|
Ceci est le manuel Français pour GNU Gatekeeper 2.2.1 (partially updated for 2.3.2).
Une version plus récente (Anglais) du manuel se trouve dans l'archive téléchargée de GnuGk.
Chapitres:
Contenu ·
Introduction ·
Installation ·
Pour commencer ·
Config basique ·
Routage ·
Config RAS ·
Authentification ·
Accounting ·
Voisins ·
Config par terminal ·
Config avancée ·
Surveillance
Les sections suivantes du fichier de configuration peuvent être utilisées
pour configurer comment les appels sont routés.
Chaque appel passe par une chaine de politiques de routage. Chaque politique peut router l'appel et ceci termine la chaine ou modifier l'appel et le transmettre. Vous pouvez utiliser ce paramètrage dans les sections suivantes pour spécifer quelles politiques vous voulez utiliser et modifier leur comportement.
Cette section explique comment les diverses politiques de routage possibles du gatekeeper fonctionnent.
Les demandes entrantes d'appel peuvent être routées de plusieurs manières:
explicit
La destination est explicitement indiquée dans la demande de routage.
internal
La règle classique; cherche la destination dans la RegistrationTable
parent
Route l'appel en utilisant des informations envoyées par le GK parent en
réponse à un ARQ que le gatekeeper enverra.
Vous pouvez défnir votre gatekeeper parent en utilisant la section
<@@ref>endpointEndpoint.
neighbor
Route l'appel en utilisant les voisins en échangeant des messages LRQ
dns
La destination est résolue par "DNS A records".
sql
Route les appels en réécrivant l'alias appelé par un appel à une base de données puis les envoie directement vers la destination IP. Les paramètres de la base de données sont spécifiés dans la section
Routing::Sql.
vqueue
Utilise le mécanisme de queue virtuelle et génère un
événement RouteRequest pour laisser une application externe faire le routage
numberanalysis
Provides support for overlapped digit sending for ARQ messages.
This also partially supports Setup messages (no overlapped sending
- only number length validation).
enum
ENUM (RFC3761) is a method to use DNS lookups to convert
real International Direct Dialing E.164 numbers into H.323 dialing information. The default servers
are e164.voxgratia.net, e164.org and e164.arpa.
To specify your own server you may either specify the list via the ENUMserver variable in
the RoutedMode section or specify an environmental variable PWLIB_ENUM_PATH with the address of your preferred
enum servers. Multiple servers should be separated by a colon(:) on Linux and a semicolon (;) on Windows.
(PWLIB_ENUM_PATH is supported starting with PWLib 1.8.0)
The enum policy replaces the destination with the information returned by the ENUM server,
so you must have the appropriate routing policies to continue processing the call after the enum policy.
You should have the srv and dns policies after the enum policy, because the new location is often
returned in the form of 'number@gatekeeper' and the srv and dns policies are needed to resolve this.
Finally, keep in mind that each routing check with the enum policy requires a DNS lookup.
To speed up your routing, make sure you resolve internal destinations before the enum policy is applied.
srv
DNS SRV or H.323 Annex O allows for the routing of calls using a H.323 URI.
Addresses can be configured as user (at) domain. H.323 URIs are stored in the
SRV DNS records of the domain and are queried to find the destination.
rds
URN RDS or Universal resources name resolver discovery system is a system (as defined in RFC 2915 Sect 7.2
whereby domain names SRV records are hosted on other domains. In this policy the servers set by
[RoutedMode] RDSServers are queried to resolve URI's whose domains do not have SRV records. This can be used
to virtually host URL domains or centralize the control of SRV records.
catchall
This policy will route all calls that reach it to one endpoint specified in the
Routing::CatchAll section.
You can use it as a fallback at the end of the policy chain to route all calls which would otherwise fail.
La configuration par défautj des politiques de routage est la suivante:
[RoutingPolicy]
default=explicit,internal,parent,neighbor
Si une politique ne correspond pas, la politique suivante est essayée.
Ces politiques peuvent être appliquées à un certain nombre de types de
requêtes de routage et de données d'entrée de routage. Les différents types sont:
ARQ, LRQ, Setup et Facility (avec la raison callForwarded)
Il y a aussi la politique de routage générale, qui est une sorte de valeur
par défaut pour les autres types.
- Exemple:
-
[RoutingPolicy]
h323_ID=dns,internal
002=neighbor,internal
Default=internal,neighbor,parent
Quand un des messages est reçu qui demande une décision de routage, tous les
appels à un alias du type h323_ID seront résolus en utilisant le DNS. Si le
DNS échoue à déterminer l'alias, il est comparé à la table
interne d'enregistrement. Si un appel est demandé pour un alias commençant
par 002, les voisins sont d'abord vérifiés puis la table interne
d'enregistrement. Si l'alias demandé n'est par un h323_ID ou un alias
commençant par 002, la politique par défaut est utilisée en recherchant
dans la table interne d'enregistrement, puis les voisins, et si çà
échoue le parent.
Pour les messages ARQ, LRQ, Setup et Facility on peut utiliser les sections
[RoutingPolicy::OnARQ], [RoutingPolicy::OnLRQ],
[RoutingPolicy::OnSetup] et [RoutingPolicy::OnFacility]
en utilisant la syntaxe expliquée ci-dessus.
- Exemple:
-
[RoutingPolicy::OnARQ]
default=numberanalysis,internal,neighbor
Une mise en place typique d'un routage ENUM ressemble à ceci:
- Exemple:
-
[RoutingPolicy]
default=explicit,internal,enum,srv,dns,internal,parent,neighbor
Cette section définit les règles de réécriture pour
dialedDigits (numéro E.164).
- Format:
-
[!]original-prefix=target-prefix
Si l'alias est original-alias, il est réécrit en tant que target-alias.
- Exemple:
-
bill=033123456
Cette section décrit la réécriture des dialedDigits des numéros
E.164 en fonction de la passerelle d'où provient l'appel ou vers où est
envoyé l'appel. Ceci permet une manipulation beaucoup plus flexible des
dialedDigits pour le routage, etc. En combinaison avec le
RasSrv::RewriteE164 vous pouvez avoir une
réécriture en trois étapes:
Appel de "gw1", dialedDigits 0867822
|
|
V
Règles d'entrée pour "gw1", dialedDigits now 550867822
|
|
V
Règles générales, dialedDigits maintenant 440867822
|
|
V
Sélection de passerelle, dialedDigits maintenant 440867822, passerelle de sortie "gw2"
|
|
V
Règles de sortie pour "gw2", dialedDigits maintenant 0867822
|
|
V
Appel de "gw2", dialedDigits 0867822
- Format:
-
gw-alias=in|out=[!]original-prefix=target-prefix[;in|out...]
Si l'appel correspond à la passerelle, la direction et commence par
original-prefix il est réécrit en target-prefix.
Si le drapeau `!' précède le original-prefix, le sens est
inversé.
Les caractères jokers spéciaux ('.' and '%') sont disponibles.
Des règles multiple pour une même passerelle doivent être
séparées par ';'.
- Exemple:
-
gw1=in=123=321
Si un appel est reçu de "gw1" à 12377897, il est réécrit
en 32177897 avant qu'une action supplémentaire ne soit prise.
Une fois que vous avez défini le(s) préfixe(s) pour votre terminal gatekeeper,
le gatekeeper parent routera les appels avec dialedDigits commençant par ces
préfixes.
Le gatekeeper fils peut réécrire la destination en accord avec les
règles définies dans cette section. Par contraste, quand un terminal interne
appelle un terminal enregistré dans le gatekeeper parent, la source sera
réécrite à l'envers.
- Format:
-
external prefix=internal prefix
Par exemple, si vous avez la configuration suivante,
[Parent GK]
ID=CitronGK
/ \
/ \
/ \
/ \
[Child GK] [EP3]
ID=ProxyGK E164=18888200
Prefix=188886
/ \
/ \
/ \
[EP1] [EP2]
E164=601 E164=602
Avec cette règle:
188886=6
Quand EP1 appelle EP3 avec 18888200, le CallingPartyNumber dans le Q.931 Setup
sera réécrit en 18888601. Inversement, EP3 peut atteindre EP1 et EP2
en appelant 18888601 et 18888602, respectivement. En conséquence, un
terminal enregistré auprès du GK fils avec le préfixe '6'
apparaîtra comme un terminal avec le préfixe '188886', pour les
terminaux enregistrés auprès du gatekeeper parent.
Cette section ne se rapporte pas à la section
RasSrv::RewriteE164,
bien que le plus récent prendra effet en premier.
Rewrite the called alias with a SQL query.
Supports routing OnARQ, OnLRQ and OnSetup.
If the string returned from the database is 'REJECT' (upper or lower case),
the call is rejected. If the string matches a dotted IP address, it is
taken as destination IP otherwise it is treated as a new destination alias.
If 2 columns are returned, the first is treated as the new destination alias
and the second is treated as new destination IP.
If multiple rows of destination IPs are returned they are used as alternative routes
for failover and GnuGk will try them in order.
When at least one destination IP is specified or the call is rejected,
the SQL policy will end the routing chain.
If only the alias is changed, the chain continues with this updated alias.
When rejecting a call, the 2nd column can contain an integer designating the
reject reason (H.225 AdmissionRejectReason for registered calls,
H.225 LocationRejectReason for neighbor calls,
H.225 disconnect reason for unregistered calls).
If the database returns nothing, the call is passed on unchanged.
Driver=MySQL | PostgreSQL | Firebird | ODBC | SQLite
Default: N/A
SQL database driver to use. Currently, MySQL, PostgreSQL, Firebird, ODBC and SQLite drivers
are implemented. GnuGk supports only version 3 of SQLite.
Host=DNS[:PORT] | IP[:PORT]
Default: localhost
SQL server host address. Can be in the form of DNS[:PORT] or IP[:PORT].
Like sql.mycompany.com or sql.mycompany.com:3306 or 192.168.3.100.
Database=gnugk
Default: N/A
The database name to connect to.
Username=gnugk
The username used to connect to the database.
Password=secret
The password used to connect to the database.
If the password is not specified, a database connection attempt
without any password will be made.
Query=SELECT ...
Default: N/A
Define a SQL query to fetch the new destination number.
The query is parameterized - that means parameter
replacement is made before each query is executed. The following parameters are defined:
%c - the called alias%p - the called IP (only available on Setup, empty otherwise)%s - the calling IP%r - the calling aliases%{Calling-Station-Id} - the calling station ID (same value as used in accounting and authentication events)%i - the call ID%m - the message type (ARQ, LRQ or Setup)%{client-auth-id} - an ID provided to GnuGk when authenticating the call (through SqlAuth)
Some of these can be empty if they aren't included in the ARQ, LRQ or Setup message.
If the query returns no rows, the current alias is used.
Otherwise, the first result row is used.
Query string examples. Note that these are examples; the actual structure and schema
are user defined, as are the various field names in these examples. GnuGk is simply expecting either IP addresses or aliases as a result of the query.
SELECT destination FROM routes WHERE called = '%c'
SELECT concat(prefix,'%c') FROM routes WHERE prefix = LEFT('%c', 5)
SELECT gatewayip FROM routes WHERE prefix = LEFT('%c',5)
SELECT concat(prefix,'%c'), gatewayip FROM routes WHERE route = LEFT('%c', 5) limit 3
Cette section définit les règles pour la politique de routage
numberanalysis. La politique contrôle un numéro composé pour un
nombre minimum et/ou maximum de chiffres et envoie ARJ, si nécessaire (le nombre
de chiffres est en dehors de la plage), pour supporter l'envoi de chiffres qui se
recouvrent.
