Call signaling messages may be passed in two ways:
The first method is Direct Endpoint Call Signaling, where
call signaling messages are passed directly between the endpoints.
The second method is Gatekeeper Routed Call Signaling. With this second method,
the call signaling messages are routed through the gatekeeper.
When Gatekeeper Routed Call Signaling is used, there are three different options for routing
the H.245 channel and media channels.
This section defines the gatekeeper routed mode options (case I & II).
The proxy feature is defined in the
[Proxy] section.
The settings in this section may be updated by reloading the configuration while the gatekeeper is running.
GKRouted=1
Default: 0
Enables gatekeeper routed signaling mode.
H245Routed=1
Default: 0
Enables routing of the H.245 control channel through the gatekeeper.
This setting is honored if GKRouted=1 and H.245 tunneling is disabled
for a call. Even when this option is disabled, if Proxy or ProxyForNAT
takes effect, a H.245 channel is always routed through the gatekeeper
for calls being proxied.
CallSignalPort=1721
Default: 1720
The port for call signaling on the gatekeeper.
You may set it to 0 to let the gatekeeper choose an arbitrary port.
TLSCallSignalPort=1300
Default: 1300
The port where GnuGk should listen for TLS (transport layer security) signaling,
if enabled in the
[TLS] section.
CallSignalHandlerNumber=10
Default: 5
The number of threads dedicated to handle signaling/H.245 channels (between 1-200).
You may increase this number in a heavy loaded gatekeeper. Each thread
can process one signaling message at time, so increasing this number
will increase call throughput. Under Windows, there exists a default limit
of 64 sockets used by a single signaling thread, so each signaling thread
is able to handle at most 32 calls (with H.245 tunneling enabled).
RtpHandlerNumber=2
Default: 1
The number of RTP proxy handling threads. Increase this value only if you
experience problems with RTP delay or jitter on a heavily loaded gatekeeper.
Special care has to be taken on Windows, as RTP handling threads are subject
to the same limit of 64 sockets as signaling threads. Thus on Windows each RTP thread is
able to handle at most 32 proxied calls (2 sockets per call).
AcceptNeighborsCalls=1
Default: 1
With this feature enabled, the call signaling thread will accept calls
without a pre-existing CallRec found in the CallTable, provided an endpoint
corresponding to the destinationAddress in Setup can be found in the
RegistrationTable, and the calling party is a neighbor or parent gatekeeper.
The gatekeeper will also use its own call signaling address in the LCF
when responding to the LRQ. Call signaling will be routed
to gatekeeper 2 in gatekeeper-to-gatekeeper calls.
As a result, the CDRs in gatekeeper 2 will correctly show the connected
time, instead of 'unconnected'.
AcceptUnregisteredCalls=1
Default: 0
With this feature enabled, the gatekeeper will accept calls
from any unregistered endpoint.
Make sure you do proper authentication on these calls if you
don't want to let everybody use your gatekeeper.
When working with unregistered endpoints, you will probably also want
to change the CallSignalPort to 1720.
RemoveH245AddressOnTunneling=1
Default: 0
Some endpoints send h245Address in the UUIE of Q.931 even when h245Tunneling
is set to TRUE. This may cause interoperability problems. If the option
is TRUE, the gatekeeper will remove h245Address when h245Tunneling flag
is TRUE. This enforces the remote party to stay in tunneling mode.
RemoveH245AddressFromSetup=1
Default: 0
With this switch GnuGk will strip H.245 addresses from incoming Setup messages
to avoid interoperability issues.
DisableH245Tunneling=1
Default: 0
Force both sides of a call to disable H.245 tunneling.
H245TunnelingTranslation=1
Default: 0
Allow one side of a call to use H.245 tunneling even if the other side does
not, with the gatekeeper performing the appropriate H.245 message
conversion. This will reduce the number of ports required on the tunneling
side of the connection.
RemoveCallOnDRQ=0
Default: 1
With this option disabled, the gatekeeper will not disconnect a call
if it receives a DRQ for it. This avoids potential race conditions when
a DRQ overtakes a Release Complete.
This is only meaningful in routed mode because in direct mode, the only
mechanism to signal end-of-call is a DRQ.
When using call failover this must be set to 0.
DropCallsByReleaseComplete=1
Default: 0
According to Recommendation H.323, the gatekeeper could tear down a call
by sending RAS DisengageRequest to endpoints.
However, some bad endpoints just ignore this command.
With this option turning on, the gatekeeper will send Q.931
Release Complete instead of RAS DRQ to both endpoints to force them
drop the call.
SendReleaseCompleteOnDRQ=1
Default: 0
On hangup, the endpoint sends both Release Complete within H.225/Q.931 and
DRQ within RAS. It may happen that DRQ is processed first, causing the
gatekeeper to close the call signaling channel, thus preventing the
Release Complete from being forwarding to the other endpoint.
Though the gatekeeper closes the TCP channel to the destination,
some endpoints (e.g. Cisco CallManager) don't drop the call even if
the call signaling channel is closed.
This results in phones that keep ringing if the caller hangs up
before the called number answers.
Setting this parameter to 1 makes the gatekeeper always send
Release Complete to both endpoints before closing the call when
it receives a DRQ from one of the parties.
SupportNATedEndpoints=1
Default: 0
Whether to allow an endpoint behind a NAT box register to the gatekeeper.
If yes, the gatekeeper will translate the IP address in Q.931 and H.245
channel into the IP of NAT box.
GnuGk supports NAT outbound calls (from an endpoint behind NAT
to public networks) directly without any necessary modification
of endpoints or NAT box. Just register the endpoint with GnuGk
and you can make call now.
SupportCallingNATedEndpoints=0
Default: 1
Whether to allow an endpoint behind an NAT box that support GnuGk NAT Traversal
technique to receive calls. Use this to block errant gateways that do not support
GnuGk Nat Traversal technique properly from causing one way audio problems when
trying to call to the gateway. Calls to the gateways return caller unreachable.
To be effective SupportNATedEndpoints must be set to 1.
TreatUnregisteredNAT=1
Default: 0
Used in conjunction with AcceptUnregisteredCalls and SupportNATedEndpoints will
automatically treat all unregistered calls which cannot be determined as
being NAT are treated as being NAT.
Not all Endpoints send sourceSignalAddress in the setup message which can
be used to determine whether a caller is NAT. This adds support to those that
don't.
ScreenDisplayIE=MyID
Default: N/A
Modify the DisplayIE of Q.931 to the specified value.
If you set the switch to "Calling", the DisplayIE of the calling party is set to the CallingStationID
and with "Called" the respective is done to DisplayIEs from the called party.
"Setting it to "CallingCalled" rewrites all DisplayIEs to the Calling/CalledStationID.
If you set the switch to "Delete" all DisplayIEs will be removed.
AppendToDisplayIE=SomeText
Default: N/A
When ScreenDisplayIE= is set, this text is appended to the new DisplayIE.
PrependToDisplayIE=SomeText
Default: N/A
When ScreenDisplayIE= is set, this text is prepended to the new DisplayIE.
ScreenCallingPartyNumberIE=0965123456
Default: N/A
Modify the CallingPartyNumberIE of Q.931 to the specified value.
When you set the string to RegisteredAlias, GnuGk will set it to the first registered E.164,
falling back to the first alias if the endpoint doesn't have an E.164 registered
or the empty string if the endpoint isn't registered.
[email protected]
Default: N/A
Append this string to the CallingPartyNumberIE when ScreenCallingPartyNumberIE=RegisteredAlias.
The following placeholders will be replaced:
%{gkip} - IP address of the gatekeeper%{external-ip} - external IP, if configured
ScreenSourceAddress=MyID
Default: N/A
Modify the sourceAddress field of UUIE element from Q.931 Setup message.
ForwardOnFacility=1
Default: 0
If set, the gatekeeper will forward calls directly to the forwarded endpoint when it receives a
Q.931 Facility with reason callForwarded, routeCallToGatekeeper or routeCallToMC,
instead of passing the message back to the caller.
If you have broken endpoints that can't handle Q.931 Facility with reason
callForwarded (or the other reasons), turn on this option. Note that this feature
may not always work correctly, as it does not provide any means
of capability renegotiation and media channel reopening.
The call is only forwarded if the forwarder is the called party and
the H.245 channel is not established, yet.
RerouteOnFacility=1
Default: 0
If set, GnuGk will translate received Q.931 Facility with reason callForwarded or routeCallToMC
into gatekeeper based call reroutes. This will enable call transfers for established calls with almost all endpoints,
even those that do not understand how to process call transfers by themselves.
H.245 tunneling should be disabled for rerouting ([RoutedMode] DisableH245Tunneling=1) as well as media encryption (RemoveH235Call=1).
ShowForwarderNumber=0
Default: 0
Whether to rewrite the calling party number to the number of forwarder.
It's usually used for billing purpose.
Only valid if ForwardOnFacility=1.
Q931PortRange=20000-20999
Default: N/A (let the OS allocate ports)
Specify the range of TCP port number for Q.931 signaling channels.
Note the range size may limit the number of concurrent calls.
Make sure this range is wide enough to take into account TIME_WAIT
TCP socket timeout before a socket can be reused after closed.
TIME_WAIT may vary from 15 seconds to a few minutes, depending on an OS.
So if for example your range is 2000-2001 and you made two calls, the next two calls can be
made after TIME_WAIT timeout elapses and the sockets can be reused.
The same applies to H245PortRange and T120PortRange. TIME_WAIT
can be usually tuned down on most OSes.
H245PortRange=30000-30999
Default: N/A (let the OS allocate ports)
Specify the range of TCP port number for H.245 control channels.
Note the range size may limit the number of concurrent calls.
See remarks about TIME_WAIT socket state timeout in the Q931PortRange
description.
SetupTimeout=4000
Default: 8000
A timeout value (in milliseconds) to wait for a first message (Setup)
to be received after a signaling TCP channel has been opened.
