Call signaling messages may be passed in two ways: The first method is Direct Endpoint Call Signaling, where call signaling messages are passed directly between the endpoints. The second method is Gatekeeper Routed Call Signaling. With this method, the call signaling messages are routed through the gatekeeper.
When Gatekeeper Routed call signaling is used, there are three different options for routing of the H.245 control channel and media channels.
The gatekeeper doesn't route them. The H.245 control channel and media channels are established directly between the endpoints.
The H.245 control channel is routed through the gatekeeper, while the media channels are established directly between the endpoints.
The gatekeeper routes the H.245 control channel, as well as all media channels, including RTP/RTCP for audio and video, and T.120 channel for data. In this case, no traffic is passed directly between the endpoints. This is usually called a H.323 Proxy, and can be treated as a H.323-H.323 gateway.
This section defines the gatekeeper routed mode options (case I & II). The proxy feature is defined in the next section.
The settings in this section may be updated by reloading the configuration while the gatekeeper is running.
GKRouted=10Enables gatekeeper routed signaling mode.
H245Routed=10Enables routing of the H.245 control channel through the gatekeeper.
This setting is honored if GKRouted=1 and H.245 tunneling is disabled
for a call. Even when this option is disabled, if Proxy or ProxyForNAT
takes effect, a H.245 channel is always routed through the gatekeeper
for calls being proxied.
CallSignalPort=17201721The port for call signaling on the gatekeeper.
The default port is 1721. We don't use the well-known port 1720 by default
so you can run an H.323 endpoint or gateway in the same machine as the gatekeeper.
You may set it to 0 to let the gatekeeper choose an arbitrary port.
CallSignalHandlerNumber=105The number of threads dedicated to handle signaling/H.245 channels (between 1-200). You may increase this number in a heavy loaded gatekeeper. Each thread can process one signaling message at time, so increasing this number will increase call throughput. Under Windows, there exists a default limit of 64 sockets used by a single signaling thread, so each signaling thread is able to handle at most 32 calls (with H.245 tunneling enabled).
RtpHandlerNumber=21The number of RTP proxy handling threads. Increase this value only if you experience problems with RTP delay or jitter on a heavily loaded gatekeeper. Special care has to be taken on Windows, as RTP handling threads are subject to the same limit of 64 sockets as signaling threads. Each RTP thread is able to handle at most 32 proxied calls (2 sockets per call).
AcceptNeighborsCalls=11With this feature enabled, the call signaling thread will accept calls without a pre-existing CallRec found in the CallTable, provided an endpoint corresponding to the destinationAddress in Setup can be found in the RegistrationTable, and the calling party is a neighbor or parent gatekeeper. The gatekeeper will also use its own call signaling address in the LCF when responding to the LRQ. Call signaling will be routed to gatekeeper 2 in gatekeeper-to-gatekeeper calls. As a result, the CDRs in gatekeeper 2 will correctly show the connected time, instead of 'unconnected'.
AcceptUnregisteredCalls=10With this feature enabled, the gatekeeper will accept calls from any unregistered endpoint. Make sure you do proper authentication on these calls if you don't want to let everybody use your gatekeeper. When working with unregistered endpoints, you will probably also want to change the CallSignalPort to 1720.
RemoveH245AddressOnTunneling=10Some endpoints send h245Address in the UUIE of Q.931 even when h245Tunneling is set to TRUE. This may cause interoperability problems. If the option is TRUE, the gatekeeper will remove h245Address when h245Tunneling flag is TRUE. This enforces the remote party to stay in tunneling mode.
RemoveCallOnDRQ=01With this option disabled, the gatekeeper will not disconnect a call if it receives a DRQ for it. This avoids potential race conditions when a DRQ overtakes a Release Complete. This is only meaningful in routed mode because in direct mode, the only mechanism to signal end-of-call is a DRQ. When using call failover this must be set to 0.
DropCallsByReleaseComplete=10According to Recommendation H.323, the gatekeeper could tear down a call by sending RAS DisengageRequest to endpoints. However, some bad endpoints just ignore this command. With this option turning on, the gatekeeper will send Q.931 Release Complete instead of RAS DRQ to both endpoints to force them drop the call.
SendReleaseCompleteOnDRQ=10On hangup, the endpoint sends both Release Complete within H.225/Q.931 and
DRQ within RAS. It may happen that DRQ is processed first, causing the
gatekeeper to close the call signaling channel, thus preventing the
Release Complete from being forwarding to the other endpoint.
Though the gatekeeper closes the TCP channel to the destination,
some endpoints (e.g. Cisco CallManager) don't drop the call even if
the call signaling channel is closed.
This results in phones that keep ringing if the caller hangs up
before the called number answers.
Setting this parameter to 1 makes the gatekeeper always send
Release Complete to both endpoints before closing the call when
it receives a DRQ from one of the parties.
SupportNATedEndpoints=10Whether to allow an endpoint behind a NAT box register to the gatekeeper. If yes, the gatekeeper will translate the IP address in Q.931 and H.245 channel into the IP of NAT box.
GnuGk supports NAT outbound calls (from an endpoint behind NAT to public networks) directly without any necessary modification of endpoints or NAT box. Just register the endpoint with GnuGk and you can make call now.
SupportCallingNATedEndpoints=01Whether to allow an endpoint behind an NAT box that support GnuGk NAT Traversal technique to receive calls. Use this to block errant gateways that do not support GnuGk Nat Traversal technique properly from causing one way audio problems when trying to call to the gateway. Calls to the gateways return caller unreachable. To be effective SupportNATedEndpoints must be set to 1.
TreatUnregisteredNAT=10Used in conjunction with AcceptUnregisteredCalls and SupportNATedEndpoints will automatically treat all unregistered calls which cannot be determined as being NAT are treated as being NAT.
Not all Endpoints send sourceSignalAddress in the setup message which can be used to determine whether a caller is NAT. This adds support to those that don't.
ScreenDisplayIE=MyIDN/AModify the DisplayIE of Q.931 to the specified value.
ScreenCallingPartyNumberIE=0965123456N/AModify the CallingPartyNumberIE of Q.931 to the specified value.
ScreenSourceAddress=MyIDN/AModify the sourceAddress field of UUIE element from Q.931 Setup message.
ForwardOnFacility=10If yes, on receiving Q.931 Facility with reason callForwarded, routeCallToGatekeeper or routeCallToMC, the gatekeeper will forwards call Setup directly to the forwarded endpoint, instead of passing the message back to the caller. If you have broken endpoints that can't handle Q.931 Facility with reason callForwarded (or the other reasons), turn on this option. Note that this feature may not always work correctly, as it does not provide any means of capability renegotiation and media channel reopening. The call is only forwarded if the forwarder is the called party and the H.245 channel is not established, yet.
ShowForwarderNumber=00Whether to rewrite the calling party number to the number of forwarder.
It's usually used for billing purpose.
Only valid if ForwardOnFacility=1.
Q931PortRange=20000-20999N/A (let the OS allocate ports)Specify the range of TCP port number for Q.931 signaling channels.
Note the range size may limit the number of concurrent calls.
Make sure this range is wide enough to take into account TIME_WAIT
TCP socket timeout before a socket can be reused after closed.
TIME_WAIT may vary from 15 seconds to a few minutes, depending on an OS.
So if for example your range is 2000-2001 and you made two calls, the next two calls can be
made after TIME_WAIT timeout elapses and the sockets can be reused.
The same applies to H245PortRange and T120PortRange. TIME_WAIT
can be usually tuned down on most OSes.
H245PortRange=30000-30999N/A (let the OS allocate ports)Specify the range of TCP port number for H.245 control channels.
Note the range size may limit the number of concurrent calls.
See remarks about TIME_WAIT socket state timeout in the Q931PortRange
description.
