WARNING: You receive this message on the old GnuGk mailinglist that will go away soon. Please re-subscribe for the new mailinglist at https://lists.gnugk.org/cgi-bin/mailman/listinfo/gnugk-users
Hi, with neighbor type CiscoGk, GnuGk uses a Cisco vendor ID and a non-standard element in LRQs that old Cisco gatekeepers expect. Have you tried switching back to neighbor type Generic to verify its only the neighbor type that made the difference for you ? Regards, Jan -- Jan Willamowius, Founder of the GNU Gatekeeper Project EMail : [email protected] Website: https://www.gnugk.org Support: https://www.willamowius.com/gnugk-support.html Relaxed Communications GmbH Frahmredder 91, 22393 Hamburg, Germany Geschäftsführer: Jan Willamowius HRB 125261 (Amtsgericht Hamburg) USt-IdNr: DE286003584 Gerard Beekmans wrote: > Hi, > > I may have found the problem. The 1 minute disconnects are no longer > happening though more testing required to ensure things like content sharing > works. > > What made it work was setting the neighbour type to "CiscoGk". When left at > GnuGk/Generic, the Polycom DMA initiated a disconnectrequest after the 1 > minute mark. When set to CiscoGk, this doesn't happen. > > I have read through Neighbor.cxx to see what the differences are in > operation. I'm not well versed in C++. Could you explain what GnuGk does > differently when in Cisco mode? > > Also I didn't need any special NAT switches. My configuration is now > simplified to the following. Are there any unnecessary options I can remove? > > > [Gatekeeper::Main] > Name=GnuGk > > [RoutedMode] > GKRouted=1 > H245Routed=1 > AcceptUnregisteredCalls=1 > > [Proxy] > Enable=1 > ProxyAlways=1 > InternalNetwork=172.24.0.0/16,10.0.0.0/8,127.0.0.0/8 > > [ModeSelection] > 199.213.0.0/16=PROXY > > [RasSrv::Neighbors] > GK1=CiscoGk > > [Neighbor::GK1] > GatekeeperIdentifier=GK1 > Host=172.24.2.53 > SendPrefixes=* > AcceptPrefixes=* > ForwardLRQ=depends > > [Gatekeeper::Auth] > FileIPAuth=required;Setup > > [FileIPAuth] > 172.24.2.0/24=allow > 10.0.0.0/8=allow > 199.213.0.0/16=allow > > [RoutingPolicy] > default=explicit,internal,parent,neighbor,dns > > > Thanks, > Gerard Beekmans > Sr. Network Engineer > First Nations Technical Services Advisory Group Inc. > Phone: 780-638-2739 > Fax: 780-483-8632 > Helpdesk: 1-888-999-3356 > Email: [email protected] > Santa Fe Plaza > 18232 - 102 Avenue NW > Edmonton, AB T5S 1S7 > http://www.tsag.net > > -----Original Message----- > From: gnugk-users <[email protected]> On Behalf Of Gerard > Beekmans > Sent: September 26, 2018 15:21 > To: GNU Gatekeeper Users <[email protected]> > Subject: Re: [gnugk-users] Certain calls drop after 60 seconds > > Hi Jan, > > I have disabled the Bind and ExternalIP switches. I see some additional log > entries from ProxyChannel now like these: > > ProxyChannel.cxx(11238) RTP Forward 199.213.0.82:22982 to 10.254.0.54:3234 > ProxyChannel.cxx(11292) RTP Reverse 10.254.0.54:3234 to 199.213.0.82:22982 > > On the LAN side there is no need for NAT. The GnuGk server can reach my > computer. Although it's on a different subnet, the LAN router allows all > traffic to and from the GnuGk server. > > The only NAT that needs to be applied is when connecting to the remote hosts > so that the remote VBP does not see our private IPs that it can't route back > to. There is no additional router involved. The GnuGk server has a direct > connection to the remote network. It's acting as its own router. > > In this setup do I need to enable NAT using iptables? My computer shouldn't > route through the GnuGk server; proxying should be done instead. > > Having said that, how do I enable H.460.18 NAT you mentioned? > > Is that done simply by adding these to [RoutedMode] > > EnableH46017=1 > EnableH46018=1 > H46018KeepAliveInterval=19 > H46018NoNat=1 > > I tried a call with the above settings. Still drops at the 1 minute mark. > > > Thanks, > Gerard Beekmans > Sr. Network Engineer > First Nations Technical Services Advisory Group Inc. > Phone: 780-638-2739 > Fax: 780-483-8632 > Helpdesk: 1-888-999-3356 > Email: [email protected] > Santa Fe Plaza > 18232 - 102 Avenue NW > Edmonton, AB T5S 1S7 > http://www.tsag.net > > -----Original Message----- > From: gnugk-users <[email protected]> On Behalf