SignalTimeout=10000
Default: 30000
A timeout value (in milliseconds) to wait for a signaling channel
to be opened after an ACF message is sent or to wait for an Alerting
message after a signaling channel has been opened. This option
can be thought as a maximum allowed PDD (Post Dial Delay) value.
AlertingTimeout=60000
Default: 180000
A timeout value (in milliseconds) to wait for a Connect message
after a call entered Alerting state. This option can be thought
as a maximum "ringing time".
TcpKeepAlive=1
Default: 0
Enable/disable keepalive feature on TCP signaling sockets. This can
help to detect inactive signaling channels and prevent dead calls from hanging
in the call table. For this option to work, you also need to tweak system
settings to adjust keep alive timeout. See docs/keepalive.txt for more details.
If this switch is not present in the configuration, the socket is left untouched.
TranslateFacility=1
Default: 0
Enable this option if you have interoperability problems between H.323v4
and non-H.323v4 endpoints. It converts Facility messages with reason = transportedInformation
into Facility messages with an empty body, because some endpoints do not
process tunneled H.245 messages inside Facility, if the body is not empty.
The conversion is performed only when necessary - if both endpoints are v4
or both endpoints are pre-v4, nothing is changed.
FilterEmptyFacility=1
Default: 0
Filter out Facility messages with reason transportedInformation, but without
h245Control or h4501SupplementaryService field. Needed for Avaya interop.
SocketCleanupTimeout=1000
Default: 5000
Define time to wait before an unused socket is closed (if it is not yet closed)
and deleted (its memory is released). If you use very small port ranges, like
a few ports (e.g. RTPPortRange=2000-2009), you may want to decrease this value
to get sockets reusable faster.
ActivateFailover=1
Default: 0
Activate call failover: When activated, GnuGk will try to find
other possible routes to a destination if the call fails on the
first route. The list of routes for a call is built when the call
first comes in and currently not all routing policies are able to
provide multiple routes.
You can use the 'internal' and the 'sql' policy to provide multiple routes.
In addition to that multiple routes can be set by SQL and Radius authenticators.
For accounting of calls using failover, see the SingleFailoverCDR
switch in the
[CallTable] section.
FailoverCauses=1-15,21-127
Default: 1-15,21-127
Define which cause codes in a ReleaseComplete will trigger
call failover.
DisableRetryChecks=1
Default: 0
This will disable all checks if a failed call has already received
FastStart or H.245 messages. Caution: Using this switch enables you
to retry more calls, but you run the risk that some of the retried
calls will fail because the caller is already in a state where he
can't talk to a new partner.
CalledTypeOfNumber=1
Default: N/A
Sets Called-Party-Number type of number to the specified value
for all calls
(0 - UnknownType, 1 - InternationalType, 2 - NationalType,
3 - NetworkSpecificType, 4 - SubscriberType, 6 - AbbreviatedType, 7 - ReservedType).
CallingTypeOfNumber=1
Default: N/A
Sets Calling-Party-Number type of number to the specified value
for all calls
(0 - UnknownType, 1 - InternationalType, 2 - NationalType,
3 - NetworkSpecificType, 4 - SubscriberType, 6 - AbbreviatedType, 7 - ReservedType).
CalledPlanOfNumber=1
Default: N/A
Sets Called-Numbering-Plan of number to the specified value
(0 - UnknownType, 1 - ISDN, 3 - X.121 numbering, 4 - Telex, 8 - National standard, 9 - private numbering).
CallingPlanOfNumber=1
Default: N/A
Sets Calling-Numbering-Plan of number to the specified value
(0 - UnknownType, 1 - ISDN, 3 - X.121 numbering, 4 - Telex, 8 - National standard, 9 - private numbering).
ENUMservers=e164.arpa
Default: N/A
Sets the enum server list in priority order separated by (,) for the enum policy.
This overrides the PWLIB_ENUM_PATH environmental variable.
RDSservers=myvirtualhost.com
Default: N/A
Use this to specify a RDS server to query for rds routing policy.
This set the domains to use to resolve URI's which do not have SRV records and
may be virtually hosted or where SRV records are stored in another host.
This overrides the PWLIB_RDS_PATH environmental variable.
CpsLimit=10
Default: 0
Limit the rate of incoming calls to n calls per second. If more calls are received they are
rejected at the TCP level without H.323 error messages, so they won't show up in CDRs.
A value of zero (default) disables the feature.
The limit only applies if the calls in the check interval are greater than check-interval * CPS-rate. This allows small call spikes on a machine without much load, but will apply strict limits when the overall load is high.
This feature is meant to shield the gatekeeper from overload and to avoid as much resource usage a possible in an overload situation.
Currently the calls are blocked when the first message comes in on the signaling port. This makes it
very effective for unregistered calls. However, ARQs are not blocked, so it will be less effective with
registered calls.
CpsCheckInterval=1
Default: 5
Define the check interval in seconds before the CpsLimit is applied.
GenerateCallProceeding=1
Default: 0
When set, GnuGk will generate a CallProceeding for each Setup message it receives.
