HOWTO SET UP TRIXBOX AS H323 GATEWAY

From TD-er's Wiki
Jump to: navigation, search

Introduction

This page describes the configuration of a new trixbox 1.2.3 from scratch.

It has become clear from the literature (TrixBox forum) and our own experiments that H323 ONLY works on Trixbox 1.2.3 with the right add-ons.

You have TrixBox 1.2.3. Now you need the correct add-ons. First delete the current add-ons:

At the asterisk prompt do:

rpm -qa | grep asterisk-addons
rpm -e asterisk-addons-1.2.4_1.2.12.1-1.294

And then load the older addons: these can be found here. And they are also on the dvd.

rpm -i asterisk-addons-1.2.3-1.219.i386.rpm

Then:

amportal stop
amportal start

And your asterisk is ready.

SIP to H323

This is the stepwise procedure to set up a VoIP communication from a SIP client to a H323 client.

  • Start your gatekeeper. For Gnugk do on a command line
gnugk -ttt -rr
  • Start asterisk (if you hadn't already done so).
  • Make sure the file ooh323.conf is present in /etc/asterisk
  • In ooh323.conf you have to change:
gateway = yes
gatekeeper = xxx.xxx.xxx.xxx (ip address of your gatekeeper)

In FreePBX -> Setup -> Extensions:

  • Create a SIP extension (e.g. extension 501)
  • Create a Custom extension:
Extension number: 601
Displayname: Anneke h323
Dial: OOH323/601@129.125.71.172 (ip-address of machine where extension can be found)

(Our convention is to have our SIP extensions in the 5xx range, and H323 extension in the 6xx range).

(Asterisk saves these extensions in the file extensions_additional.conf in the [ext-local] context).

  • At asterisk prompt
amportal stop
amportal start

Your gatekeeper should produce output on the command line telling you that ObjSysAsterisk is registering.

ObjSysAsterisk is the h323id of the trixbox as specified in ooh323.conf. (If for some reason you want to register more trixboxes with the gatekeeper you should give each of them a unique h323id in ooh323.conf).

  • Open your X-lite and configure it like you always would for a given TrixBox
  • Open Gnomemeeting:
  • Goto Edit -> Preferences -> General -> Personal data
  • Fill in your personal data as you wish
  • Goto Edit -> Preferences -> H323 settings -> Gatekeeper settings
Registering method: Gatekeeper host
Gatekeeper host: xxx.xxx.xxx.xxx (fill in the IP address of your gatekeeper)
Gatekeeper alias: 601 (number of your h323 extension as you registered it in FreePBX)
Check: register this alias as the primary alias with the gatekeeper
Click on Apply

Your gatekeeper should now produce output on the command line telling you that extension 601 (with the personal data you filled in) is registering.

  • Go to your X-lite and dial 601

At this point the H323 client Gnomemeeting should ring; after accepting the VoIP call, the conversation can start :)

H323 to SIP

This is the stepwise procedure to set up a VoIP communication from a H323 client to a SIP client.

  • Modify the configuration file of the GnuGK gatekeeper (/etc/gatekeeper.ini) as follows (you may choose other values for parameters Name):
; comments may start with # (only unix) or ; (unix or windows)

;; Boolean values.
;; Boolean Values are retresented by a case insensitive string
;; - "t"..., "y"... or "1" for TRUE
;; - all other for FALSE

;; NOTE: This parameters may be loaded at program startup and not influenced by the HUP signal.
[Gatekeeper::Main]
;; 'config is present' indicator. Has to be 42.
Fourtytwo=42
; Includes in some RAS-Msgs
Name=OpenH323GK-wingtip111
; overwritten from command line parameter

;SignalCallId=1

[RoutedMode]
GKRouted=1
H245Routed=1

[Proxy]
Enable=1
;CHANGED
;ProxyForSameNAT=1

[RasSrv::GWPrefixes]
;CHANGED
; - according to GnuGK manual sect. 3.5:
;Use the [RasSrv::GWPrefixes] section of the config file to tell the gatekeeper
; the prefix of numbers that shall be routed over the gateway.
;
;    [RasSrv::GWPrefixes]
;    gw1=0
;
;This entry tells the gatekeeper to route all calls to E.164 numbers starting
; with 0 to the gateway that has registered with the H.323 alias "gw1".
; If there is no registered gateway with that alias the call will fail.
; (Note that you must use the gateway alias - you can't just tell the
; gatekeeper the IP number of the gateway.) 

ObjSysAsterisk=5

;CHANGED - according to GnuGK manual sect. 3.5
;NOTE: "ObjSysAsterisk" is PRECISELY the alias which is set up in Asterisk's ooh323c.conf
;NOTE: depending on the used prefixes, you may choose other values

[RasSrv::ARQFeatures]
;ArjReasonRouteCallToSCN=0
;ArjReasonRouteCallToGatekeeper=1
CallUnregisteredEndpoints=1

;; The parameter "rule" may be one of the following:
;; - "forbid" disallow any connection (default when no rule us given)
;; - "allow" allow any connection
;; - "explicit" reads the parameter ;"<ip>=<value>"; with ip is the ip4-address
;;   if the peering client. ;<value>; is resolved with ;Toolkit::AsBool;. If the ip
;;   is not listed the param "default" is used.
;; - "regex" the ;<ip>; of the client is matched against the given regular expression.
;;   First the ip-rules (like "explicit") are tested. Olny of no such param exists 
;;   the regex is tried.
;;   Example: "regex=^195\.71\.(129|131)\.[0-9]+$"
;; - "password" queries remote user for login/password combination and checks
;;   it against username/password stored in this section. Passwords are encrypted
;;   with addpasswd utility using KeyFilled encryption key. DelayReject defines
;;   delay before reject is sent.
[GkStatus::Auth]
;rule=allow
;rule=deny
;CHANGED
;rule=explicit
;CHANGED
;rule=regex
; - 195.71.129.*      
; - 195.71.100.*
; - 62.52.26.[1-2][0-9][0-9]
;regex=^(195\.71\.(129|100)\.[0-9]+)|(62\.52\.26\.[1-2][0-9][0-9])$
; only used when "rule=explicit"
;rule=regex
;rule=allow
;default=forbid
;Shutdown=0
;KeyFilled=123
;DelayReject=5
;LoginTimeout=120
;regex=129.125.*.*

;CHANGED
rule=allow

;;
;; Authentication mechanism
;;
;; Syntax:
;;   authrule=actions
;;
;;   <authrule> := SimplePasswordAuth | AliasAuth | SQLAliasAuth 
;;                 | SQLPasswordAuth | RadAuth | RadAliasAuth |...
;;   <actions>  := <control>[;<ras>|<q931>,<ras>|<q931>,...]
;;   <control>  := optional | required | sufficient
;;   <ras>      := GRQ | RRQ | URQ | ARQ | BRQ | DRQ | LRQ | IRQ
;;   <q931>     := Setup | SetupUnreg
;;
;; Currently supported modules:
;;
;;   SimplePasswordAuth/SQLPasswordAuth
;;
;;                       The module checks the tokens or cryptoTokens
;;                       fields of RAS message. The tokens should contain
;;                       at least generalID and password. For cryptoTokens,
;;                       cryptoEPPwdHash tokens hashed by simple MD5 and 
;;                       nestedcryptoToken tokens hashed by HMAC-SHA1-96
;;                       (libssl must be installed!) are supported now.
;;                       The ID and password are read from [SimplePasswordAuth] section 
;;                       for SimplePasswordAuth or from an SQL database 
;;                       for SQLPasswordAuth. Backward compatibility is maintained
;;                       and the old MySQLPasswordAuth is also supported.
;;
;;   AliasAuth/SQLAliasAuth
;;
;;                       The IP of an endpoint with given alias should
;;                       match a specified pattern. For AliasAuth the pattern 
;;                       is defined in [RasSrv::RRQAuth] section. For SQLAliasAuth
;;                       the authentication condition strings are read 
;;                       from an SQL database. Backward compatibility is maintained
;;                       and the old MySQLAliasAuth is also supported.
;;
;;   PrefixAuth
;;
;;                       RRQ or ARQ requests can be checked for a specific
;;                       aliases combination, IP address or destination prefix.
;;
;;   RadAuth/RadAliasAuth
;;
;;                       The H.235 username/password from RRQ/ARQ message
;;                       or endpoint alias/IP from RRQ/ARQ/Setup message
;;                       is used to authenticate an endpoint/a call using
;;                       RADIUS server.
;;
;; A rule may results in one of the three codes: ok, fail, pass.
;;
;;   ok         The request is authenticated by this module
;;   fail       The authentication fails and should be rejected
;;   next       The rule cannot determine the request
;;
;; There are also three ways to control a rule:
;;
;;   optional      If the rule cannot determine the request, it is passed
;;                 to next rule.
;;   required      The requests should be authenticated by this module,
;;                 or it would be rejected. The authenticated request would
;;                 then be passwd to next rule.
;;   sufficient    If the request is authenticated, it is accepted,
;;                 or it would be rejected. That is, the rule determines
;;                 the fate of the request. No rule should be put after
;;                 a sufficient rule, since it won't take effect.
;;
;; You can also configure a rule to check only for some particular RAS
;; messages. For example, to configure SimplePasswordAuth as a required
;; rule to check RRQ, ARQ and LRQ:
;; SimplePasswordAuth=required;RRQ,ARQ,LRQ
;
[Gatekeeper::Auth]
;SimplePasswordAuth=optional
;AliasAuth=sufficient;RRQ
;RadAuth=required;RRQ,ARQ
;RadAliasAuth=required;SetupUnreg
;default=reject
default=allow
  • Start your gatekeeper. For Gnugk use the init.d script: do on a command line
/etc/init.d/gnugk restart 
  • Start asterisk
  • Make sure the file ooh323.conf is present in /etc/asterisk
  • In ooh323.conf you have to change:
gateway = yes
gatekeeper = xxx.xxx.xxx.xxx (ip address of your gatekeeper)

In FreePBX -> Setup -> Extensions:

  • Create a SIP extension (e.g. extension 501)
  • Create a Custom extension:
Extension number: 601
Displayname: Anneke h323
Dial: OOH323/601@129.125.71.172 (ip-address of machine where extension can be found)

(Our convention is to have our SIP extensions in the 5xx range, and H323 extension in the 6xx range).

(Asterisk saves these extensions in the file extensions_additional.conf in the [ext-local] context).

  • At asterisk prompt
amportal stop
amportal start

Your gatekeeper should produce output in the log file (/var/log/gnugk/gnugk.log) telling you that ObjSysAsterisk is registering.

ObjSysAsterisk is the h323id of the trixbox as specified in ooh323.conf. (If for some reason you want to register more trixboxes with the gatekeeper you should give each of them a unique h323id in ooh323.conf).

  • Open your X-lite and configure it like you always would for a given TrixBox
  • Open Gnomemeeting:
  • Goto Edit -> Preferences -> General -> Personal data
  • Fill in your personal data as you wish
  • Goto Edit -> Preferences -> H323 settings -> Gatekeeper settings
Registering method: Gatekeeper host
Gatekeeper host: xxx.xxx.xxx.xxx (fill in the IP address of your gatekeeper)
Gatekeeper alias: 601 (number of your h323 extension as you registered it in FreePBX)
Check: register this alias as the primary alias with the gatekeeper
Click on Apply

Your gatekeeper should now produce output in the log file telling you that extension 601 (with the personal data you filled in) is registering.

  • Go to your H323 client (GnomeMeeting) and dial 501

At this point the SIP client (X-Lite) should ring; after accepting the VoIP call, unfortunately the conversation is dropped :(