ไฟล์คอนฟิก gnugk.ini แบ่งออกเป็นหลายส่วน (Section) ดังต่อไปนี้

Note! ใช้เครื่องหมาย ; เป็นคอมเม้นต์

1. หัวข้อ [Gatekeeper::Main]

[Gatekeeper::Main]
; ใช้ทดสอบว่าไฟล์คอนฟิกมีอยู่หรือไม่ ถ้าหาข้อความนี้ไม่เจอก็จะส่งข้อความเตือน
Fortytwo=42
; ตั้งชื่อ GNUGK หรือที่เราเรียกว่า Gatekeeper Identifier (GK ID) มันจะตอบสนอบต่อ GRQs (Gatekkeer Request) ก็เฉพาะที่ระบุ ID ตรงกับมันเท่านั้น และเวลามันสื่อสารกับ endpoint มันก็จะใส่ ID เข้าไปด้วย ค่าดีฟอลท์คือ GnuGK
Name=V4S-GK
; ใส่ค่าไอพีแอดเดรสในเครื่องที่จะให้ GNUGK รอรับการเชื่อมต่อ ถ้าใส่เป็น 0.0.0.0 มันจะรอรับการเชื่อมต่อทุกๆไอพีในเครื่อง ถ้าต้องการใส่หลายไอพี ให้คั่นด้วยเครื่องหมาย ; หรือ , ค่าดีฟอลท์คือ 0.0.0.0
Home=192.168.1.1
;
NetworkInterface=192.168.1.1/25,10.0.0.1/0

Specify the network interfaces of the gatekeeper. By default the gatekeeper will automatically detect the interfaces of your host, so this setting is not usually required, but is available if automatic detection fails. If you are using GnuGk behind a NAT box then you should use the ExternalIP setting (described below) which will automatically configure GnuGk to operate as if it was on the NAT box. The ExternalIP setting will take precedence and will override this value.

NOTE: If this setting is changed, you must restart the gatekeeper. A reload from the status port will not cause this value to be re-read.


Bind=192.168.1.1
Default: 0.0.0.0

Specify the IP address for default routing. If there is only one interface then this setting is ignored. Use this to specify which default IP address to use in a multihomed virtual environment where there may be many virtual interfaces on one host.


EndpointIDSuffix=_gk1
Default: _endp

The gatekeeper will assign a unique identifier to each registered endpoint. This option can be used to specify a suffix to append to the endpoint identifier. This is only useful when using more than one gatekeeper. This setting doesn't change when the config is reloaded!


TimeToLive=300
Default: -1

An endpoint's registration with a gatekeeper may have a limited life span. The gatekeeper specifies the registration duration for an endpoint by including a timeToLive field in the RCF message. After the specified length of time, the registration is considered expired. The endpoint must periodically send a RRQ having the keepAlive bit set prior to the expiration time. Such a message may include a minimum amount of information as described in H.225.0 and is known as a lightweight RRQ.

The endpoint may request a shorter timeToLive in the RRQ message to the gatekeeper.

To avoid an overload of RRQ messages, the gatekeeper automatically resets this timer to 60 seconds if you specify a lower value.

After the expiration time, the gatekeeper will make two attempts using IRQ messages to determine if the endpoint is still alive. If the endpoint responds with an IRR, the registration will be extended. If not, the gatekeeper will send a URQ with reason ttlExpired to the endpoint. The endpoint must then re-register with the gatekeeper using a full RRQ message.

To disable this feature, set it to -1.


CompareAliasType=0
Default: 1

By default, a H323ID of '1234' won't match E164 number '1234' when comparing aliases. This parameter allows you to ignore the alias type when performing comparisons.


CompareAliasCase=0
Default: 1

By default, alias 'jan' won't match alias 'Jan'. If set to false, the comparison will not be case sensitive.


TraceLevel=2
Default: 0

Set trace level (same as -t on the command line).

This setting doesn't change when the config is reloaded!


TotalBandwidth=100000
Default: -1

Total bandwidth available to be given to endpoints. By default this feature is off.

NOTE: At this time, the GnuGk only checks calls from registered endpoints and many endpoints supply incorrect bandwidth values.


RedirectGK=Endpoints > 100 | Calls > 50
Default: N/A

This option allow you to redirect endpoints to alternate gatekeepers if the gatekeeper becomes overloaded. In the example above, the gatekeeper will reject a RRQ if the number of registered endpoints would exceed 100, or reject an ARQ if concurrent calls exceed 50.

Furthermore, you may explicitly redirect all endpoints by setting this option to temporary or permanent. The gatekeeper will send a RAS rejection message with a list of alternate gatekeepers defined in AlternateGKs. Note that a permanent redirection means that the redirected endpoints will not register with this gatekeeper again. NOTE: The redirect capability will only function with H.323 version 4 compliant endpoints.