This can be helpful to avoid a timeout in calling endpoints if the destination takes
a long time to answer or the call is processed in a virtual queue. Without setting
UseProvisionalRespToH245Tunneling=1 this will disable H.245 tunneling.
CallProceeding messages sent by endpoints or gateways will be translated into Facility
or Progress messages.
UseProvisionalRespToH245Tunneling=1
Default: 0
WARNING: This is an experimental feature and not tested very well.
If you only use H.323 equipment that supports provisionalRespToH245Tunneling,
you can set this switch to keep H.245 tunneling enabled when using gatekeeper
generated CallProceeding.
EnableH450.2=1
Default: 0
When set, GnuGk will intercept H.450.2 call transfer messages and if possible transfer
the call on behalf of the endpoint. This allows the endpoint initiated transferring of
calls where the remote endpoint may not support H.450 and the gatekeeper initiates the
call transfer.
H4502EmulatorTransferMethod=Reroute
Default: callForwarded
Set the call transfer method for the H.450.2 emulator.
It defaults to sending a callFordwarded Facility to the endpoint.
Setting it to "Reroute" uses a gatekeeper based TCS=0 transfer. ("Reroute" is still considered and experimental feature, that should be used with care.)
TranslateReceivedQ931Cause=17:=34
Default: N/A
Translate all received cause codes in ReleaseComplete messages.
In the above example code 17 (User busy) will be translated into cause code 34 (No circuit/channel available).
TranslateSentQ931Cause=21:=34,27:=34
Default: N/A
Translate all cause codes in ReleaseComplete messages sent out.
In the above example code 21 and 27 will be translated into cause code 34, because this particular gateway might deal with error code 34 better than with others.
RemoveH235Call=1
Default: 0
For compatibility with endpoints which do not support large Setup messages
or if endpoints send incorrect H.235 tokens,
this switch removes all clearTokens and cryptoTokens from Setup and Connect messages.
If you turn the feature on with setting the switch to 1, the H.235 tokens will be removed from all calls.
You can also specify a list of networks, the only calls from these networks get the H.235 tokens removed,
eg. RemoveH235Call=192.168.1.0/24, 10.0.1.0/32.
RemoveH460Call=1
Default: 0
For compatibility with pre-H323v4 devices that do not support H.460,
this switch strips the H.460 feature advertisements from the Setup PDU.
Usually they should be ignored anyway; use this switch if they cause trouble.
EnableGnuGkNATTraversal=1
Default: 0
Enable support for GnuGk's old NAT traversal method for legacy endpoints.
You should use H.460.17/.18/.19 for new installations.
ForceNATKeepAlive=1
Default: 0
Force all non-H.460 registrations to use GnuGk's old NAT traversal method, even when they don't appear to be NATed. Only available when GnuGk's NAT traversal method is enabled.
EnableH46017=1
Default: 0
Enable support for H.460.17. To enable H.460.19 for the media stream, you should also set EnableH46018=1.
EnableH46018=1
Default: 0
Enable support for H.460.18 and H.460.19. This feature is covered by patents held by Tandberg.
If you don't use the official releases by the GNU Gatekeeper Project, make sure you have a
valid license before enabling it.
H46018KeepAliveInterval=19
Default: 19
Set the H.460.18 keep-alive interval used for H.460.19 endpoints and in H.460.18 traversal zones with neighbors.
H46018NoNat=0
Default: 1
Enable H.460.18 even if the endpoint is not behind a NAT. Setting to 0 will
disable H.460.18 if the endpoint is detected as not being behind a NAT. If H.460.23 is supported
and enabled then direct media is still supported.
EnableH245Multiplexing=1
Default: 0
Enable H.245 multiplexing for H.460.18 endpoints.
H245MultiplexPort=3006
Default: 1722
Set the TCP port to be used for H.245 multiplexing.
EnableH46023=1
Default: 0
Enable support for H.460.23/.24. You must also set STUN servers for H.460.23/.24 to become active.
H46023STUN=stun.ekiga.net,192.168.1.10
Default: N/A
Sets the STUN server list for use with H.460.23 separated by (,).
Each Network interface must have a STUNserver set for H.460.23 support on that interface.
H46023PublicIP=1
Default: 0
Newer endpoints on public IP addresses can receive calls from endpoints behind NAT. This feature when
enabled will presume all endpoints that are not NAT can receive calls from endpoints behind NAT for the
purpose of H.460.24 media pathway calculations so to avoid proxying of media. This maybe used in conjunction
with AlwaysRewriteSourceCallSignalAddress=0 to trick the remote endpoint to think that the call is coming direct
from behind NAT and not routed via the gatekeeper.
H46023SignalGKRouted=1
Default: 0
Force all call signaling for NAT to be GK routed. There are a number of conditions where call signaling may be
offloaded when using H.460.23/.24 This switch will force all the signaling to be Gatekeeper routed.
