the firewall). You can do exactly that with GnuGk, too and it
> will work fine.
>
> If you want to use a dedicated firewall, put GnuGk _outside_ the
> firewall, no need to open any ports and let the H.460 NAT traversal
> protocols handle all the tunneling issues.
>
> GnuGk also supports running behind firewalls and NAT using port
> forwarding etc., but its hard to get right. These setups tend to work
> a little right from the start and fail in strange not until you get it
> right. I configure such configurations when I get paid, but not for
> fun. ;-)
>
> Regards,
> Jan
>
> --
> Jan Willamowius, Founder of the GNU Gatekeeper Project
> EMail : [email protected]
> Website: http://www.gnugk.org
> Support: http://www.willamowius.com/gnugk-support.html
>
> Relaxed Communications GmbH
> Frahmredder 91
> 22393 Hamburg
> Geschäftsführer: Jan Willamowius
> HRB 125261 (Amtsgericht Hamburg)
> USt-IdNr: DE286003584
>
>
> Robert Edeker wrote:
> > Hello,
> >
> > First off it's been great to find a project like this, am hoping this
> will
> > assist us in enhancing our video connectivity.
> >
> > While I realize that placing the GK behind a firewall is not ideal that's
> > what I'm looking to do at this time to reduce other infrastructure
> changes
> > and allow us to use our fiber connection. Below is where I'm at which is
> > basically working well except for calls from Polycom CMA Desktop devices.
> >
> > Our other goal is to possibly replace an old V2IU or have GNUGK as a
> > neighbor gatekeeper for redundancy. (neighbor dialing from gnugk to v2iu
> is
> > working great, but not the other way around)
> >
> > Before the network part, some unrelated questions:
> >
> > 1) Does gnugk save/cache registrations? Say I restart the server and
> > someone calls before the endpoint re-registers. (TTL is 300, but still)
> >
> > 2) Any concerns using this on a VM? testing with 3.5.0 on a ubuntu VM.
> > Plan to upgrade to 3.8.0 soon. We only have about 15 endpoints and most
> of
> > the calls are to external entities. Maybe 3-4 concurrent calls are
> > average, but this is becoming an issue with the V2IU bandwidth especially
> > as we use video more.
> >
> > //////////////////////
> > // Network
> > ///////////////////////
> > Current:
> > T1/Cable Internet ---- V2IU WAN (embedded gatekeeper) --- LAN ----
> Polycom
> > HDX endpoints
> >
> > We've outgrown the T1, cable isn't reliable all the time and we're
> bumping
> > up on a 3Mbps throttle that the V2IU is enforcing.
> >
> > New/Testing:
> > Fiber Internet ---- Fortigate Firewall ---- VIP (Destination NAT) --- LAN
> > V2IU or GNUGK ---- Polycom HDX
> > Outbound from HDX's or GNUGK NAT's with the public VIP we're using.
> >
> > I've setup the VIP policies on the Fortigate with h323 and ras session
> > helpers to dynamically open the pinhole ports needed.
> >
> > This works with both the V2IU and GNUGK when calling in from most
> devices.
> > (Other HDX's, Lifesize, etc..) When calling from CMA I keep getting
> Q931
> > errors on both. I suppose this points to something on the firewall,
> though
> > it seems I'll have more options with gnugk. Am not sure what to try
> next.
> >
> > Sample call output is below. I've been through various iterations of
> > settings without any success. At the moment it's basically just
> > GKRouted=1. h245Routed, proxy mode and all kinds of port settings have
> > been tried as well.
> >
> > ProxyChannel.cxx(1723) Q931s Received: Setup CRV=10425 from
> > EXTERNAL.CMA-IP:14712
> > singleton.cxx(24) Create instance: PreliminaryCallTable(9)
> > RasTbl.cxx(4640) CallTable::Insert(CALL) Call No. 1, total
> sessions
> > : 1
> > gkacct.cxx(964) GKACCT Successfully logged event 1 for call no.
> 1
> > ProxyChannel.cxx(4606) Q931s Call 1 is NAT type 0
> > ProxyChannel.cxx(1519) Call 1: h245Routed=0 proxy=0
> > ProxyChannel.cxx(7389) Q931d Could not open/connect Q.931 socket at
> > GNUGK.LAN.IP:0 - error 9/110: Connection timed out
> > ProxyChannel.cxx(6997) Q931 EXTERNAL.FIBER.IP:1720 DIDN'T ACCEPT THE
> > CALL
> > RasTbl.cxx(5114) CDR ignore not connected call
> > gkacct.cxx(964) GKACCT Successfully logged event 2 for call no.
> 1
> > yasocket.cxx(821) Q931d Delete socket EXTERNAL.FIBER.IP:1720
> > yasocket.cxx(821) Q931s Delete socket EXTERNAL.CMA-IP:14712
> > RasTbl.cxx(2667) Gk Delete Call No. 1
> >
> >
> > Thank You,
>
>
> ------------------------------------------------------------------------------
> One dashboard for servers and applications across Physical-Virtual-Cloud
> Widest out-of-the-box monitoring support with 50+ applications
> Performance metrics, stats and reports that give you Actionable Insights
> Deep dive visibility with transaction tracing using APM Insight.
> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
> _______________________________________________________
>
> Posting: mailto:[email protected]
> Archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users
> Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users
> Homepage: http://www.gnugk.org/
------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________________
Posting: mailto:[email protected]
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users
Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users
Homepage: http://www.gnugk.org/
