Difference between revisions of "HOWTO SET UP TRIXBOX AS H323 GATEWAY"

From TD-er's Wiki
Jump to navigationJump to search
m
 
(12 intermediate revisions by 3 users not shown)
Line 1: Line 1:
== H323 to SIP ==
+
== Introduction ==
 +
 
 +
This page describes the configuration of a new trixbox 1.2.3 from scratch.
 +
 
 +
It has become clear from the literature (TrixBox forum) and our own experiments that H323 ONLY works on Trixbox 1.2.3 with the right add-ons.
 +
 
 +
You have TrixBox 1.2.3. Now you need the correct add-ons. First delete the current add-ons:
 +
 
 +
At the asterisk prompt do:
 +
 
 +
rpm -qa | grep asterisk-addons
 +
rpm -e asterisk-addons-1.2.4_1.2.12.1-1.294
 +
 
 +
And then load the older addons: these can be found [http://thales.td-er.nl/EtherealDumps/asterisk-addons-1.2.3-1.219.i386.rpm here]. And they are also on the dvd.
 +
 
 +
rpm -i asterisk-addons-1.2.3-1.219.i386.rpm
 +
 
 +
Then:
 +
 
 +
amportal stop
 +
amportal start
 +
 
 +
And your asterisk is ready.
 +
 
 +
== SIP to H323 ==
  
  
Line 7: Line 31:
 
  gnugk -ttt -rr
 
  gnugk -ttt -rr
  
* Start asterisk
+
* Start asterisk (if you hadn't already done so).
 
* Make sure the file ooh323.conf is present in /etc/asterisk
 
* Make sure the file ooh323.conf is present in /etc/asterisk
 
* In ooh323.conf you have to change:
 
* In ooh323.conf you have to change:
Line 36: Line 60:
 
* Open your X-lite and configure it like you always would for a given TrixBox
 
* Open your X-lite and configure it like you always would for a given TrixBox
 
* Open Gnomemeeting:
 
* Open Gnomemeeting:
 +
* Goto Edit -> Preferences -> General -> Personal data
 +
* Fill in your personal data as you wish
 
* Goto Edit -> Preferences -> H323 settings -> Gatekeeper settings
 
* Goto Edit -> Preferences -> H323 settings -> Gatekeeper settings
 
  Registering method: Gatekeeper host
 
  Registering method: Gatekeeper host
Line 48: Line 74:
 
At this point the H323 client Gnomemeeting should ring; after accepting the VoIP call, the conversation can start :)
 
At this point the H323 client Gnomemeeting should ring; after accepting the VoIP call, the conversation can start :)
  
== SIP to H323 ==
+
== H323 to SIP ==
  
  
Line 75: Line 101:
 
  GKRouted=1
 
  GKRouted=1
 
  H245Routed=1
 
  H245Routed=1
 
;CHANGE MAYBE forces clients to stay in tunnel - Default: 0
 
;RemoveH245AddressOnTunneling=0
 
;RemoveH245AddressOnTunneling=1
 
 
;CHANGE MAYBE?
 
;AcceptUnregisteredCalls=1
 
 
;CHANGE MAYBE?
 
;SupportNATedEndpoints=1
 
 
;CHANGE MAYBE?
 
;DropCallsByReleaseComplete=1
 
 
;CHANGE MAYBE?
 
;RemoveCallOnDRQ=1
 
 
;SHOULD MATTER with Cisco Call Manager
 
;SendReleaseCompleteOnDRQ=0
 
;SendReleaseCompleteOnDRQ=1
 
 
   
 
   
 
  [Proxy]
 
  [Proxy]
Line 100: Line 106:
 
  ;CHANGED
 
  ;CHANGED
 
  ;ProxyForSameNAT=1
 
  ;ProxyForSameNAT=1
 
;[Endpoint]
 
;Gatekeeper=no
 
;Gatekeeper=auto
 
;Gatekeeper=210.58.112.188
 
;Type=Gateway
 
;H323ID=CitronProxy
 
;E164=18888600000
 
;Password=
 
;Prefix=18888600,1888890003
 
;TimeToLive=900
 
;RRQRetryInterval=10
 
;UnregisterOnReload=0
 
 
   
 
   
 
  [RasSrv::GWPrefixes]
 
  [RasSrv::GWPrefixes]
Line 128: Line 121:
 
  ; (Note that you must use the gateway alias - you can't just tell the
 
  ; (Note that you must use the gateway alias - you can't just tell the
 
  ; gatekeeper the IP number of the gateway.)  
 
  ; gatekeeper the IP number of the gateway.)  
 +
 
  ObjSysAsterisk=5
 
  ObjSysAsterisk=5
 +
 
  ;CHANGED - according to GnuGK manual sect. 3.5
 
  ;CHANGED - according to GnuGK manual sect. 3.5
 +
;NOTE: "ObjSysAsterisk" is PRECISELY the alias which is set up in Asterisk's ooh323c.conf
 +
;NOTE: depending on the used prefixes, you may choose other values
 
   
 
   
 
  [RasSrv::ARQFeatures]
 
  [RasSrv::ARQFeatures]
Line 172: Line 169:
 
   
 
   
 
  ;CHANGED
 
  ;CHANGED
;rule=password
 
;gkadmin=QC7VyAo5jEw=
 
;gkadmin==
 
 
  rule=allow
 
  rule=allow
 
   
 
   
Line 283: Line 277:
 
  amportal start
 
  amportal start
  
Your gatekeeper should produce output on the command line telling you that ObjSysAsterisk is registering.
+
Your gatekeeper should produce output in the log file (''/var/log/gnugk/gnugk.log'') telling you that ObjSysAsterisk is registering.
  
 
ObjSysAsterisk is the h323id of the trixbox as specified in ooh323.conf. (If for some reason you want to register more trixboxes with the gatekeeper you should give each of them a unique h323id in ooh323.conf).
 
ObjSysAsterisk is the h323id of the trixbox as specified in ooh323.conf. (If for some reason you want to register more trixboxes with the gatekeeper you should give each of them a unique h323id in ooh323.conf).
Line 289: Line 283:
 
* Open your X-lite and configure it like you always would for a given TrixBox
 
* Open your X-lite and configure it like you always would for a given TrixBox
 
* Open Gnomemeeting:
 
* Open Gnomemeeting:
 +
* Goto Edit -> Preferences -> General -> Personal data
 +
* Fill in your personal data as you wish
 
* Goto Edit -> Preferences -> H323 settings -> Gatekeeper settings
 
* Goto Edit -> Preferences -> H323 settings -> Gatekeeper settings
 
  Registering method: Gatekeeper host
 
  Registering method: Gatekeeper host
Line 295: Line 291:
 
  Check: register this alias as the primary alias with the gatekeeper
 
  Check: register this alias as the primary alias with the gatekeeper
 
  Click on Apply
 
  Click on Apply
Your gatekeeper should now produce output on the command line telling you that extension 601 (with the personal data you filled in) is registering.
+
Your gatekeeper should now produce output in the log file telling you that extension 601 (with the personal data you filled in) is registering.
  
* Go to your X-lite and dial 601
+
* Go to your H323 client (GnomeMeeting) and dial 501
  
At this point the H323 client Gnomemeeting should ring; after accepting the VoIP call, the conversation can start :)
+
At this point the SIP client (X-Lite) should ring; after accepting the VoIP call, unfortunately the conversation is dropped :(

Latest revision as of 16:09, 16 March 2007

Introduction

This page describes the configuration of a new trixbox 1.2.3 from scratch.

It has become clear from the literature (TrixBox forum) and our own experiments that H323 ONLY works on Trixbox 1.2.3 with the right add-ons.

You have TrixBox 1.2.3. Now you need the correct add-ons. First delete the current add-ons:

At the asterisk prompt do:

rpm -qa | grep asterisk-addons
rpm -e asterisk-addons-1.2.4_1.2.12.1-1.294

And then load the older addons: these can be found here. And they are also on the dvd.

rpm -i asterisk-addons-1.2.3-1.219.i386.rpm

Then:

amportal stop
amportal start

And your asterisk is ready.

SIP to H323

This is the stepwise procedure to set up a VoIP communication from a SIP client to a H323 client.

  • Start your gatekeeper. For Gnugk do on a command line
gnugk -ttt -rr
  • Start asterisk (if you hadn't already done so).
  • Make sure the file ooh323.conf is present in /etc/asterisk
  • In ooh323.conf you have to change:
gateway = yes
gatekeeper = xxx.xxx.xxx.xxx (ip address of your gatekeeper)

In FreePBX -> Setup -> Extensions:

  • Create a SIP extension (e.g. extension 501)
  • Create a Custom extension:
Extension number: 601
Displayname: Anneke h323
Dial: OOH323/601@129.125.71.172 (ip-address of machine where extension can be found)

(Our convention is to have our SIP extensions in the 5xx range, and H323 extension in the 6xx range).

(Asterisk saves these extensions in the file extensions_additional.conf in the [ext-local] context).

  • At asterisk prompt
amportal stop
amportal start

Your gatekeeper should produce output on the command line telling you that ObjSysAsterisk is registering.

ObjSysAsterisk is the h323id of the trixbox as specified in ooh323.conf. (If for some reason you want to register more trixboxes with the gatekeeper you should give each of them a unique h323id in ooh323.conf).

  • Open your X-lite and configure it like you always would for a given TrixBox
  • Open Gnomemeeting:
  • Goto Edit -> Preferences -> General -> Personal data
  • Fill in your personal data as you wish
  • Goto Edit -> Preferences -> H323 settings -> Gatekeeper settings
Registering method: Gatekeeper host
Gatekeeper host: xxx.xxx.xxx.xxx (fill in the IP address of your gatekeeper)
Gatekeeper alias: 601 (number of your h323 extension as you registered it in FreePBX)
Check: register this alias as the primary alias with the gatekeeper
Click on Apply

Your gatekeeper should now produce output on the command line telling you that extension 601 (with the personal data you filled in) is registering.

  • Go to your X-lite and dial 601

At this point the H323 client Gnomemeeting should ring; after accepting the VoIP call, the conversation can start :)

H323 to SIP

This is the stepwise procedure to set up a VoIP communication from a H323 client to a SIP client.

  • Modify the configuration file of the GnuGK gatekeeper (/etc/gatekeeper.ini) as follows (you may choose other values for parameters Name):
; comments may start with # (only unix) or ; (unix or windows)

;; Boolean values.
;; Boolean Values are retresented by a case insensitive string
;; - "t"..., "y"... or "1" for TRUE
;; - all other for FALSE

;; NOTE: This parameters may be loaded at program startup and not influenced by the HUP signal.
[Gatekeeper::Main]
;; 'config is present' indicator. Has to be 42.
Fourtytwo=42
; Includes in some RAS-Msgs
Name=OpenH323GK-wingtip111
; overwritten from command line parameter

;SignalCallId=1

[RoutedMode]
GKRouted=1
H245Routed=1

[Proxy]
Enable=1
;CHANGED
;ProxyForSameNAT=1

[RasSrv::GWPrefixes]
;CHANGED
; - according to GnuGK manual sect. 3.5:
;Use the [RasSrv::GWPrefixes] section of the config file to tell the gatekeeper
; the prefix of numbers that shall be routed over the gateway.
;
;    [RasSrv::GWPrefixes]
;    gw1=0
;
;This entry tells the gatekeeper to route all calls to E.164 numbers starting
; with 0 to the gateway that has registered with the H.323 alias "gw1".
; If there is no registered gateway with that alias the call will fail.
; (Note that you must use the gateway alias - you can't just tell the
; gatekeeper the IP number of the gateway.) 

ObjSysAsterisk=5

;CHANGED - according to GnuGK manual sect. 3.5
;NOTE: "ObjSysAsterisk" is PRECISELY the alias which is set up in Asterisk's ooh323c.conf
;NOTE: depending on the used prefixes, you may choose other values

[RasSrv::ARQFeatures]
;ArjReasonRouteCallToSCN=0
;ArjReasonRouteCallToGatekeeper=1
CallUnregisteredEndpoints=1

;; The parameter "rule" may be one of the following:
;; - "forbid" disallow any connection (default when no rule us given)
;; - "allow" allow any connection
;; - "explicit" reads the parameter ;"<ip>=<value>"; with ip is the ip4-address
;;   if the peering client. ;<value>; is resolved with ;Toolkit::AsBool;. If the ip
;;   is not listed the param "default" is used.
;; - "regex" the ;<ip>; of the client is matched against the given regular expression.
;;   First the ip-rules (like "explicit") are tested. Olny of no such param exists 
;;   the regex is tried.
;;   Example: "regex=^195\.71\.(129|131)\.[0-9]+$"
;; - "password" queries remote user for login/password combination and checks
;;   it against username/password stored in this section. Passwords are encrypted
;;   with addpasswd utility using KeyFilled encryption key. DelayReject defines
;;   delay before reject is sent.
[GkStatus::Auth]
;rule=allow
;rule=deny
;CHANGED
;rule=explicit
;CHANGED
;rule=regex
; - 195.71.129.*      
; - 195.71.100.*
; - 62.52.26.[1-2][0-9][0-9]
;regex=^(195\.71\.(129|100)\.[0-9]+)|(62\.52\.26\.[1-2][0-9][0-9])$
; only used when "rule=explicit"
;rule=regex
;rule=allow
;default=forbid
;Shutdown=0
;KeyFilled=123
;DelayReject=5
;LoginTimeout=120
;regex=129.125.*.*

;CHANGED
rule=allow

;;
;; Authentication mechanism
;;
;; Syntax:
;;   authrule=actions
;;
;;   <authrule> := SimplePasswordAuth | AliasAuth | SQLAliasAuth 
;;                 | SQLPasswordAuth | RadAuth | RadAliasAuth |...
;;   <actions>  := <control>[;<ras>|<q931>,<ras>|<q931>,...]
;;   <control>  := optional | required | sufficient
;;   <ras>      := GRQ | RRQ | URQ | ARQ | BRQ | DRQ | LRQ | IRQ
;;   <q931>     := Setup | SetupUnreg
;;
;; Currently supported modules:
;;
;;   SimplePasswordAuth/SQLPasswordAuth
;;
;;                       The module checks the tokens or cryptoTokens
;;                       fields of RAS message. The tokens should contain
;;                       at least generalID and password. For cryptoTokens,
;;                       cryptoEPPwdHash tokens hashed by simple MD5 and 
;;                       nestedcryptoToken tokens hashed by HMAC-SHA1-96
;;                       (libssl must be installed!) are supported now.
;;                       The ID and password are read from [SimplePasswordAuth] section 
;;                       for SimplePasswordAuth or from an SQL database 
;;                       for SQLPasswordAuth. Backward compatibility is maintained
;;                       and the old MySQLPasswordAuth is also supported.
;;
;;   AliasAuth/SQLAliasAuth
;;
;;                       The IP of an endpoint with given alias should
;;                       match a specified pattern. For AliasAuth the pattern 
;;                       is defined in [RasSrv::RRQAuth] section. For SQLAliasAuth
;;                       the authentication condition strings are read 
;;                       from an SQL database. Backward compatibility is maintained
;;                       and the old MySQLAliasAuth is also supported.
;;
;;   PrefixAuth
;;
;;                       RRQ or ARQ requests can be checked for a specific
;;                       aliases combination, IP address or destination prefix.
;;
;;   RadAuth/RadAliasAuth
;;
;;                       The H.235 username/password from RRQ/ARQ message
;;                       or endpoint alias/IP from RRQ/ARQ/Setup message
;;                       is used to authenticate an endpoint/a call using
;;                       RADIUS server.
;;
;; A rule may results in one of the three codes: ok, fail, pass.
;;
;;   ok         The request is authenticated by this module
;;   fail       The authentication fails and should be rejected
;;   next       The rule cannot determine the request
;;
;; There are also three ways to control a rule:
;;
;;   optional      If the rule cannot determine the request, it is passed
;;                 to next rule.
;;   required      The requests should be authenticated by this module,
;;                 or it would be rejected. The authenticated request would
;;                 then be passwd to next rule.
;;   sufficient    If the request is authenticated, it is accepted,
;;                 or it would be rejected. That is, the rule determines
;;                 the fate of the request. No rule should be put after
;;                 a sufficient rule, since it won't take effect.
;;
;; You can also configure a rule to check only for some particular RAS
;; messages. For example, to configure SimplePasswordAuth as a required
;; rule to check RRQ, ARQ and LRQ:
;; SimplePasswordAuth=required;RRQ,ARQ,LRQ
;
[Gatekeeper::Auth]
;SimplePasswordAuth=optional
;AliasAuth=sufficient;RRQ
;RadAuth=required;RRQ,ARQ
;RadAliasAuth=required;SetupUnreg
;default=reject
default=allow
  • Start your gatekeeper. For Gnugk use the init.d script: do on a command line
/etc/init.d/gnugk restart 
  • Start asterisk
  • Make sure the file ooh323.conf is present in /etc/asterisk
  • In ooh323.conf you have to change:
gateway = yes
gatekeeper = xxx.xxx.xxx.xxx (ip address of your gatekeeper)

In FreePBX -> Setup -> Extensions:

  • Create a SIP extension (e.g. extension 501)
  • Create a Custom extension:
Extension number: 601
Displayname: Anneke h323
Dial: OOH323/601@129.125.71.172 (ip-address of machine where extension can be found)

(Our convention is to have our SIP extensions in the 5xx range, and H323 extension in the 6xx range).

(Asterisk saves these extensions in the file extensions_additional.conf in the [ext-local] context).

  • At asterisk prompt
amportal stop
amportal start

Your gatekeeper should produce output in the log file (/var/log/gnugk/gnugk.log) telling you that ObjSysAsterisk is registering.

ObjSysAsterisk is the h323id of the trixbox as specified in ooh323.conf. (If for some reason you want to register more trixboxes with the gatekeeper you should give each of them a unique h323id in ooh323.conf).

  • Open your X-lite and configure it like you always would for a given TrixBox
  • Open Gnomemeeting:
  • Goto Edit -> Preferences -> General -> Personal data
  • Fill in your personal data as you wish
  • Goto Edit -> Preferences -> H323 settings -> Gatekeeper settings
Registering method: Gatekeeper host
Gatekeeper host: xxx.xxx.xxx.xxx (fill in the IP address of your gatekeeper)
Gatekeeper alias: 601 (number of your h323 extension as you registered it in FreePBX)
Check: register this alias as the primary alias with the gatekeeper
Click on Apply

Your gatekeeper should now produce output in the log file telling you that extension 601 (with the personal data you filled in) is registering.

  • Go to your H323 client (GnomeMeeting) and dial 501

At this point the SIP client (X-Lite) should ring; after accepting the VoIP call, unfortunately the conversation is dropped :(