H46024ForceDirect=1
Default: 0
Force all media to NOT proxy if the remote NAT status cannot be determined. Most (not all) H.323 devices are
able if on a public IP to receive calls from endpoints that are behind NAT. Use this switch with caution.
H46024ForceNat=1
Default: 0
Where an endpoint is detected as being on the public internet force the device to appear as being firewalled.
This resolve inconsistent behaviour where firewalled endpoints on public IP appear not to be firewalled.
NATStdMin=18
Default: N/A
Require registering endpoints detected as being behind a NAT to support a Standard NAT Traversal mechanism.
When an endpoint registers from behind a NAT and does not support the minimum NAT standard then the registration
will be rejected with a reason neededFeatureNotSupported.
Valid values are "18" for H.460.18/.19 and "23" for H.460.23/.24
EnableH46026=1
Default: 0
Enable support for H.460.26 (media over TCP).
UseH46026PriorityQueue=0
Default: 1
Use a priority queue when sending to H.460.26 endpoints. It will batch RTP packets together and
make sure the endpoint isn't flooded with more messages than it can handle.
TranslateSorensonSourceInfo=1
Default: 0
Translate the non-standard caller information eg. from a Sorenson VP200 into sourceAddress and CallingPartyIE.
RemoveSorensonSourceInfo=1
Default: 0
Remove the non-standard caller information eg. from a Sorenson VP200 after translation.
RemoveFaxUDPOptionsFromRM=1
Default: 0
An Avaya Communication Manager 3.1 system equipped with TN2602AP media
processors becomes confused when it receives t38FaxUdpOptions in
t38FaxProfile of H.245 RequestMode. AddPac VoiceFinder is an example of an
application which does this. At that point, the TN2602AP will begin to send
larger T.38 packets than the receiver can process, resulting in facsimile
document distortion. This switch will remove t38FaxUdpOptions from
RequestMode, making the combination of Avaya Communication Manager 3.1
equipped and TN2602AP media processors compatible with endpoints which send
t38FaxUdpOptions in RM.
AlwaysRewriteSourceCallSignalAddress=0
Default: 1
When set to false or 0, GnuGk will not rewrite the sourceCallSignalAddress to its own IP in
routed mode. This helps some endpoints to get through NATs.
In proxy mode, the IP is always rewritten to GnuGk's IP, regardless of this switch.
AutoProxyIPv4ToIPv6Calls=0
Default: 1
Automatically put calls between different IP versions into full proxy mode.
Note that this auto detection only looks at the call signal addresses to make the decision.
It is possible that one endpoint decides to use H.245 or media IPs with a different IP version
later on and the call will fail if the receiving endpoint isn't capable of handling multiple
IP versions.
EnableH235HalfCallMedia=1
Default: 0
When the endpoint on one side of a call supports encryption and the endpoint
on the other side does not, the gatekeeper will act as a "man-in-the-middle"
and encrypt the media stream to the encryption-capable system. A decrypted
media stream will be sent to the endpoint which is otherwise unable to
encrypt / decrypt traffic because of licensing issues, lack of encryption
chip support in the hardware, obsolescence, etc. This may be useful if the
system you are trying to reach is on the Internet; your internal traffic can
remain unencrypted, but your external traffic will be secure.
Enabling this feature will force call signaling for all calls to
routed-mode, and will set it to proxy-mode for encrypted calls.
When not using RTP multiplexing, the caller and called endpoint must be on
different IPs and may not be behind the same NAT. The endpoints also must send
RTP from the same IP as their signalling messages.
As of Version 3.x of GnuGk, encryption of data channels is not supported.
RequireH235HalfCallMedia=1
Default: 0
Require at least one leg of the call to be encrypted.
(Terminate the call if both legs are unencrypted.)
H235HalfCallMaxTokenLength=2048
Default: 1024
Set the maximum token length for for H.235 half call media.
With 1024 bit tokens AES 128 encryption will be used. For token length greather than 1024 GnuGk will use AES 256.
EnableH235HalfCallMediaKeyUpdates=1
Default: 0
Update media keys after they have been used for too many operations to remain cryptographically safe.
This feature has only been tested GnuGk to GnuGk. It seems endpoints from most vendors do not
support key updates as defined in H.235.6.
Q931DecodingError=Drop
Default: Disconnect
Specify GnuGk's reaction to invalid Q.931 messages that it cannot decode.
Until version 3.1 GnuGk would "Disconnect" the connection to protect internal endpoints
from possibly malicious messages, but if you have some buggy endpoints that you can't get
fixed, it might be helpful just to "Drop" this Q.931 message that couldn't be decoded.
The last option to simply "Forward" the messages should be used with great care, since
invalid messages might cause your endpoints to crash or worse.
PregrantARQ=1
Default: 0
Use pre-ganted ARQ model: Endpoints don't have to send ARQ before a call and will save
one message round-trip in the call establishment. Endpoints that don't support this
H.323 version 2 feature and will keep sending ARQs as usual.
Note: When using this switch in a direct-mode configuration, you will loose almost
all control over your calls. When the gatekeeper is in routed-mode, calls without
ARQ can still be authenticated on the Setup message.
EnableH460P=1
Default: 0
WARNING: This is an experimental feature to support the not-yet-released H.460 presence standard.
ProxyHandlerHighPrio=0
Default: 1
Set the proxy handler for signalling connections to high priority.
In some virtual server configurations we have to turn this off
if PTLib fails with "pthread_setschedparam failed".
H225DiffServ=46
Default: 0
Set the DiffServ class (DSCP) for H.225 messages.
(On most Windows versions, setting the the DSCP this way won't work.)
H245DiffServ=46
Default: 0
Set the DiffServ class (DSCP) for H.245 messages.
(On most Windows versions, setting the the DSCP this way won't work.)
DisableFastStart=1
Default: 0
Remove fastStart elements from signalling messages so the endpoints
are not able to establish a fastStart connection.
DisableSettingUDPSourceIP=1
Default: 0
Let the OS decide the source IP for UDP packets. Needed in some rare network configurations,
but may break H.460.19 on interfaces with multiple IPs.
EnableGnuGkTcpKeepAlive=1
Default: 0
Send a empty TPKT keep-alive on all H.225 and H.245 connections. For calls using H.460.18,
these keep-alives are enabled automatically, without using this switch.
DisableGnuGkH245TcpKeepAlive=1
Default: 0
Disable the keep-alive on H.245 connections for non-H.460.18 connections
(needed due to interop issues with Polycom).
GnuGkTcpKeepAliveInterval=29
Default: 19
Set keep alive interval in seconds.
GnuGkTcpKeepAliveMethodH225=Status
Default: EmptyFacility
Set the message to be used for the keep alive on the H.225 connection when H.460.18 is not used.
Possible values: TPKT, EmptyFacility, Notify, Status, StatusInquiry, Information, None.
H460KeepAliveMethodH225=Status
Default: EmptyFacility
Set the message to be used for the keep alive on the H.225 connection when H.460.18 is used.
Possible values: TPKT, EmptyFacility, Notify, Status, StatusInquiry, Information, None.
GnuGkTcpKeepAliveMethodH245=TPKT
Default: UserInput
Set the message to be used for the keep alive on the H.245 connection when H.460.18 is not used.
Possible values: TPKT, UserInput, None.
H460KeepAliveMethodH245=TPKT
Default: UserInput
Set the message to be used for the keep alive on the H.245 connection when H.460.18 is used.
Possible values: TPKT, UserInput, None.
RedirectCallsToGkIP=1
Default: 0
Send a Facility redirect to callers when the destCallSIgnallAddress is not
one of the gatekeeper's own IPs or the external IP.
This can be used to redirect calls directly to the gatekeeper that have
been forwarded to it by a load balancer that needs to be removed from the
call path.
Note that this is incompatible with the 'explicit' routing policy and
endpoints won't be able to call any other IP via the gatekeeper than
the gatekeeper's own IP in many cases.
The section defines the H.323 proxy features. It means the gatekeeper will
route all the traffic between the calling and called endpoints, so there
is no traffic between the two endpoints directly. Thus it is very useful
if you have some endpoints using private IP behind an NAT box and some
endpoints using public IP outside the box.
The gatekeeper can do proxy for logical channels of RTP/RTCP (audio and video)
and T.120 (data). Logical channels opened by fast-connect procedures
or H.245 tunneling are also supported.
Enable=1
Default: 0
Whether to enable the proxy function. You have to enable gatekeeper
routed mode first (see the
previous section).
You don't have to specify H.245 routed.
It will automatically be used if required.
InternalNetwork=10.0.1.0/24
Default: N/A
If you want to override automatic detection of networks behind the proxy, you may do so by specifying them here.
Multiple internal networks are allowed.
Packets to internal networks will use the local interface as sender instead of the default IP or ExternalIP.
For internal networks, the proxying can be disabled, even when global proxying is activated.
- Format:
-
InternalNetwork=network address/netmask[,network address/netmask,...]
The netmask can be expressed in decimal dot notation or
CIDR notation (prefix length), as shown in the example.
- Example:
-
InternalNetwork=10.0.0.0/255.0.0.0,192.168.0.0/24
ProxyAlways=1
Default: 0
Always proxy all calls regardless of other settings.
T120PortRange=40000-40999
Default: N/A (let the OS allocate ports)
Specify the range of TCP port number for T.120 data channels.
Note the range size may limit the number of concurrent calls.
See remarks about TIME_WAIT socket state timeout in the Q931PortRange
description.
RTPPortRange=50000-59999
Default: 1024-65535
Specify the range of UDP port number for RTP/RTCP channels. Since RTP streams require two sockets, the range must contain an even number of ports.
Note that the size of the specified range may limit the number of possible concurrent calls.
ProxyForNAT=1
Default: 0
If set, the gatekeeper will function as a proxy for calls where one of the participating endpoints
is behind a NAT box. This ensures the RTP/RTCP stream can
penetrate into the NAT box without modifying it.
However, the endpoint behind the NAT box must use the same port
to send and receive RTP/RTCP stream.