SetupTimeout=40008000A timeout value (in milliseconds) to wait for a first message (Setup) to be received after a signaling TCP channel has been opened.
SignalTimeout=1000030000A timeout value (in milliseconds) to wait for a signaling channel to be opened after an ACF message is sent or to wait for an Alerting message after a signaling channel has been opened. This option can be thought as a maximum allowed PDD (Post Dial Delay) value.
AlertingTimeout=60000180000A timeout value (in milliseconds) to wait for a Connect message after a call entered Alerting state. This option can be thought as a maximum "ringing time".
TcpKeepAlive=10Enable/disable keepalive feature on TCP signaling sockets. This can help to detect inactive signaling channels and prevent dead calls from hanging in the call table. For this option to work, you also need to tweak system settings to adjust keep alive timeout. See docs/keepalive.txt for more details. If this switch is not present in the configuration, the socket is left untouched.
TranslateFacility=10Enable this option if you have interoperability problems between H.323v4 and non-H.323v4 endpoints. It converts Facility messages with reason = transportedInformation into Facility messages with an empty body, because some endpoints do not process tunneled H.245 messages inside Facility, if the body is not empty. The conversion is performed only when necessary - if both endpoints are v4 or both endpoints are pre-v4, nothing is changed.
SocketCleanupTimeout=10005000Define time to wait before an unused socket is closed (if it is not yet closed) and deleted (its memory is released). If you use very small port ranges, like a few ports (e.g. RTPPortRange=2000-2009), you may want to decrease this value to get sockets reusable faster.
ActivateFailover=10Activate call failover: When activated, GnuGk will try to find other possible routes to a destination if the call fails on the first route. The list of routes for a call is built when the call first comes in and currently not all routing policies are able to provide multiple routes. You can use the 'internal' and the 'sql' policy to provide multiple routes. In addition to that multiple routes can be set by SQL and Radius authenticators.
For accounting of calls using failover, see the SingleFailoverCDR switch in the [CallTable] section.
FailoverCauses=1-15,21-1271-15,21-127Define which cause codes in a ReleaseComplete will trigger call failover.
DisableRetryChecks=10This will disable all checks if a failed call has already received FastStart or H.245 messages. Caution: Using this switch enables you to retry more calls, but you run the risk that some of the retried calls will fail because the caller is already in a state where he can't talk to a new partner.
CalledTypeOfNumber=1N/ASets Called-Party-Number type of number to the specified value for all calls (0 - UnknownType, 1 - InternationalType, 2 - NationalType, 3 - NetworkSpecificType, 4 - SubscriberType, 6 - AbbreviatedType, 7 - ReservedType).
CallingTypeOfNumber=1N/ASets Calling-Party-Number type of number to the specified value for all calls (0 - UnknownType, 1 - InternationalType, 2 - NationalType, 3 - NetworkSpecificType, 4 - SubscriberType, 6 - AbbreviatedType, 7 - ReservedType).
CalledPlanOfNumber=1N/ASets Called-Numbering-Plan of number to the specified value (0 - UnknownType, 1 - ISDN, 3 - X.121 numbering, 4 - Telex, 8 - National standard, 9 - private numbering).
CallingPlanOfNumber=1N/ASets Calling-Numbering-Plan of number to the specified value (0 - UnknownType, 1 - ISDN, 3 - X.121 numbering, 4 - Telex, 8 - National standard, 9 - private numbering).
ENUMservers=e164.org,e164.arpaN/ASets the enum server list in priority order separated by (,) for the enum policy. This overrides the PWLIB_ENUM_PATH environmental variable.
RDSservers=myvirtualhost.comN/AUse this to set RDS server to query for rds routing policy. This set the domains to use to resolve URI's which do not have SRV records and maybe virtually hosted or SRV records are stored in another host. This overrides the PWLIB_RDS_PATH environmental variable.
CpsLimit=100Limit the rate of incoming calls to n calls per second. If more calls are received they are rejected on TCP level without H.323 error messages and they won't show up in CDRs. A value of zero (default) disables the feature.