Of Jan > Willamowius > Sent: September 26, 2018 14:57 > To: [email protected] > Subject: Re: [gnugk-users] Certain calls drop after 60 seconds > > Hi Gerard, > > proxy mode often isn't enough for firewall traversal. You probably also have > to enable H.460.18 NAT traversal in GnuGk. > > Also, you should probably drop the Bind= switch and the ExternalIP= switch > should only be necessary if that IP is _not_ bound to any interface on your > server. > > Regards, > Jan > > -- > Jan Willamowius, Founder of the GNU Gatekeeper Project EMail : > [email protected] > Website: https://www.gnugk.org > Support: https://www.willamowius.com/gnugk-support.html > > Relaxed Communications GmbH > Frahmredder 91, 22393 Hamburg, Germany > Geschäftsführer: Jan Willamowius > HRB 125261 (Amtsgericht Hamburg) > USt-IdNr: DE286003584 > > > Gerard Beekmans wrote: > > Hi, > > > > To start with, the GnuGk setup: > > > > > > * Ubuntu 18.04 > > > > * Ptlib, h323plus and gnugk downloaded from git and compiled from > > source using instructions at > > https://www.gnugk.org/gnugk-manual-14.html#ss14.1 > > > > We have a Polcom video conferencing network deployed throughout the > > province. We have to interface with the federal government as well at times > > who are also using Polycom systems. > > > > We use a Polycom Video Border Proxy (VBP) in our network to connect to the > > government's, also a VBP. > > > > The setup in broad strokes is as follows: > > > > > > * Our endpoints are registered to a Polycom Distributed Media > > Application (DMA) which is their version of a gatekeeper. > > > > o For testing I use Polycom RealPresence Desktop on a typical Windows 10 > > computer > > > > * The DMA has an external gatekeeper defined, which is our VBP with > > a certain prefix. > > > > * Any calls with that prefix are routed to the VBP. > > > > * The VBP in turn connects to the remote VBP with whatever dial > > string was provided (with our internal prefix stripped) > > > > * Remote VBP in turn connects the call to their bridge/MCU > > > > I am hoping to replace our local VBP with GnuGk instead. > > > > I have gotten most of the way there with the final problem that calls drop > > after exactly 60 seconds every time. The call flow is similar as shown > > above with the exception the local VBP is a GnuGk instance instead. The IP > > addresses at play are different so that both solutions can run side-by-side > > during all this testing. > > > > Whenever we've had these issues with Polycom devices talking to other > > Polycom devices it often came down to an issue with keep-alive packets not > > being sent or a NAT issue where the remote end saw our internal/private > > addresses and was sending data to the wrong IP that was never received > > locally and resulted in a timeout. Enabling various keepalive options in > > the [RoutedMode] section has not made a difference. I'm unsure if I have > > setup NAT correctly. I assume proxy mode takes care of that. > > > > How would I go about troubleshooting this? What kind of information would > > be helpful? > > > > My current configuration file contains the following. I have removed all > > the keepalive and other options I was experimenting with. > > > > [Gatekeeper::Main] > > Name=GnuGk > > Bind=199.213.1.22 > > ExternalIP=199.213.1.22 > > > > [RoutedMode] > > GKRouted=1 > > > > [Proxy] > > Enable=1 > > ProxyAlways=1 > > InternalNetwork=172.24.0.0/16,10.0.0.0/8,127.0.0.0/8 > > > > [ModeSelection] > > 199.213.0.0/16=PROXY > > > > [RasSrv::Neighbors] > > GK1=Generic > > > > [Neighbor::GK1] > > GatekeeperIdentifier=GK1 > > Host=172.24.2.53 > > SendPrefixes=* > > AcceptPrefixes=* > > ForwardLRQ=depends > > > > [Gatekeeper::Auth] > > FileIPAuth=required;Setup > > > > [FileIPAuth] > > 172.24.2.0/24=allow > > 10.0.0.0/8=allow > > 199.213.0.0/16=allow > > > > [RoutingPolicy] > > default=explicit,internal,parent,neighbor,dns > > > > > > Starting GnuGk with trace level 5, I see the following output in the last > > few seconds before the call disconnects. > > > > In this output the IPs used are: > > > > * 172.24.2.53 - our local DMA that my workstation registers to > > > > * 172.24.2.47 - GnuGk LAN interface > > > > * 199.213.1.22 - GnuGk WAN interface > > > > * 199.213.0.82 - remove