VoIP,Firewall, NAT, GateKeeper, ...
Helo list,
I hope everything goes fine for you.
Me, I'm fine thank you although I have this small problem.
I have have a small GNU/Linux Debian Woody (stable) firewall with a fix
IP and a class C private network (192.168.0.0) that has another woody
(cyrus-imap server) and a Sarge (my "Work/Play"Station). On the
firewall, every debs are from the stable tree except for the kernel, its
a 2.4.20+debianlogo+ipsec+grsec+preempt, shorewall, its at 1.3.11a and
webmin, which has been upgraded using www.webmin.net website thru webmin
upgrade.
It is working fine, highly stable. I am even making some money out of
this setup. I use Vtun for Woody to Woody VPN's (redundancy+very easy
to implement) and I'll soon offer IPSec VPN's to supported and policy
accepted remote M$ computers.
Oh and by the way, excuse my french.
Everything in my life was wonderfull until I started to "play" with VoIP
software, wich is something I had in mind a while ago.
Reading an article from the January 2003 edition of the Linux Journal, I
installed GnomeMeeting-0.12 from the stable tree on my workstation and
did a test with a girlfriend who hooked her laptop to my LAN and
installed and configured NetMeeting. It was wonderfull, audio was
crystal clear and configuration was done on both side by a couple of
Click, Click, Next, Click, Click, Finish !
I knew that in order to get it working from my LAN with people using
h323 clients on different platform on the Internet, it would require
more that a couple of clicks. I have read the rest of the article, h323
NAT patch, RSIP, blablabla.
First thing I tried was to forward the required ports from the web to my
"Work/Play"Station and NAT everything from the LAN to the NET. Without
applying any h323nat_conntrack or RSIP patch.
Rules and policy from shorewall 1.3.11a :
#policy
loc net ACCEPT
#rules
ACCEPT:info net loc:192.168.0.100 tcp 1503,1720,30000:30010 - all
ACCEPT:info net loc:192.168.0.100 udp 5000:5003 - all
>From there, connection goes ok in both direction but there is no sound.
The remote endpoint is using Win95+netmeetin 3.01 SP2 and had it working
with another user with M$ netmeeting. Both were using dial-up
connection on their pc.
So I continued on reading, looking for a solution that would allow me to
provide secure, if possible proxyed connection. Something like
openh323gk seemed to provide the solution. Installed it, configured
both wks, but again, no success. Then I found out I would need version
2.0.2 in order to support proxy mode.
They even provide wath they call debs (sid debs) on theire site. And
sid has them also. But it doesnt install on neither Woody or Sarge.
Does not compile also, requires many unstable libs.
I tried with the staticaly link gnugk, but it asks for libstdc++.so.5!!!
libstdc++.so.5 !?!?!?!
I've browse to their mailling list with no success, undreds of questions
with only a couple of dozen answers, most of them are just saying :
RTFM, wich I did but did'nt fully understood yet.
I'll stop rigth here cause I could continue for hours !
My questions :
1- Is it possible to provide VoIP between people in a LAN and people on
the net in proxy mode ? i.e. People from the net register on the
gatekeeper, and ask the gatekeeper to establish a connection with a user
in the LAN. And vice-versa.
1.2- If yes, can it be done with Woody ?
2- Is there any alternative in order to provide VoIP between
heterogeneous platform, clients and server ? Voxila, GnoPhone, GNUComm?
Wich one is best for now and in the future ?
3- If I am not mistaking, all this can easily be solved by using stable
openh323gk thru a vpn between remote internet users and the LAN, Am I
rigth ?
3.1- If thats the case, what is gona be the performance cost using VoIP
thru IPSec with 56k connection users ?
This is gona be fun !
Thanks in advance !
I apologize for the length but I am not the two sentence "I can't make
this work !" poster.
Yesterday, I new @$^&[ about all that jazz !
Today all that @$^&[ is in my head !
And I can't make any Jazz out of it !
@+ les aminches !
Dominique Fortier
Reply to: