Proxy and a single NIC? CatchAll

> Problem 1:
>
> You will need to post the contents of the GCF message to determine whether
> the correct IP address is being sent in the GCF. What is the internal
> network mask? 192.168.1.0:255.255.255.0 ? This is important as the
> gatekeeper uses the routing table to determine whether the received address
> to internal or not. If the internal address in not in the routing table for
> the internal network then it will send the external IP (this is a known bug)
> You may need to add a route to the routing table so the gatekeeper knows
> that 192.168.1.70 is internal.
>
> You should only need 1 NIC and IP address.
>
> Problem 2:
> I suggest you remove
> [Gatekeeper::Main]
> DefaultDomain=mydomain.co.za
>
> External calls to user@... should then connect to "user"
> registered on the internal LAN. The way it is it looks for
> "user@..." which of course it can't find.
>
>
> Your assumptions are correct and it should all work.
>
> Simon
>
>
>
>  
>
> -----Original Message-----
> From: Michael Bondi [mailto:mike@...]
> Sent: Tuesday, 27 October 2009 7:50 PM
> To: GNU Gatekeeper Users
> Subject: [Openh323gk-users] Proxy and a single NIC? CatchAll
>
> Scenario:
> ======
>
> I have an ADSL line with a dynamic public IP and a dyndns address for it.
>
> I have my gnugk running on a single NIC with an internal IP address
> 192.168.1.15
>
> I have my gnugk in the DMZ of the ADSL router and have done port forwarding
> to it.
>
> I have my endpoints registered and calling between them.
>
> T_120 Always On tcp 1503 - 1503 1503 - 1503 192.168.1.15
>
>
> H_323 Always On tcp/udp 1718 - 1721 1718 - 1721
> 192.168.1.15
> H245_Q931 Always On tcp 30000 - 32000 30000 - 32000
> 192.168.1.15
> RTP Always On udp 1024 - 60200 1024 - 60200 192.168.1.15
>
>
>
>
> Problem 1:
> =======
>
> The moment I add the lines below for external calls, a few of my endpoints
> suddenly cannot register and get the messages below that:
> ExternalIP=mydomain.co.za
> ExternalIsDynamic=1
>
> 2009/10/27 11:09:06.644 2   RasSrv.cxx(175)   RAS     Read from
> 192.168.1.70:1719
> 2009/10/27 11:09:06.645 2   RasSrv.cxx(226)   RAS     Received GRQ from
> 192.168.1.70:1719
> 2009/10/27 11:09:06.645 1   RasSrv.cxx(354)   RAS     GRQ Received from
> 192.168.1.70:1719
> 2009/10/27 11:09:06.646 2   RasSrv.cxx(394)  
> GCF|192.168.1.70|5678|terminal;
> 2009/10/27 11:09:06.646 2   RasSrv.cxx(238)   RAS     Send GCF to
> 192.168.1.70:1719
>
> The systems that fail after I add the lines are Aethra Maia XC and Aethra
> Vega X3 running version 1.5.23 and 12.1.10 software respectively.
>
> Q> Does this mean that in Proxy mode the gatekeeper needs two NICs, one
> facing the external network and one facing the internal private side?
>
> I assume this will cure the endpoints failing to register.
>
> Problem 2:
> =======
>
> I am using Polycom PVX internally and can do calls to an external IP
> just fine, but external systems cannot call into my internal endpoints.
>
> Here is my config:
>
> [Gatekeeper::Main]
> Fourtytwo=42
> TimeToLive=60
> ExternalIP=mydomain.co.za
> ExternalIsDynamic=1
> DefaultDomain=mydomain.co.za
>
> [RoutedMode]
> GKRouted=0
> H245Routed=0
> AcceptUnregisteredCalls=1
> Q931PortRange=30000-30999
> H245PortRange=31000-31999
>
> [Proxy]
> Enable=1
> ProxyAlways=1
> InternalNetwork=192.168.1.0/16
> T120PortRange=50000-59999
> RTPPortRange=1024-65535
> ProxyForNAT=1
>
> [GkStatus::Auth]
> rule=allow
>
> [RoutingPolicy]
> default=explicit,internal,dns,catchall
>
> [Routing::CatchAll]
> CatchAllAlias=1234
>
> [RasSrv::LRQFeatures]
> AcceptNonNeighborLRQ=1
>
> [RasSrv::RRQFeatures]
> SupportDynamicIP=1
>
>
> The moment I enable GkRouted or H245Routed in [RoutedMode] nothing works.
>
> Do I need to modify my CName DNS records to point to my extensions like so:
>
> 1234@      points to    mydomain.co.za
>
> At the moment if I call from an external unregistered public IP to any
> of my extensions I get a "No route to destination" message.
>
> Once this is all working:
> ===============
>
> I assume that external unregistered callers will be able to call to any
> of the internal extensions by using extension@....
>
> I'd also like to send all incomming calls to mydomain.co.za to a
> specific extension specified in the CatchAllAllias setting to create a
> receptionist effect.
>
>
> I have been battling this one for a week now. Any help or guidance will
> be rewarded.
>
> MadDogMike
>
>
>
> ------------------------------------------------------------------------------
> Come build with us! The BlackBerry(R) Developer Conference in SF, CA
> is the only developer event you need to attend this year. Jumpstart your
> developing skills, take BlackBerry mobile applications to market and stay
> ahead of the curve. Join us from November 9 - 12, 2009. Register now!
> http://p.sf.net/sfu/devconference
> _______________________________________________________
>
> Posting: mailto:Openh323gk-users@...
> Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users
> Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users
> Homepage: http://www.gnugk.org/
>
>  

> First of all it may be helpful to run WireShark or tcpdump on the gatekeeper to see if you are receiving any packets from the WAN endpoints. Try having your WAN EPs dial just the IP address your GK while watching the packets and see if you get anything.
>
> Secondly, it has been my experience that the <E.164>@<IP address> dialing format does not work for all end points. Actually, for me it only works for xMeeting. You may need to try some alternate dialing strings such as <IP address>##<E.164>.
>
> Andrew
>
> -----Original Message-----
> From: Michael Bondi [mailto:mike@...]
> Sent: Tuesday, October 27, 2009 6:42 AM
> To: GNU Gatekeeper Users
> Subject: Re: [Openh323gk-users] Proxy and a single NIC? CatchAll
>
> Simon,
>
> I removed the ExternalIP and ExternalIsDynamic and DefaultDomain settings and the suspect endpoints register fine now, so Problem 1 solved!
>
> Whats more, I can place calls from LAN to WAN no problem.
>
> Problem 2 still exists, I cannot get calls from WAN to reach LAN endpoints. This also affects the catchall/receptionist scenario I am looking for.
>
> I have moved DNS to the front of the routing policy and removed the Cname records for the extensions in the DNS records.
>
> When I make a call to user@... or 1234@... or even just mydomain.co.za or xxx.xxx.xxx.xxx I cannot see anything happening in the trace on gnugk even though AcceptUnregisteredCalls=1 and AcceptNonNeighborLRQ=1
>
> How do I see if an external call is hitting the gnugk?
>
> Any other pointers? seems I am almost there...
>
>
> ------------------------------------------------------------------------------
> Come build with us! The BlackBerry(R) Developer Conference in SF, CA
> is the only developer event you need to attend this year. Jumpstart your
> developing skills, take BlackBerry mobile applications to market and stay
> ahead of the curve. Join us from November 9 - 12, 2009. Register now!
> http://p.sf.net/sfu/devconference
> _______________________________________________________
>
> Posting: mailto:Openh323gk-users@...
> Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users
> Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users
> Homepage: http://www.gnugk.org/
>
>  

> First of all it may be helpful to run WireShark or tcpdump on the gatekeeper to see if you are receiving any packets from the WAN endpoints. Try having your WAN EPs dial just the IP address your GK while watching the packets and see if you get anything.
>
> Secondly, it has been my experience that the <E.164>@<IP address> dialing format does not work for all end points. Actually, for me it only works for xMeeting. You may need to try some alternate dialing strings such as <IP address>##<E.164>.
>
> Andrew
>
> -----Original Message-----
> From: Michael Bondi [mailto:mike@...]
> Sent: Tuesday, October 27, 2009 6:42 AM
> To: GNU Gatekeeper Users
> Subject: Re: [Openh323gk-users] Proxy and a single NIC? CatchAll
>
> Simon,
>
> I removed the ExternalIP and ExternalIsDynamic and DefaultDomain settings and the suspect endpoints register fine now, so Problem 1 solved!
>
> Whats more, I can place calls from LAN to WAN no problem.
>
> Problem 2 still exists, I cannot get calls from WAN to reach LAN endpoints. This also affects the catchall/receptionist scenario I am looking for.