If you have bad or broken endpoints that don't satisfy the precondition,
you should disable this feature and let the NAT box forward
RTP/RTCP stream for you.
ProxyForSameNAT=1
Default: 0
Whether to proxy for calls between endpoints from the same NAT box.
There is a degree of uncertainty when endpoints are behind the same NAT as to
whether they can communicate directly as one or both may be on subNATs. Disable
this feature with caution.
EnableRTPMute=1
Default: 0
This setting allows either call party in media proxy mode to mute the
audio/video by sending a * as either string or tone.userinput. The sending
of * mutes the audio/video and a subsequent send of * unmutes the
audio/video. Only the party who muted the call can unmute. This is designed
as a hold function for terminals which do not support H450.4.
EnableRTCPStats=1
Default: 0
When enabled, GnuGk will collect RTCP sender reports (eg. to send them to a Radius server).
RemoveMCInFastStartTransmitOffer=1
Default: 0
Remove the mediaChannel from fastStart transmit offers.
For unicast transmit channels, mediaChannel should not be sent on offer;
it is the responsibility of the callee to provide mediaChannel in an answer.
SearchBothSidesOnCLC=1
Default: 0
The H.245 CloseLogicalChannel request should only reference the
endpoint's own logical channels.
Some bad endpoint implementations require searching and closing
logical channels for the other endpoint as well.
Up to version 2.3.0 GnuGk did this automatically, but it can break
channel establishment in some cases, so you must enable this
switch if you have these broken endpoints.
CheckH46019KeepAlivePT=0
Default: 1
Verify the correct payload type on H.460.19 keep alive packets.
Disable for endpoints advertising an incorrect payload type.
RTPMultiplexing=1
Default: 0
Enable H.460.19 RTP multiplexing. H.460.19 must be enabled for multiplexing.
NOTE: To change RTP multiplexing settings, including ports, you must restart GnuGk.
A configuration reload will not re-read this configuration item.
RTPMultiplexPort=4000
Default: 3000
Set the RTP port for H.460.19 RTP multiplexing.
RTCPMultiplexPort=4001
Default: 3001
Set the RTCP port for H.460.19 RTP multiplexing.
RTPDiffServ=46
Default: 4
Set the DiffServ class (DSCP) for proxied RTP. The default value corresponds to the
old IPTOS_LOWDELAY flag we have used previously. New installations should use
eg. 46 which is DSCP EF reccomended for RTP. For IPv6 packets the TCLASS is set.
(On most Windows versions, setting the the DSCP this way won't work.)
ExplicitRoutes=10.2.1.5/16,10.6.1.3/16,11.0.0.0/8-20.1.1.1
Default: n/a
Add explicit routing rules to GnuGk's internal routing table.
Rules can have 2 formats: sourceIP/mask or network/mask-sourceIP.
The above example would use 10.2.1.5 as sender IP for all messages
to the 10.2.0.0/16 network and 10.6.1.3 for messages to the 10.6.0.0/16 network.
Messages to the 11.0.0.0/8 network get 20.1.1.1 as sender IP.
All sender IPs should be included in the list of Home IPs.
IgnoreSignaledIPs=1
Default: 0
Ignore all IPs for RTP streams signaled by the endpoints and rely 100% on port auto detection.
In some cases this results in much better NAT traversal for unregistered endpoints
and endpoints not capable of a NAT traversal protocol.
This feature gets automatically disabled for calls from endpoints using
H.460 NAT traversal and for H.239 video streams which are unidirectional
by nature so we can't use auto detection.
IgnoreSignaledPrivateH239IPs=1
Default: 0
Ignore IPs signaled for H.239 streams if they are private IPs.
IgnoreSignaledAllH239IPs=1
Default: 0
Ignore all public and private IPs/ports signaled for H.239 streams. For this to work the destination
of the H.239 stream must either send keepalive packets to aid port detection
or be included in the list of AllowSignaledIPs (see below).
IgnoreSignaledPublicH239IPsFrom=1.2.3.0/24,4.5.6.7
Default: n/a
Ignore all public and private IPs/ports signaled for H.239 streams for specific IPs or IP ranges.
AllowSignaledIPs=192.168.1.0/24,10.0.0.0/8
Default: n/a
When IgnoreSignaledIPs is active, don't ignore IPs from these networks
(eg. because they don't actively send an RTP stream and only provide a loopback).
This switch works best with public IPs.
AllowSignaledIPsFrom=10.0.0.0/8
Default: n/a
When IgnoreSignaledIPs is active, don't ignore IPs in messages received directly from these networks.
This switch looks at the IP where GnuGk received the message from, in contrast to AllowSignaledIPs=
which only looks at the IP inside the message.
AllowSignaledIPsFrom= works better than AllowSignaledIPs= to whitelist private IPs from your own
network that may also be inside messages from outside that happen to use the same private IPs behind a NAT.
AllowAnyRTPSourcePortForH239From=192.0.2.4
Default: n/a
Some devices signal an incorrect RTCP port for H.239 channels in OLC which leads GnuGk
to expect a different RTP port than they actually use.
