gnugk gnomemeeting netmeeting
estoy intentado configurar el sigiente montaje:
|mi PC | |Smoothwall | |
| Debian | |redireccion | |varios
ordenadores
|gnomemeeting |-192.168.1.5 ----|ip dinamica | --internet ---|IP Dinamica
|gnugk | |trujo.hn.org | | Netmeeting
Se trata de poder conectarme con mis hermanos y amigos sin depender de
servidores de mensajes comerciales.
por ahora todo funciona menos el gatekeeper que segun la ayuda de
gnomeeting me puede servir para identificar a mis hermanos (ellos se
pueden conectar a mi sin necesidad del gatekeeper grasias al dns
dinamico de hn.org)
pero no consigo que admita ni siquiera el registro mio (que no pasa por
el cortafuegos
este es mi gatekeeper.ini por si alguien puede y quiere verlo
cat /etc/gatekeeper.ini
# File: ~/.pwlib_config/Gatekeeper.ini
# comments may start with # or ;
######################################
## Boolean values.
## Boolean Values are retresented by a case insensitive string
## - "t"..., "y"... or "1" for TRUE
## - all other for FALSE
##
## Params used in Gatekeeper::Main()
##
## NOTE: This parameters may be loaded at program startup and not
influenced by the HUP signal.
[Gatekeeper::Main]
## 'config is present' indicator. Has to be 42.
Fourtytwo=42
# Includes in some RAS-Msgs
Name=OpenH323GK
# overwritten from command line parameter
Home=192.168.1.5
NetworkInterfaces=eth0
#TimeToLive=600
#TotalBandwidth=100000
#StatusPort=7000
#UseBroadcastListener=0
##
## Failover support
##
#AlternateGKs=1.2.3.4:1719:false:120:OpenH323GK2
#Sendto=1.2.3.4:1719
#EndpointIDSuffix=_gk1
#SkipForwards=4.3.2.1
#RedirectGK=Calls > 50
##
## You should never need to change any of the following values.
## They are mainly used for testing or very sophisticated applications.
##
#UnicastRasPort=1719
#MulticastPort=1718
#MulticastGroup=224.0.1.41
#EndpointSignalPort=9999
#EndpointSignalPort=1720
#ListenQueueLength=1024
# [ms], default 1000
#SignalReadTimeout=3000
# [ms], default 3000
#StatusReadTimeout=5000
#StatusWriteTimeout=5000
[RoutedMode]
GKRouted=1
H245Routed=0
CallSignalPort=1721
CallSignalHandlerNumber=1
RemoveH245AddressOnTunneling=0
AcceptNeighborsCalls=1
AcceptUnregisteredCalls=0
SupportNATedEndpoints=1
DropCallsByReleaseComplete=1
#RemoveCallOnDRQ=1
#SendReleaseCompleteOnDRQ=0
#ScreenDisplayIE=
#ScreenCallingPartyNumberIE=
#ScreenSourceAddress=
#ForwardOnFacility=1
#ShowForwarderNumber=1
#Q931PortRange=20000-20999
#H245PortRange=30000-30999
#ConnectTimeout=180000
[Proxy]
Enable=1
InternalNetwork=192.168.1.0/255.255.255.0,127.0.0.0/8
T120PortRange=40000-40999
RTPPortRange=50000-59999
ProxyForNAT=1
ProxyForSameNAT=0
#[Endpoint]
#Gatekeeper=auto
#Gatekeeper=210.58.112.188
#Type=Gateway
#H323ID=CitronProxy
#E164=18888600000
#Password=
#Prefix=18888600,1888890003
#TimeToLive=900
#RRQRetryInterval=10
#ARQTimeout=2
#UnregisterOnReload=0
#NATRetryInterval=60
#NATKeepaliveInterval=86400
#[Endpoint::RewriteE164]
#188889000=9
##
## Prefixes of e164 numbers for gateways.
## Separate list elements by one of " .,\t".
## @see RasTbl::addPrefixes
## This parameters should consider a HUP signal.
[RasSrv::GWPrefixes]
## Test-Gateways
# 195.71.226.162
#rossi-gt2=80,90
#rossi-gt2=0
# 195.71.226.165
#rossi-gt3=80,90
#rossi-gt3=05241,0521,5241,521
# 195.71.129.254
#ip400-v1=12
#ip400-wi1=0
[RasSrv::RRQFeatures]
#OverwriteEPOnSameAddress=1
#AcceptEndpointIdentifier=1
#AcceptGatewayPrefixes=1
[RasSrv::ARQFeatures]
ArjReasonRouteCallToSCN=0
ArjReasonRouteCallToGatekeeper=1
CallUnregisteredEndpoints=1
RemoveTrailingChar=#
ParseEmailAliases=1
[RasSrv::RRQAuth]
## On a RRQ the h323-alias is queried from this section.
## If there is an entry the endpoint is authenticated against the given
rules.