>
> I have moved DNS to the front of the routing policy and removed the Cname records for the extensions in the DNS records.
>
> When I make a call to user@... or 1234@... or even just mydomain.co.za or xxx.xxx.xxx.xxx I cannot see anything happening in the trace on gnugk even though AcceptUnregisteredCalls=1 and AcceptNonNeighborLRQ=1
>
> How do I see if an external call is hitting the gnugk?
>
> Any other pointers? seems I am almost there...
>
>
> ------------------------------------------------------------------------------
> Come build with us! The BlackBerry(R) Developer Conference in SF, CA
> is the only developer event you need to attend this year. Jumpstart your
> developing skills, take BlackBerry mobile applications to market and stay
> ahead of the curve. Join us from November 9 - 12, 2009. Register now!
> http://p.sf.net/sfu/devconference
> _______________________________________________________
>
> Posting: mailto:Openh323gk-users@...
> Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users
> Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users
> Homepage: http://www.gnugk.org/
>
>  

> Michael,
>
> you are sending calls to port 1720 on your GnuGk server, but GnuGk
> still listens to its default port 1721.
>
> Add this to your config:
>
> [RoutedMode]
> CallSignalPort=1720
>
> Regards,
> Jan
>
>
> Michael Bondi wrote:
>  
>> An update,
>>
>> I rebuilt the gnugk on an Ubuntu machine so I could run EtherApe and
>> Wireshark on the gnugk.
>>
>> The gnugk is definitely receiving calls from the WAN if I use
>> 1234@... or simply mydomain.co.za, but not passing them to
>> the LAN endpoint. Etherape shows the call coming in and hitting the
>> gnugk as well as Wireshark is registering the connect attempt from the WAN.
>>
>> When I call from LAN to external IPs I can see the call being proxied by
>> the gnugk using Etherape
>>
>> Wireshark trace attached. 66.8.123.202 is the unregistered WAN endpoint.
>>
>> Could someone please correct my config if it is incorrect:
>>
>> [Gatekeeper::Main]
>> Fortytwo=42
>>
>> [GkStatus::Auth]
>> rule=allow
>>
>> [RoutedMode]
>> GKRouted=1
>> H245Routed=1
>> AcceptUnregisteredCalls=1
>>
>> [Proxy]
>> Enable=1
>> InternalNetwork=192.168.1.0/255.255.255.0
>>
>> [RoutingPolicy]
>> default=dns,explicit,internal,parent,neighbor,catchall
>>
>> [Routing::CatchAll]
>> CatchAllAlias=1234
>>
>> [RasSrv::LRQFeatures]
>> AcceptNonNeighborLRQ=1
>>
>>
>> Many thanks
>>
>> Mike
>>
>>
>>
>>
>>
>> Andrew Struiksma wrote:
>>    
>>> First of all it may be helpful to run WireShark or tcpdump on the gatekeeper to see if you are receiving any packets from the WAN endpoints. Try having your WAN EPs dial just the IP address your GK while watching the packets and see if you get anything.
>>>
>>> Secondly, it has been my experience that the <E.164>@<IP address> dialing format does not work for all end points. Actually, for me it only works for xMeeting. You may need to try some alternate dialing strings such as <IP address>##<E.164>.
>>>
>>> Andrew
>>>
>>> -----Original Message-----
>>> From: Michael Bondi [mailto:mike@...]
>>> Sent: Tuesday, October 27, 2009 6:42 AM
>>> To: GNU Gatekeeper Users
>>> Subject: Re: [Openh323gk-users] Proxy and a single NIC? CatchAll
>>>
>>> Simon,
>>>
>>> I removed the ExternalIP and ExternalIsDynamic and DefaultDomain settings and the suspect endpoints register fine now, so Problem 1 solved!
>>>
>>> Whats more, I can place calls from LAN to WAN no problem.
>>>
>>> Problem 2 still exists, I cannot get calls from WAN to reach LAN endpoints. This also affects the catchall/receptionist scenario I am looking for.
>>>
>>> I have moved DNS to the front of the routing policy and removed the Cname records for the extensions in the DNS records.
>>>
>>> When I make a call to user@... or 1234@... or even just mydomain.co.za or xxx.xxx.xxx.xxx I cannot see anything happening in the trace on gnugk even though AcceptUnregisteredCalls=1 and AcceptNonNeighborLRQ=1
>>>
>>> How do I see if an external call is hitting the gnugk?
>>>
>>> Any other pointers? seems I am almost there...
>>>      
>
>