The limit only applies if the calls in the check interval are greater than check-interval * CPS-rate. This allows small call spikes on a machine without much load, but will apply strict limits when the overall load is high.
This feature is meant to shield the gatekeeper from overload and to avoid as much resource usage a possible in an overload situation.
Currently the calls are blocked when the first message comes in on the signaling port. This makes it very effective for unregistered calls. But so far ARQs are not blocked, so it will be less effective with registered calls.
CpsCheckInterval=15Define the check interval in seconds before the CpsLimit is applied.
GenerateCallProceeding=10When set, GnuGk will generate a CallProceeding for each Setup message it receives. This can be helpful to avoid a timeout in calling endpoints if the destination takes a long time to answer or the call is processed in a virtual queue. Without setting UseProvisionalRespToH245Tunneling=1 this will disable H.245 tunneling.
CallProceeding messages sent by endpoints or gateways will be translated into Facility or Progress messages.
UseProvisionalRespToH245Tunneling=10WARNING: This is an experimental feature and not tested very well.
If you only use H.323 equipment that supports provisionalRespToH245Tunneling, you can set this switch to keep H.245 tunneling enabled when using gatekeeper generated CallProceeding.
EnableH450.2=10When set, GnuGk will intercept H.450.2 call transfer messages and if possible transfer the call on behalf of the endpoint. This allows the endpoint initiated transferring of calls where the remote endpoint may not support H.450 and the gatekeeper initiates the call transfer.
H4502EmulatorTransferMethod=ReroutecallForwardedSet the call transfer method for the H.450.2 emulator. It defaults to sending a callFordwarded Facility to the endpoint. Setting it to "Reroute" uses a gatekeeper based TCS=0 transfer. ("Reroute" is still considered and experimental feature, that should be used with care.)
TranslateReceivedQ931Cause=17:=34N/ATranslate all received cause codes in ReleaseComplete messages. In the above example code 17 (User busy) will be translated into cause code 34 (No circuit/channel available).
TranslateSentQ931Cause=21:=34,27:=34N/ATranslate all cause codes in ReleaseComplete messages sent out. In the above example code 21 and 27 will be translated into cause code 34, because this particular gateway might deal with error code 34 better than with others.
RemoveH235Call=10For compatibility with endpoints which do not support large Setup messages, this switch removes tokens and cryptoTokens from Setups to make them smaller.
RemoveH460Call=10For compatibility with pre-H323v4 devices that do not support H.460, this switch strips the H.460 feature advertisements from the Setup PDU. Usually they should be ignored anyway; use this switch if they cause trouble.
ForceNATKeepAlive=10Force ALL registrations to use a keepAlive TCP socket.
EnableH46018=10Enable support for H.460.18 and H.460.19. This feature is covered by patents held by Tandberg. If you don't use the official releases by the GNU Gatekeeper Project, make sure you have a valid license before enabling it.
H46018NoNat=01Enable H.460.18 even if the endpoint is not behind a NAT. Setting to 0 will disable H.460.18 if the endpoint is detected as not being behind a NAT. If H.460.23 is supported and enabled then direct media is still supported.
EnableH46023=10Enable support for H.460.23/.24. You must also set STUN servers for H.460.23/.24 to become active.
H46023STUN=stun.ekiga.net,192.168.1.10N/ASets the STUN server list for use with H.460.23 separated by (,). Each Network interface must have a STUNserver set for H.460.23 support on that interface.
H46023PublicIP=10Newer endpoints on public IP addresses can receive calls from endpoints behind NAT. This feature when enabled will presume all endpoints that are not NAT can receive calls from endpoints behind NAT for the purpose of H.460.24 media pathway calculations so to avoid proxying of media. This maybe used in conjunction with AlwaysRewriteSourceCallSignalAddress=0 to trick the remote endpoint to think that the call is coming direct from behind NAT and not routed via the gatekeeper.
H46023SignalGKRouted=10Force all call signalling for NAT to be GK routed. There are a number of conditions where call signalling may be offloaded when using H.460.23/.24 This switch will force all the signalling to be Gatekeeper routed.
NATStdMin=18N/ARequire registering endpoints detected as being behind a NAT to support a Standard NAT Traversal mechanism. When an endpoint registers from behind a NAT and does not support the minimum NAT standard then the registration will be rejected with a reason neededFeatureNotSupported. Valid values are "18" for H.460.18/.19 and "23" for H.460.23/.24
TranslateSorensonSourceInfo=10Translate the non-standard caller information from a Sorenson VP200 into sourceAddress and CallingPartyIE.
RemoveFaxUDPOptionsFromRM=10Avaya Communication Manager 3.1 equipped by TN2602AP media processor becomes confused when it receives t38FaxUdpOptions in t38FaxProfile of H.245 RequestMode. For example, AddPac VoiceFinder does so. After that TN2602AP starts to send larger T.38 packets than receiver can process. This results in facsimile document distortion. So we need to remove t38FaxUdpOptions from RM to make ACM3.1+TN2602AP become compatible with endpoints which send t38FaxUdpOptions in RM.
AlwaysRewriteSourceCallSignalAddress=01When set to false or 0, GnuGk will not rewrite the sourceCallSignalAddress to its own IP in routed mode. This helps some endpoints to get through NATs. In proxy mode, the IP is always rewritten to GnuGk's IP, regardles of this switch.
AutoProxyIPv4ToIPv6Calls=01Automatically put calls between different IP versions into full proxy mode. Note that this auto detection only looks at the call signal addresses to make the decision. It is possible that one endpoint decides to use H.245 or media IPs with a different IP version later on and the call will fail if the receiving endpoint isn't capable of handling multiple IP versions.
The section defines the H.323 proxy features. It means the gatekeeper will route all the traffic between the calling and called endpoints, so there is no traffic between the two endpoints directly. Thus it is very useful if you have some endpoints using private IP behind an NAT box and some endpoints using public IP outside the box.
The gatekeeper can do proxy for logical channels of RTP/RTCP (audio and video) and T.120 (data). Logical channels opened by fast-connect procedures or H.245 tunneling are also supported.
Note to make proxy work, the gatekeeper must have direct connection to both networks of the caller and callee.
Enable=10Whether to enable the proxy function. You have to enable gatekeeper routed mode first (see the previous section). You don't have to specify H.245 routed. It will automatically be used if required.
InternalNetwork=10.0.1.0/24N/AIf you want to override automatic detection of networks behind the proxy, you may do so by specifying them here. Multiple internal networks are allowed. Packets to internal networks will use the local interface as sender instead of the default IP or ExternalIP. For internal networks, the proxying can be disabled, even when global proxying is activated.
InternalNetwork=network address/netmask[,network address/netmask,...]
The netmask can be expressed in decimal dot notation or CIDR notation (prefix length), as shown in the example.
InternalNetwork=10.0.0.0/255.0.0.0,192.168.0.0/24
ProxyAlways=10Always proxy all calls regardless of other settings.
T120PortRange=40000-40999N/A (let the OS allocate ports)Specify the range of TCP port number for T.120 data channels.
Note the range size may limit the number of concurrent calls.
See remarks about TIME_WAIT socket state timeout in the Q931PortRange
description.
RTPPortRange=50000-599991024-65535Specify the range of UDP port number for RTP/RTCP channels. Since RTP streams require two sockets, the range must contain an even number of ports. Note that the size of the specified range may limit the number of possible concurrent calls.
ProxyForNAT=11If set, the gatekeeper will function as a proxy for calls where one of the participating endpoints is behind a NAT box. This ensures the RTP/RTCP stream can penetrate into the NAT box without modifying it. However, the endpoint behind the NAT box must use the same port to send and receive RTP/RTCP stream. If you have bad or broken endpoints that don't satisfy the precondition, you should disable this feature and let the NAT box forward RTP/RTCP stream for you.
ProxyForSameNAT=11Whether to proxy for calls between endpoints from the same NAT box. There is a degree of uncertainty when endpoints are behind the same NAT as to whether they can communicate directly as one or both may be on subNATs. Disable this feature with caution.
RemoveH235Call=10This setting removes the cryptoTokens and clearTokens off the Setup message. Use this when working with IP phones that do not support large Setup messages
RemoveH460Call=10This setting removes the H.460 features from the Setup message. Use this with pre-H.323v4 endpoints and gateways which cannot decode these messages.
DisableRTPQueueing=10Sometimes GnuGk will receive RTP data before it knows where to forward it to. By default GnuGk will queue this data up to a certain amount and send it once the destination becomes available. In some cases this can cause a short loopback of RTP data, so you might want to disable RTP queuing.
EnableRTPMute=10This setting allows either call party in media proxy mode to mute the audio/video by sending a * as either string or tone.userinput. The sending of * mutes the audio/video and a subsequent send of * unmutes the audio/video. Only the party who muted the call can unmute. This is designed as a hold function for terminals which do not support H450.4.
EnableRTCPStats=10When enabled, GnuGk will collect RTCP sender reports and send them to the Radius server.
RemoveMCInFastStartTransmitOffer=10Remove the mediaChannel from fastStart transmit offers. For unicast transmit channels, mediaChannel should not be sent on offer; it is responsibility of callee to provide mediaChannel in an answer.
SearchBothSidesOnCLC=10The H.245 CloseLogicalChannel request should only reference the endpoint's own logical channels. Some bad endpoint implementations require searching and closing logical channels for the other endpoint as well. Up to version 2.3.0 GnuGk did this automatically, but it can break channel establishment in some cases, so you must enable this switch if you have these broken endpoints.
EnableH460P=10WARNING: This in an experimental feature to support the not-yet-released H.460 presence standard.
H460PActThread=102Sleep time between updating of H.460 Presence information.
RTPMultiplexing=10Enable H.460.19 RTP multiplexing.
NOTE: To change RTP multiplexing settings, including ports, you must restart GnuGk. A configuration reload will not re-read this configuration item.
RTPMultiplexPort=40003000Set the RTP port for H.460.19 RTP multiplexing.
RTCPMultiplexPort=40013001Set the RTCP port for H.460.19 RTP multiplexing.
In routed mode or proxy mode, you may use this section to specify the exact routing mode (routed mode, routed mode plus H.245 routing or proxy mode) on a per-IP network basis.
network=mode[,mode]
The network is specified by an IP plus optional CIDR, eg. 192.168.1.0/24. The rule for the network with the longest netmask is used (the most specific).
Possible modes are (the names are case in-sensitive)
ROUTEDH245ROUTEDPROXYThe first mode is used for calls into and out of the specified network. The second mode is used for calls that stay inside the network. If only one mode is specified it is used for both cases.
In this example calls into and out of the 1.2.3.0/24 network are proxied, but calls that remain inside this network are in routed mode. Calls in the 3.4.5.0/24 are always proxied, even when they remain inside the network, unless IP 3.4.5.6 is involved. If 2 networks have a rule for the call, the one with the most proxying is used, eg. a call from 192.168.1.222 to 3.4.5.20 would be proxied.
[ModeSelection]
127.0.0.0/24=ROUTED
192.168.0.0/18=H245ROUTED,ROUTED
1.2.3.0/24=PROXY,ROUTED
3.4.5.0/24=PROXY,PROXY
3.4.5.6=ROUTED
2005:4dd0:ff00:99a::9/64=PROXY
If no rules matches the settings [RoutedMode]GkRouted=, H245Routed= or [Proxy]Enable= are used to determine the routing mode.
There are a few cases where these rules don't apply, because the GNU Gatekeeper knows that the call needs proxying: For example calls involving H.460.18/.19 will always be proxied (because this protocol requires proxying).