## If there is no entry the default action is performed. The default action
## is to confirm the RRQ, unless the parameter "default=reject" is given.
##
## Notation:
## <authrules> := empty | <authrule> "&" <authrules>
## <authrule> := <authtype> ":" <authparams>
## <authtype> := "sigaddr" | "sigip"
## <autparams> := [!&]*
## The notation and meaning of <authparams> depends on <authtype>:
## - sigaddr: extended regular expression that has to match agains the
## "PrintOn(ostream)" representation of the signal address of the
request.
## Example: "sigaddr:.*ipAddress .* ip = .* c3 47 e2 a5 .*port = 1720.*"
## - sigip: specialized form of "sigaddr". Write the signalling ip adresse
## using (commonly used) decimal notation:
"byteA.byteB.byteC.byteD:port"
## Example of the above sigaddr: "sigip:195.71.226.165:1720"
##
## This parameters should consider a HUP signal.
#rossi-gt1=sigaddr:.*ipAddress .* ip = .* c3 47 e2 a2 .*port = 1720.*
#rossi-gt2=sigaddr:.*ipAddress .* ip = .* c3 47 e2 a5 .*port = 1720.*
#rossi-gt3=sigip:195.71.226.165:1720
default=confirm
## The parameter "rule" may be one of the following:
## - "forbid" disallow any connection (default when no rule us given)
## - "allow" allow any connection
## - "explicit" reads the parameter #"<ip>=<value>"# with ip is the
ip4-address
## if the peering client. #<value># is resolved with
#Toolkit::AsBool#. If the ip
## is not listed the param "default" is used.
## - "regex" the #<ip># of the client is matched against the given
regular expression.
## First the ip-rules (like "explicit") are tested. Olny of no such
param exists
## the regex is tried.
## Example: "regex=^195\.71\.(129|131)\.[0-9]+$"
## - "password" authenticates clients by asking for username/password
## and it compares them with the username/password pairs stored in
this section.
## Set KeyFilled variable and use addpasswd utility to add new
username/password pairs:
## addpasswd gnugk.ini GkStatus::Auth gkadmin secret
[GkStatus::Auth]
rule=allow
#rule=deny
#rule=explicit
#rule=regex
# - 195.71.129.*
# - 195.71.100.*
# - 62.52.26.[1-2][0-9][0-9]
#regex=^(195\.71\.(129|100)\.[0-9]+)|(62\.52\.26\.[1-2][0-9][0-9])$
#rule=password
#KeyFilled=123
# only used when "rule=explicit"
#default=forbid
#Shutdown=disable
##
## Beside other things every number to rewrite has its
## own key/value-line. The implemententation is such that
## all numbers that shell be rewritten have to begin
## with a common prefix given by 'Fastmatch'.
##
## Doc From the code:
## // Do rewrite to #newE164#. Append the suffix too.
## // old: 01901234999
## // 999 Suffix
## // 0190 Fastmatch
## // 01901234 prefix, Config-Rule: 01901234=0521321
## // new: 0521321999
##
## The rewrite-numbers function take care of reloads/a HUP signal.
[RasSrv::RewriteE164]
## Only if an e164 number begins with #Fastmatch# the
## the further rewriting is done. Only one #Fastmatch# can be given.
#Fastmatch=
#0190703100=052418088663
#01903142=0521178260
#5241908601903142=521178260
##
## The GK would send LRQ to its neighbors if the destination of ARQ is
unknown.
## A neighbor is selected if its prefix match the destination or
## it has prefix '*'.
## Currently multiple prefixes are supported.
##
#
# GKID=ip[:port;prefixes;password;dynamic]
#
[RasSrv::Neighbors]
#GK1=203.60.151.5:1719;*;gk1
#GK2=203.60.151.9:1719;02,03
[RasSrv::LRQFeatures]
#NeighborTimeout=2
#ForwardHopCount=2
#AlwaysForwardLRQ=0
#AcceptForwardedLRQ=1
#IncludeDestinationInfoInLCF=1
#CiscoGKCompatible=1
##
## In this section you can put endpoints that don't have RAS support
## or that you don't want to be expired. The records will always
## in GK's registration table.
## However, You can still unregister it via status thread.
##
#
# ip[:port]=alias,alias,...[;prefix,prefix,...]
#
[RasSrv::PermanentEndpoints]
# For gateway
#10.0.1.5=Citron;009,008
# For terminal
#10.0.1.10=798
##
## Authentication mechanism
##
## Syntax:
## authrule=actions
##
## <authrule> := SimplePasswordAuth | LDAPPasswordAuth
## | AliasAuth | LDAPAliasAuth | ...
## <actions> := <control>[;<ras>|<q931>,<ras>|<q931>,...]
## <control> := optional | required | sufficient
## <ras> := GRQ | RRQ | URQ | ARQ | BRQ | DRQ | LRQ | IRQ
## <q931> := Setup
##
## Currently supported modules:
##
## SimplePasswordAuth/SQLPasswordAuth/LDAPPasswordAuth
##
## The module checks the tokens or cryptoTokens
## fields of RAS message. The tokens should contain
## at least generalID and password. For cryptoTokens,
## cryptoEPPwdHash tokens hashed by simple MD5 and
## nestedcryptoToken tokens hashed by HMAC-SHA1-96
## (libssl must be installed!) are supported now.
## The ID and password are read from [Password]
section
## / SQL / LDAP. For backward compatibility,
## MySQLPasswordAuth module can be used instead of
SQLPassword auth
##
## NeighborPasswordAuth
##
## The module only check LRQs from neighbors. The
ID and
## password are defined in [RasSrv::Neighbors]
section.
##
## AliasAuth/
## LDAPAliasAuth/ The IP of an endpoint with given alias should
## SQLAliasAuth match a specified pattern. For AliasAuth the
pattern
## is defined in [RasSrv::RRQAuth] section.
## For LDAPAliasAuth the alias (default: mail
attribute)
## and IP (default: voIPIpAddress attribute) must
be found
## in one LDAP entry.
## For SQLAliasAuth alias and IP is read from a
database.
## For backward compatibility MySQLAliasAuth
modules is supported.
##
## RadAuth/RadAliasAuth
##
## The H.235 username/password from RRQ/ARQ message
## or endpoint alias/IP from RRQ/ARQ/Setup message
## is used to authenticate an endpoint/a call using
## RADIUS server.
##
## A rule may results in one of the three codes: ok, fail, pass.
##
## ok The request is authenticated by this module
## fail The authentication fails and should be rejected
## next The rule cannot determine the request
##
## There are also three ways to control a rule:
##
## optional If the rule cannot determine the request, it is passed
## to next rule.
## required The requests should be authenticated by this module,
## or it would be rejected. The authenticated request would
## then be passwd to next rule.
## sufficient If the request is authenticated, it is accepted,
## or it would be rejected. That is, the rule determines
## the fate of the request. No rule should be put after
## a sufficient rule, since it won't take effect.
##
## You can also configure a rule to check only for some particular RAS
## messages. For example, to configure SimplePasswordAuth as a required
## rule to check RRQ, ARQ and LRQ:
## SimplePasswordAuth=required;RRQ,ARQ,LRQ
#
[Gatekeeper::Auth]
#SimplePasswordAuth=optional
#LDAPPasswordAuth=optional
#AliasAuth=sufficient;RRQ
#LDAPAliasAuth=sufficient;RRQ
#RadAuth=required;RRQ,ARQ
#RadAliasAuth=required;Setup
#default=reject
default=allow
##
## Destination analysis mechanism
## (must be enabled with compiler option WITH_DEST_ANALYSIS_LIST)
##
## Syntax:
## authrule=actions
##
## <authrule> := OverlapSendDestAnalysis
## <actions> := <control>[;<message>,<message>,...]
## <control> := optional | required | sufficient
## <message> := ARQ | LRQ
##
## Currently supported modules:
##
## OverlapSendDestAnalysis This module checks for incomplete destination
## addresses (not fully implemented up to now).
##
## A rule may results in one of the three codes: ok, fail, pass.
## There are also three ways to control a rule: optional, required,
sufficient.