- Format:
-
prefix=MIN_DIGITS[:MAX_DIGITS]
Si le numéro correspond au prefix, il est vérifié qu'il est
composé d'au moins MIN_DIGITS chiffres et (si MAX_DIGITS est présent)
d'au plus MAX_DIGITS chiffres. Les caractères joker spéciaux
(!, '.' et '%') sont disponibles.
Si le numéro est trop court, un ARJ est envoyé avec rejectReason
fixé à incompleteAddress.
Si le numéro est trop long, un ARJ est envoyé avec rejectReason
fixé à undefinedReason.
La liste de préfixes est parcourue du préfixe le plus long au plus court
pour une correspondance.
- Exemple:
-
[RoutingPolicy::OnARQ]
default=numberanalysis,internal
[Routing::NumberAnalysis]
0048=12
48=10
.=6:20
Les appels aux destinations commençant par 0048 ont besoin d'au moins 12 chiffres,
par 48 - 10 chiffres et pour tous les autres au moins 6 et au plus 20 chiffres.
CatchAllIP=1.2.3.4
Default: (empty)
Specify an IP address to route all calls to. This overrides CatchAllAlias.
CatchAllAlias=Frank
Default: catchall
If CatchAllIP is not specified, then route all calls to this alias.
This section contains a set of rewrite rules for ANI/CLI/H.323_ID numbers (Caller ID).
The rewrite process is done in two stages - inbound rewrite and outbound rewrite.
The inbound rewrite is done before any other Q.931 Setup message processing
(such as inbound GWRewrite, authentication, accounting, ...), and because it alters the Calling-Station-Id it will have
an effect in the authorization and accounting modules.
The outbound rewrite takes place just before the Setup message is to be forwarded
and its effect is visible only to the callee.
An inbound rewrite rule can be matched by a caller's IP and a dialed number
or an original CLI/ANI.
An outbound rewrite rule can be matched by a caller's IP, callee's IP and
a dialed number or a destination number (the dialed number after rewrite)
or a CLI/ANI (after inbound rewrite).
This module also provides CLIR (Calling Line Identification Restriction)
feature that can be configured for each endpoint (rule).
ProcessSourceAddress=1
Default: 1
In addition to rewriting a Calling-Party-Number Information Element ("IE"), the sourceAddress
element of a H.225.0 Setup message can be rewritten, so both contain
consistent information.
RemoveH323Id=1
Default: 1
When a sourceInfo element of an H.225.0 Setup message is rewritten,
aliases of type H323_ID, email_ID and url_ID can be left untouched
if this option is disabled.
CLIRPolicy=apply
Default: N/A
A global Presentation Indicator ("PI") processing policy can be set up.
This policy will be applied to all CLI rewrite rules that do not override it.
Possible choices are forward - just forward the received PI as-is,
apply - examine the received PI and hide CLI if it is set to "presentation
restricted" and applyforterminals - similar to apply except that the number
is removed only when the call is sent to a terminal, not a gateway.
- Format for an inbound rule:
-
in:CALLER_IP=[pi=[allow|restrict][,forward|apply|applyforterminals]] [cli:|dno:]number_prefix(=|*=|~=|^=|/=)NEW_CLI[,NEW_CLI]...
The in: prefix tells that this is an inbound rule and the CALLER_IP
will be used to match the rule (it can be a single IP or an entire subnet).
The optional pi= parameter controls CLIR (Calling Line Identification Restriction)
features. Specifying either allow or restrict forces presentation indicator
to be set to "presentation allowed" or "presentation restricted". forward, apply
and applyforterminals controls how the received (if any) presentation indicator
is processed by the gatekeeper. forward means forward it to the callee as-is,
apply means hiding CLI if the PI is set to "presentation restricted", applyforterminals
is similar to apply, except that CLI is hidden only when sending the call to a terminal,
not a gateway.
The prefix cli: or dno: (the default) selects what number will be used
to match the number_prefix - a caller id (CLI/ANI) or a dialed number.
Number matching/rewriting can be done in five ways:
= - a cli or dno number will be matched using a prefix
match against number_prefix and, if the match is found,
CLI will be replaced with NEW_CLI.~= - a cli or dno number will be matched using an identity
match against number_prefix and, if both numbers are the same,
CLI will be replaced with NEW_CLI.*= - (VALID ONLY FOR cli) a cli number will be matched using
a prefix match against number_prefix and, if the match is found,
the matched CLI prefix (number_prefix) will be replaced
with a NEW_CLI prefix.^= - a cli or dno number will be matched using a prefix
match against number_prefix and, if the match is found,
H.323_ID will be replaced with NEW_CLI, Calling-Station-Id will remain unchanged./= - a cli or dno number will be matched using an identity
match against number_prefix and, if both numbers are the same,
H.323_ID will be replaced with NEW_CLI, Calling-Station=Id will remain unchanged,
After the equality (=/ =/*=/^=//=) sign, there follows a list of new CLI values to be used.
If more than one value is specified, one will be chosen on a random basis.
It's possible to specify whole number ranges, like 49173600000-49173699999
(for number ranges CLIs should have a fixed length).
There is a special string constant "any", that can be used in place
of the CALLER_IP or the number_prefix. To enable CLIR for this rule,
use a special string constant "hide" instead of the list of new CLI values.
Note that CLIR is far more useful for outbound rules.
- Example 1:
-
[RewriteCLI]
in:192.168.1.1=dno:5551=3003
in:192.168.1.1=cli:1001=2222
in:192.168.1.1=any=1111
These rules state that for calls from the IP 192.168.1.1:
1) if the user dialed a number beginning with 5551, set CLI to 3003,
2) if the call is from user with CLI beginning with 1001, set CLI to 2222,
3) for other calls from this IP, set CLI to 1111.
- Example 2:
-
[RewriteCLI]
in:192.168.1.0/24=any=18001111
in:192.168.2.0/24=any=18002222
in:any=any=0
These rules state that:
1) for calls from the network 192.168.1.0/24, set CLI to 18001111,
2) for calls from the network 192.168.2.0/24, set CLI to 18002222,
3) for other calls, set CLI to 0.
- Example 3:
-
[RewriteCLI]
in:192.168.1.0/24=0048*=48
in:192.168.1.0/24=0*=48
in:any=100.~=48900900900
These rules state that:
1) for calls from the network 192.168.1.0/24, rewrite 0048 to 48 (example - 0048900900900 => 48900900900),
2) for other calls from the network 192.168.1.0/24, rewrite 0 to 48 (example - 0900900900 => 48900900900),
3) for other calls, if CLI is 4 digits and starts with 100, set it to 48900900900.
- Example 4 (CLIR):
-
[RewriteCLI]
in:192.168.1.0/24=any=hide
This example causes caller's number to be removed from Setup messages
originating from the 192.168.1.0/24 network. It also causes proper presentation
and screening indicators to be set in Setup messages.
- Format for an outbound rule:
-
out:CALLER_IP=CALLEE_IP [pi=[allow|restrict][,forward|apply|applyforterminals]] [cli:|dno:|cno:]number_prefix(=|~=|*=)NEW_CLI[,NEW_CLI]...
The out: prefix tells that this is an outbound rule, the CALLER_IP
and the CALLEE_IP will be used to match the rule and can be a single IP
or a subnet address.
The optional pi= parameter controls CLIR (Calling Line Identification Restriction)
features. Specifying either allow or restrict forces the presentation indicator
to be set to "presentation allowed" or "presentation restricted". forward, apply
and applyforterminals controls how the received (if any) presentation indicator
is processed by the gatekeeper. forward means just to forward it to the callee as-is,
apply means hiding CLI if the PI is set to "presentation restricted", applyforterminals
is similar to apply, except that the CLI is hidden only when sending the call to a terminal,
not a gateway.
The prefix cli:, dno: (the default) or cno: selects what number
will be used to match the number_prefix - a caller id (CLI/ANI),
a dialed number or a destination/called number (the dialed number after rewrite).
Number matching/rewriting can be done in three ways:
= - a cli or dno number will be matched using a prefix
match against number_prefix and, if the match is found,
CLI will be replaced with NEW_CLI,~= - a cli or dno number will be matched using an identity
match against number_prefix and, if both numbers are the same,
CLI will be replaced with NEW_CLI,*= - (VALID ONLY FOR cli) a cli number will be matched using
a prefix match against number_prefix and, if the match is found,
the matched CLI prefix (number_prefix) will be replaced
with a NEW_CLI prefix.
After the equality sign (=/ =/*=), a list of new CLI values to be used is specified.
If more than one value is configured, one will be chosen on a random basis.
It's possible to specify entire number ranges, like 49173600000-49173699999.
There is a special string constant "any" which can be used in place
of the CALLER_IP, the CALLEE_IP or the number_prefix.
To enable CLIR for this rule, use a special string constant "hide"
or "hidefromterminals" instead of the list of new CLI values.
- Example 1:
-
[RewriteCLI]
out:any=192.168.1.1 any=1001
out:any=192.168.1.2 any=1002
These rules set a fixed ANI/CLI for each terminating IP:
1) present myself with ANI 1001, when sending calls to IP 192.168.1.1,
2) present myself with ANI 1002, when sending calls to IP 192.168.1.2.
- Example 2:
-
[RewriteCLI]
out:any=192.168.1.1 any=1001-1999,3001-3999
This rule randomly selects ANI/CLI from range 1001-1999, 3001-3999
for calls sent to 192.168.1.1.
- Example 3 (CLIR):
-
[RewriteCLI]
out:any=any any=hidefromterminals
out:192.168.1.1=any any=hide
In this example each subscriber has enabled CLIR, so all calls to terminals
will have a caller's number removed and presentation/screening indicators set.
Calls to gateways will have the presentation indicator set to "presentation restricted"
and the caller's number will not be removed to allow proper call routing and number
removal at the destination equipment.
One exception to these rules are calls from 192.168.1.1 which will have a caller's number
always removed, no matter whether calling a terminal or a gateway.
- Example 4 (CLIP):
-
[RewriteCLI]
out:any=192.168.1.1 any=hide
In this example CLIP (Calling Line Identification Presentation) feature
is disabled for the user 192.168.1.1.
- Example 5 (CLIR):
-
[RewriteCLI]
out:192.168.1.1=any pi=restrict,apply cli:.*=.
out:any=any pi=allow cli:.*=.
These rules do not change CLI (.*=.) and:
1) enable CLIR for an endpoint 192.168.1.1. apply tells the gatekeeper
to not only set the PI, but also to hide the number.
2) force CLI presentation for other endpoints.
The rule matching process has a strictly defined order:
- the closest caller's IP match is determined (closest means with the longest
network mask - single IPs have the highest priority, "any" has the lowest
priority),
- (outbound rules) the closest callee's IP match is determined,
- the longest matching prefix/number is searched for the given IP/IP pair
in the following order:
dno: type (dialed number) rules are searched,cno: type (destination/called number) rules are searched,cli: type (caller id) rules are searched.
After a match for caller's/caller's IP is found, no more rules
are checked, even if no prefix/number is matched inside the set of rules
for these IPs.
On the Windows platform, there is a problem with duplicated config
keys in INI files, so GnuGk provides a workaround for this restriction. This example
will not work because of the same key (in:192.168.1.1):
[RewriteCLI]
in:192.168.1.1=1001=2001
in:192.168.1.1=any=2000
As a workaround, you can use a string with percent signs (%) at the beginning
and at the end before the key. This prefix will be automatically stripped
from the key name before loading rules:
[RewriteCLI]
%r1% in:192.168.1.1=1001=2001
%r2% in:192.168.1.1=any=2000
Page suivante
Page précédente
Table des matières
�
Chapitres:
Contenu ·
Introduction ·
Installation ·
Pour commencer ·
Config basique ·
Routage ·
Config RAS ·
Authentification ·
Accounting ·
Voisins ·
Config par terminal ·
Config avancée ·
Surveillance
|