For IPs or networks listed in this switch, GnuGk will receive and forward RTP from any source port
on the signalled IP for H.239 channels, regardless of the signalled ports.
This switch helps interop eg. with EdgeProtect gatekeepers or Radvision VC240 endpoints.
PortDetectionTimeout=5
Default: -1
When using port detection with IgnoreSignaledIPs=1, this switch lets GnuGk consider
the port detection as failed, if no packets could be forwarded within the first
n seconds after the channel was opened.
GnuGk will then send a CloseChannelRequest to both sides to let them close their channel
and fire a MediaFail accounting event.
A value <= zero disables the detection.
CachePortDetection=1
Default: 0
Cache port detection packets when IgnoreSignaledIPs= is active to achieve faster connection
establishment. This will probably only help with channels that are opened and closed
multiple times during a call, eg. H.239 channels.
For this to work, endpoints must adhere to the RTP rule that wthin an RTP session ports may not change during a call.
The cache is cleared when more than 2 different IPs have been seen on a single port or when the port is closed on the GnuGk side.
CachePortDetectionDuration=60
Default: 30
Duration in seconds how long port detection packets are cached.
UpdateCalledPartyToH225Destination=1
Default: 0
With this switch you can let GnuGk update the CalledPartyNumber element in outgoing
Setup messages to the first E.164 number of the H.225 destinationAddress or remove
it if none of the destinations is an E164 number. This is intended to aid
interoperability with gateways that use the CalledPartyNumber instead of the H.225
destinationAddress.
FilterVideoFastUpdatePicture=10
Default: 0
When endpoints notice that the video image quality is degrading, they can notify
the remote side with a H.245 VideoFastUpdatePicture message. The remote side usually
responds by sending a full I-Frame instead of partial image updates.
Usually thats a good thing. But in some cases having too many update requests
increases the bandwidth usage drastically and can worsen the situation.
When you set this switch to 1, GnuGk will allow 1 update request per second.
If you set it to 10, GnuGk will allow 1 request every 10 seconds.
RestrictRTPSources=IP
Default: n/a
Only accept RTP form the same IP where the call signaling goes to.
When Set to 'Net', RTP from the whole class C network (/24 netmask) is accepted
(or /64 netmask for IPv6).
This setting protects against RTP bleed atacks, but may break valid calls
where call signaling and RTP come from different IPs.
LegacyPortDetection=1
Default: 0
Keep legacy port detection help for some very old and broken endpoints.
Note: This will make your gatekeeper vulnerable to RTP Bleed attacks and is
a SECURITY RISK!
MatchH239SessionsByType=0
Default: 1
If GnuGk doesn't find the reverse channel for a new channel by RTP session ID, it will try to
look for a matching reverse channel by session type.
This helps some endpoints, especially for H.239, but may break some connections when endpoints
pick different RTP sessions and receiving ports for different directions of the same session
type (eg. some LifeSize endpoints and EdgeProtect devices).
MatchH239SessionsByIDOnly=192.0.2.4,10.0.0.0/8
Default: n/a
Never match the reverse H.239 channels by type on messages received from these IPs or networks.
This helps interoperability eg. with EdgeProtect devices.
AbortOnInvalidTPKT=0
Default: 1
By default GnuGk will abort a signaling connection when an invalid TPKT packet is received.
When you set this switch to 0, GnuGk will ignore the packet and try to continue.
AsteriskGWID=ACE
Default: ACE
Specific to Avaya support:
This switch sets the endpoint alias to identify the endpoint
(or gateway) where outgoing calls from Avaya phones are sent. Asterisk has to use this
alias for the registration at GnuGk.
AsteriskGWDN=1999
Default: 1999
Specific to Avaya support:
DISA application, for providing emulation of Avaya switch
functionality. These digits will automatically dialed from Avaya phones
to then start the digit collection.
So, if your bring up the handset or turn the speaker on, GnuGK will automatically
dial 1999@ACE, to fall into usual Avaya behavior - provide dialtone and
awaits the actual destination to be dialed by the user.
In routed mode or proxy mode, you may use this section to specify the exact routing mode
(routed mode, routed mode plus H.245 routing or proxy mode) on a per-IP network basis.
The network is specified by an IP plus optional CIDR, eg. 192.168.1.0/24.
The rule for the network with the longest netmask is used (the most specific).
The first mode is used for calls into and out of the specified network.
The second mode is used for calls that stay inside the network.
If only one mode is specified it is used for both cases.
If no rules match the settings then [RoutedMode]GkRouted=, H245Routed= or [Proxy]Enable= are used to determine the routing mode.
In routed mode or proxy mode, you may use this section to specify the exact routing mode
(routed mode, routed mode plus H.245 routing or proxy mode) on vendor specific basis.
The vendor information is collected from the H225_EndpointType field of the setup and connect message
The vendor is specified by an string matching value.
The rule for the longest string match is used (the most specific).
Possible modes are in accordance with the [ModeSelection] section above.