## Additionally you can configure a rule to check only for some particular
## messages.
## (see Authentication mechanism for details informations).
#
[Gatekeeper::DestAnalysis]
#OverlapSendDestAnalysis=required;ARQ
#default=reject
#default=allow
##
## Use 'make addpasswd' to generate the utility addpasswd
## Usage:
## addpasswd config section userid password
##
#[Password]
#KeyFilled=123
#CheckID=FALSE
#PasswordTimeout=0
#(id=cwhuang, password=123456)
#cwhuang=UGwUtpy837k=
[MySQLAuth]
#Host=localhost
#Database=billing
#User=cwhuang
#Password=123456
#Table=customer
#IDField=IPN
#PasswordField=Password
#ExtraCriterion=Kind < 2
#CacheTimeout=0
[MySQLAliasAuth]
#Host=localhost
#Database=billing
#User=cwhuang
#Password=123456
#Table=customer
#IDField=IPN
#IPField=IPAddr
#ExtraCriterion=Kind < 2
#CacheTimeout=0
[SQLPasswordAuth]
#Driver=MySQL
#Host=localhost
#Database=billing
#Username=gnugk
#Password=secret
#CacheTimeout=0
#Query=SELECT password FROM users WHERE alias = '%1'
[SQLAliasAuth]
#Driver=PostgreSQL
#Host=localhost
#Database=billing
#Username=gnugk
#Password=secret
#CacheTimeout=0
#Query=SELECT authcond FROM users WHERE alias = '%1'
[CallTable]
#GenerateNBCDR=TRUE
#GenerateUCCDR=TRUE
#DefaultCallDurationLimit=21600
#AcctUpdateInterval=0
[GkLDAP::LDAPAttributeNames]
#H323ID=mail
#IPAddress=voIPIpAddress
#TelephonNo=telephoneNumber
#H235PassWord=plaintextPassword
# Settings for LDAP access
[GkLDAP::Settings]
#ServerName=ldap
#ServerPort=389
#SearchBaseDN=o=University of Michigan, c=US
#BindUserDN=cn=Babs Jensen,o=University of Michigan, c=US
#BindUserPW=ReallySecretPassword
#sizelimit=0
#timelimit=0
##
## Accounting mechanism
##
## Syntax:
## acctmod=actions
## ...
##
## <acctmod> := RadAcct | FileAcct | SQLAcct | ...
## <actions> := <control>[;<event>,<event>,...]
## <control> := optional | required | sufficient | alternative
## <event> := start | stop | update | on | off
##
## One special module is the "default" module - it can be used
## to determine a final accounting status:
##
## default=<status>[;<event>,<event>]
##
## <status> := accept | reject
## <event> := start | stop | update | on | off
##
## Currently supported modules:
##
## RadAcct
##
## Provides accounting through RADIUS protocol.
##
## FileAcct
##
## Provides accounting to a plain text file using GK status line
CDR format.
##
## SQLAcct
##
## Provides accounting directly to an SQL database.
##
## default
##
## Determines the final status, if not already set by another module
## (it can be helpful with optional or alternative actions).
##
## Processing of an accounting event by an accounting module may results
## in one of the three codes: ok, fail, next.
##
## ok the accounting event has been succesfully processed
(logged) by this module
## fail the accounting event has not been logged by this module
(due to failure)
## next the accounting event has not been logged by this module,
## either because the module does not support this event type
## or the event type has not been configured to be processed
##
## There are also three ways to control how an accounting event is
passed down
## through a stack of modules:
##
## optional the module tries to log the accounting event. Success or
## failure does not determine the final status for all
modules
## (except when the rule is the last one). The event is then
## passed down to remaining modules.
## required if the module fails to log the event, the final
status is set
## to failure. If the event is logged successfully, the
final status
## is determined by any remaining modules (except when
the rule is the last one).
## sufficient if the module logs the event successfully, remaining
modules
## are not processed and the final status is success.
Otherwise
## the final status is failure and the event is passed down
## to any remaining modules.
## alternative if the module logs the event successfully, remaining
modules
## are not processed and the final status is success.
Otherwise
## the final status is determined by any remaining modules.
##
## You can configure a module to log only some particular accounting events.
## For example, to configure RadAcct as a required module to log call
"start"
## and "stop" events only, write:
## RadAcct=required;start,stop
##
## Recognized accounting event types:
##
## start call start
## stop call stop
## update call update
## on GK start
## off GK stop
##
[Gatekeeper::Acct]
#RadAcct=alternative;start,stop,on,off
#FileAcct=required;stop
#default=reject;start,stop
# Various global settings for accounting modules
[Accounting]
#AlwaysUseCLID=1
# if the GK can't auto detect your NATed EP
# set it here
[NATedEndpoints]
;704=11.1.1.111
;705=allow
# settings for inbound call distribution with virtual queue
[CTI::Agents]
VirtualQueueAliases=CC
;VirtualQueuePrefixes=001,0044,0049
;VirtualQueueRegex=^(001|04)[0-9]*$
RequestTimeout=10
# SQL based configuration
[SQLConfig]
#Driver=PostgreSQL
#Host=localhost
#Database=billing
#Username=gnugk
#Password=secret
#RewriteE164Query=SELECT ...
#PermanentEndpointsQuery=SELECT ...
#NeighborsQuery=SELECT ...
#GWPrefixesQuery=SELECT ...
# EOF
Reply to: