ch04s05.html

IP_Telephony_Cookbook主要讲解的是IP电话方面的知识,对这个方面需求的读者会很有帮助

This featured is enabled by default. To disable compilation of these Radius 
modules, set the NO_RADIUS environment variable before making: </P><PRE class=programlisting>$ NO_RADIUS=1 make both
</PRE>
<P>The GNU GK is able to do accounting. Currently, only RADIUS and plain text 
file accounting modules are available. The accounting is still considered an 
experimental feature, so it is not compiled in by default. To enable accounting, 
set the HAS_ACCT environment variable before making: </P><PRE class=programlisting>$ HAS_ACCT=1 make both
</PRE>
<P>Moreover, there is no special installation procedure needed. After 
compilation, copy the executable to a directory of your choice and create a 
configuration file for it. There are several configuration examples in the etc/ 
subdirectory of the source tree. See the next section on Configuration for 
further explanations. </P>
<P>For example, to start the gatekeeper, a command like: </P><PRE class=programlisting>$ /usr/sbin/gnugk -c /etc/gnugk.ini -o /var/log/gnugk.log -ttt
</PRE>
<P>should work if the configuration file (gnugk.ini) is correct.</P>
<P><SPAN class=emphasis><EM>Pre-Built binaries</EM></SPAN> - If you do not wish 
to compile the gatekeeper from source, there are several pre-built packages 
available from <A 
href="http://sourceforge.net/project/showfiles.php?group_id=4797" 
target=_top>here</A>. Not all versions will be made available as binaries 
therefore the reader will have to check what is available.</P>
<P>As regards the Red Hat, packages you will have to download the RPMs and enter 
the following command as root, substitute in the name of the file you wish 
downloaded. </P><PRE class=programlisting>$ rpm -Uvh gnugk-x.x.x.rpm
</PRE>
<P>As regards the Debian packages, you can install the gatekeeper by using the 
following command as root:</P><PRE class=programlisting>$ apt-get install openh323gk
</PRE></DIV>
<DIV class=sect3 lang=en>
<DIV class=titlepage>
<DIV>
<DIV>
<H4 class=title><A id=d0e3722>4.5.3.2.&nbsp;Configuration</H4></DIV></DIV>
<DIV></DIV>
<P>The behaviour of the gatekeeper is completely determined by the command line 
options at run time and the specified configuration file. Some command line 
options may override settings in the configuration file. In order to avoid 
confusion it is common practice to keep all the configuration options in the 
configuration file and start the GNU GK with the following command: </P><PRE class=programlisting>$ [/usr/sbin/]gnugk -c /etc/gnugk.ini -o /var/log/gnugk.log -ttt
</PRE>
<P>Here we provide a sample configuration file with the most important options 
for setting up basic services and their relative explanation. Note that all 
user-specified fields are indicated as beginning with "my" and you must 
customize/replace them appropriately for your site. </P><PRE class=programlisting>#Two lines in order to be able to telnet your GK on a specific port 
#(the default is port 7000)
#(the authorization rules are detailed in the [GkStatus::Auth] section) 
[Gatekeeper::Main]
Fourtytwo=42
#name of your GK
Name=my-GnuGK

#Network information
#Specify the network interfaces of the gatekeeper
#By default the gatekeeper will detect the interfaces 
#of your host automatically
Home=my-ip-address

#information about the parent GK in order to forward LRQ 
#for out-of-zone calls
[RasSrv::Neighbors]
[neighbour-name]=my-ip-address:my-port;my-prefix-of-the-neighbour

#define some features on LRQ and LCF
[RasSrv::LRQFeatures]
#The gatekeeper replies with LCFs containing 
#the destinationInfo and destinationType fields,
#the registered aliases and the terminal type of the destination endpoint
#The neighbor gatekeeper can then save the information 
#to suppress later LRQs
#However, some vendors' gatekeepers misuse the information, 
#thus resulting in interoperability problems
#set it to 0 if you encounter problems with a third-party GK
IncludeDestinationInfoInLCF=0
#Include a NonStandardParameter in LRQs 
#to be compatible with Cisco gatekeepers
CiscoGKCompatible=1
#If hopCount has reached 0, the gatekeeper shall not forward the message
ForwardHopCount=10

#route mode section
[RoutedMode]
#Enable the gatekeeper routed mode, as opposed to the direct mode
GKRouted=1
#Route the H.245 control channel, only takes effect if GKRouted=1 
H245Routed=1
#Some endpoints send h245Address in the UUIE of Q.931 
#even when h245Tunneling is set to TRUE
#This may cause interoperability problems, avoid setting this option to 1
RemoveH245AddressOnTunneling=1
#The gatekeeper could tear down a call by sending 
#RAS DisengageRequest to endpoints
#Some bad endpoints just ignore this command, with this option turned on, 
#the gatekeeper will send
#Q.931 Release Complete instead of RAS DRQ to both endpoints 
#to force them to drop the call
DropCallsByReleaseComplete=1
#Setting this parameter to 1 makes the gatekeeper 
#to always send Release Complete to both endpoints
#before closing the call when it receives DRQ from one of the parties
SendReleaseCompleteOnDRQ=1

#Authorization rules  for telnet access to port 
#(the default is port 7000)
[GkStatus::Auth]
#allow only specific addresses 
rule=regex
# - we are allowing the IP addresses 192.168.1.*
regex=^(192\.168\.1\.[0-9]+)
default=forbid
#if you want to allow everybody, comment the previous lines and ...
#rule=allow
</PRE></DIV>
<DIV class=sect3 lang=en>
<DIV class=titlepage>
<DIV>
<DIV>
<H4 class=title><A id=d0e3733>4.5.3.3.&nbsp;Operation</H4></DIV></DIV>
<DIV></DIV>
<P>There are a number of ways to monitor the operation of the GNU GK. A 
command-line (telnet) interface is provided, which is installed by default and 
allows monitoring of endpoints registrations and call requests. It also accepts 
unregistration commands for specific endpoints, call clearing and even reloading 
of the configuration file. </P>
<P>Having inserted the following lines in the configuration file:</P><PRE class=programlisting>[Gatekeeper::Main]
Fourtytwo=42
[GkStatus::Auth]
rule=allow
</PRE>
<P>we can telnet to the GNU GK machine on the port specified in the 
configuration file (the default is port 7000): </P><PRE class=programlisting>me@mypc&gt; telnet gnugk-ip-address 7000
</PRE>
<P>There are a number of commands that can be issued in this telnet session: 
Type "help" to see a list of them. Most commands are easy and intuitive and 
there is no need to explain them further (for a detailed explanation see <A 
href="http://www.gnugk.org/h323manual.html" target=_top>here</A>). To end the 
telnet session with the gatekeeper type "quit" and hit Enter. </P>
<P>Moreover, there are two Graphical User Interface (GUI) front-ends for the 
gatekeeper in order to monitor and visualize the operations. </P>
<P>
<DIV class=itemizedlist>
<UL type=disc compact>
  <LI>Java GUI: allows you to monitor the registrations and calls that go 
  through the gatekeeper. A right-click on a button gives you a popup menu for 
  each endpoint. This GUI works with Java 1.0 built into most web browsers. The 
  program is available <A href="http://www.gnugk.org/h323gui.html" 
  target=_top>here</A>. 
  <LI>GkGUI: A new standalone Java program. It requires Java 1.4. The GkGUI is 
  released under GNU General Public License, available <A 
  href="http://www.gnugk.org/h323develop.html#java" target=_top>here</A>. 
</LI></UL></DIV>
<P></P></DIV>
<DIV class=sect3 lang=en>
<DIV class=titlepage>
<DIV>
<DIV>
<H4 class=title><A id=d0e3769>4.5.3.4.&nbsp;Endpoint 
authentication</H4></DIV></DIV>
<DIV></DIV>
<P>The GNU Gatekeeper supports all three Radius, MySQL and LDAP backend 
interfaces (LDAP is still under development) for registration (RRQ) and 
admission (ARQ) authentication and authorization mechanisms. This is obviously a 
very complex as well as flexible environment in which to implement 
authentication and authorization methods. H.235 is supported, but more commonly 
ad hoc authentication methods are used, such as the IP address + alias 
identification method on the RADIUS server side. Special credit-time or duration 
restricted calling applications can be deployed on the GNU GK, assuming 
sufficient administrator man/hours can be spared. Please refer to 
[Gatekeeper::Auth] and following configuration sections on the manual web page 
for a more detailed configuration description of such features. </P></DIV>
<DIV class=sect3 lang=en>
<DIV class=titlepage>
<DIV>
<DIV>
<H4 class=title><A id=d0e3774>4.5.3.5.&nbsp;Advanced features</H4></DIV></DIV>
<DIV></DIV>
<P>The GNU GK gatekeeper incorporates an excellent combination of the features 
of the Cisco MCM and the Radvision ECS, in a very flexible environment, being 
able to support hierarchies of gatekeepers (child-parent relationships) in cases 
where many levels of prefixes must be supported by prefix stripping or prefix 
substitution (please refer to the [Endpoint::RewriteE164] configuration 
section). Moreover the GNU GK implements resilience features such as "Alternate 
Gatekeeper" support (configuration available through the [Gatekeeper::Main] 
configuration section), where two identical GNU GK gatekeepers on two different 
nodes can act in tandem, providing resilience in gatekeeper services 
transparently to the endpoints. Since it is an open-source project, its value 
per cost ratio is very high, but the command-line interfaces it provides are not 
for the faint-hearted and if you do make the choice, be prepared to spend many 
hours over out-dated documentation and recompilations of new code-fixing 
releases. </P></DIV></DIV></DIV>
<DIV class=navfooter>
<TABLE width="100%" summary="Navigation footer">
  <TBODY>
  <TR>
    <TD align=left width="40%"><A accessKey=p 
      href="http://www.informatik.uni-bremen.de/~prelle/terena/cookbook/main/ch04s04.html">Prev</A>&nbsp;</TD>
    <TD align=middle width="20%"><A accessKey=u 
      href="http://www.informatik.uni-bremen.de/~prelle/terena/cookbook/main/ch04.html">Up</A></TD>
    <TD align=right width="40%">&nbsp;<A accessKey=n 
      href="http://www.informatik.uni-bremen.de/~prelle/terena/cookbook/main/ch04s06.html">Next</A></TD></TR>
  <TR>
    <TD vAlign=top align=left width="40%">4.4.&nbsp;Examples&nbsp;</TD>
    <TD align=middle width="20%"><A accessKey=h 
      href="http://www.informatik.uni-bremen.de/~prelle/terena/cookbook/main/index.html">Home</A></TD>
    <TD vAlign=top align=right width="40%">&nbsp;4.6.&nbsp;Setting up SIP 
      services</TD></TR></TBODY></TABLE></DIV></A></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></BODY></HTML>