VBP > > > > 2018/09/26 14:29:55.392 5 ProxyChannel.cxx(1557) H245s Reading > > from 172.24.2.53:36077 > > 2018/09/26 14:29:55.392 4 ProxyChannel.cxx(2902) H245 Received > > from 172.24.2.53:36075 (CallID: e4 5b 0d 23 ec 14 00 1f 25 36 37 a4 0d c2 > > d3 11): command miscellaneousCommand { > > logicalChannelNumber = 5 > > type = videoFastUpdatePicture <<null>> > > } > > 2018/09/26 14:29:55.392 4 ProxyChannel.cxx(13215) H245 Command: > > miscellaneousCommand > > > > 2018/09/26 14:30:04.965 5 ProxyChannel.cxx(1557) Q931s Reading > > from 172.24.2.53:36075 > > 2018/09/26 14:30:04.965 3 ProxyChannel.cxx(2187) Q931s Received: > > ReleaseComplete CRV=23271 from 172.24.2.53:36075 > > 2018/09/26 14:30:04.966 4 ProxyChannel.cxx(2100) Q931 Received: { > > q931pdu = { > > protocolDiscriminator = 8 > > callReference = 23271 > > from = originator > > messageType = ReleaseComplete > > IE: Cause - Normal call clearing = { > > 80 90 .. > > } > > IE: User-User = { > > 25 80 06 00 08 91 4a 00 05 15 18 00 11 00 e4 5b %.....J........[ > > 0d 23 ec 14 00 1f 25 36 37 a4 0d c2 d3 11 01 00 .#....%67....... > > 01 40 10 80 01 00 .@.... > > } > > } > > h225pdu = { > > h323_uu_pdu = { > > h323_message_body = releaseComplete { > > protocolIdentifier = 0.0.8.2250.0.5 > > callIdentifier = { > > guid = 16 octets { > > e4 5b 0d 23 ec 14 00 1f 25 36 37 a4 0d c2 d3 11 > > .[.#....%67..... > > } > > } > > presentationIndicator = presentationAllowed <<null>> > > screeningIndicator = userProvidedVerifiedAndFailed > > } > > h245Tunneling = false > > } > > } > > } > > 2018/09/26 14:30:04.966 1 RasTbl.cxx(5777) CDR|1|e4 5b 0d 23 > > ec 14 00 1f 25 36 37 a4 0d c2 d3 11|59|Wed, 26 Sep 2018 14:29:05 > > -06:00|Wed, 26 Sep 2018 14:30:04 -06:00|172.24.2.53:36075| > > |199.213.0.82:1720| > > |4990764184:dialedDigits|GerardBeekmans1:h323_ID=661039:dialedDigits|GnuGk; > > > > 2018/09/26 14:30:04.966 2 gkacct.cxx(970) GKACCT > > Successfully logged event 2 for call no. 1 > > 2018/09/26 14:30:04.966 5 ProxyChannel.cxx(1557) H245s Reading > > from 172.24.2.53:36077 > > 2018/09/26 14:30:04.966 4 ProxyChannel.cxx(2902) H245 Received > > from 172.24.2.53:36075 (CallID: e4 5b 0d 23 ec 14 00 1f 25 36 37 a4 0d c2 > > d3 11): command endSessionCommand disconnect <<null>> > > 2018/09/26 14:30:04.966 4 ProxyChannel.cxx(13215) H245 Command: > > endSessionCommand > > 2018/09/26 14:30:04.968 5 ProxyChannel.cxx(1557) H245s Reading > > from 172.24.2.53:36077 > > 2018/09/26 14:30:04.968 5 yasocket.cxx(914) H245s > > 172.24.2.53:36077 closed by remote > > 2018/09/26 14:30:04.976 5 ProxyChannel.cxx(1557) H245d Reading > > from 199.213.0.82:15081 > > 2018/09/26 14:30:04.976 4 ProxyChannel.cxx(2902) H245 Received > > from 199.213.0.82:1720 (CallID: e4 5b 0d 23 ec 14 00 1f 25 36 37 a4 0d c2 > > d3 11): command endSessionCommand disconnect <<null>> > > 2018/09/26 14:30:04.976 4 ProxyChannel.cxx(13215) H245 Command: > > endSessionCommand > > 2018/09/26 14:30:04.976 3 ProxyChannel.cxx(15349) Proxy > > 199.213.0.82:15081 forward blocked > > 2018/09/26 14:30:05.022 5 ProxyChannel.cxx(1557) H245d Reading > > from 199.213.0.82:15081 > > 2018/09/26 14:30:05.022 5 yasocket.cxx(914) H245d > > 199.213.0.82:15081 closed by remote > > > > Based on these messages, it appears the disconnect came from our DMA. When > > I'm in direct vs. routed mode, the IP shown is my computer and it appears > > the disconnect request comes from my computer. > > > > When in routed mode, our DMA shows a disconnect reason of "call not set up > > in the time permitted". > > > > Any thoughts and help would be greatly appreciated. > > Thanks, > > Gerard Beekmans > > Sr. Network Engineer > > First Nations Technical Services Advisory Group Inc. > > Phone: 780-638-2739 > > Fax: 780-483-8632 > > Helpdesk: 1-888-999-3356 > > Email: [email protected]<mailto:[email protected]> > > Santa Fe Plaza > > 18232 - 102 Avenue NW > > Edmonton, AB T5S 1S7 > > http://www.tsag.net<http://www.tsag.net/> > > > Homepage: https://www.gnugk.org/ _______________________________________________________ Posting: mailto:[email protected] Archive: https://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users Unsubscribe: https://lists.sourceforge.net/lists/listinfo/openh323gk-users Homepage: https://www.gnugk.org/