AlternateGKs=1.2.3.4:1719:false:120:GnuGk
Default: N/A

If the endpoint loses connectivity with GnuGk it should automatically try to register with the alternate gatekeeper specified here.

NOTE: Depending on the endpoint, it may not attempt to re-establish a connection to its original gatekeeper. Support for "Assigned Gatekeepers" was added in H.323v6. See http://www.packetizer.com/ipmc/h323/whatsnew_v6.html for additional information.

The primary gatekeeper includes a field in the RCF to inform endpoints which alternate IP and gatekeeper identifier to use.

The alternate gatekeeper needs to be aware of all registrations on the primary gatekeeper or else it would reject calls. Our gatekeeper can forward every RRQ to an alternate IP address.

The AlternateGKs config option specifies the fields contained in the primary gatekeeper's RCF. The first and second fields of this string define where (IP, port) to forward to. The third tells endpoints whether they need to register with the alternate gatekeeper before placing calls. They usually don't because we forward their RRQs, so they are automatically known to the alternate gatekeeper. The fourth field specifies the priority for this gatekeeper. Lower is better; usually the primary gatekeeper is considered to have priority 1. The last field specifies the alternate gatekeeper's identifier.

You may specify multiple alternate gatekeepers as a comma separated list.


SendTo=1.2.3.4:1719
Default: N/A

Although this information is contained in AlternateGKs, you must still specify which address to forward RRQs to. This might differ from AlternateGK's address due to multihomed systems, so it's a separate config option.

You can specify multiple gatekeepers in a comma separated list.


SkipForwards=1.2.3.4,5.6.7.8
Default: N/A

To avoid circular forwarding, you shouldn't forward RRQs you get from the other gatekeeper (this statement is true for both primary and alternate gatekeeper). Two mechanisms are used to identify whether a request should be forwarded. The first one looks for a flag in the RRQ. Since few endpoints implement this, we can increase the overall reliability of the system by specifying it here.

Specify the other gatekeeper's IP in this list.


StatusPort=7000
Default: 7000

Status port to monitor the gatekeeper. See this section for details.


StatusTraceLevel=2
Default: 2

Default output trace level for new status interface clients. See this section for details.


TimestampFormat=ISO8601
Default: Cisco

This setting configures the default format of timestamp strings generated by the gatekeeper. This option affects [SqlAcct], [RadAcct], [FileAcct] and other modules, but not [CallTable]. You can further customize timestamp formatting per module by configuring the TimestampFormat setting in the module-specific configuration portion of the config file.

There are four predefined formats:

RFC822 - a default format used by the gatekeeper (example: Wed, 10 Nov 2004 16:02:01 +0100)
ISO8601 - standard ISO format (example: 2004-11-10 T 16:02:01 +0100)
Cisco - format used by Cisco equipment (example: 16:02:01.534 CET Wed Nov 10 2004)
MySQL - simple format that MySQL can understand (example: 2004-11-10 16:02:01)
If none of the predefined options is suitable, you can build your own format string using rules from the strftime C function (see man strftime or search MSDN for strftime). In general, the format string consists of regular character and format codes, preceded by a percent sign. Example: "%Y-%m-%d and percent %%" will result in "2004-11-10 and percent %". Some common format codes:

%a - abbreviated weekday name
%A - full weekday name
%b - abbreviated month name
%B - full month name
%d - day of month as decimal number
%H - hour in 24-hour format
%I - hour in 12-hour format
%m - month as decimal number
%M - minute as decimal number
%S - second as decimal number
%y - year without century
%Y - year with century
%u - microseconds as decimal number (this is a GnuGk extension)
%z - time zone abbreviation (+0100)
%Z - time zone name
%% - percent sign

EncryptAllPasswords=1
Default: 0

Enable encryption of all passwords in the config (SQL passwords, RADIUS passwords, [Password] passwords, [GkStatus::Auth] passwords). If enabled, all passwords must be encrypted using the addpasswd utility. Otherwise only [Password] and [GkStatus::Auth] passwords are encrypted (old behavior).


KeyFilled=0
Default: N/A

Define a global padding byte to be used during password encryption/decryption. It can be overridden by setting KeyFilled within a particular config section. Usually, you do not need to change this option.


Most users will never need to change any of the following values. They are mainly used for testing or very sophisticated applications.


UseBroadcastListener=0
Default: 1

Defines whether to listen to broadcast RAS requests. This requires binding to all interfaces on a machine, so if you want to run multiple gatekeepers on the same machine you should turn this off.


UnicastRasPort=1719
Default: 1719

The RAS channel TSAP identifier for unicast.


UseMulticastListener=0
Default: 1

Enable or disable gatekeeper discovery using multicast. By default it is enabled.


MulticastPort=1718
Default: 1718

The RAS channel TSAP identifier for multicast.


MulticastGroup=224.0.1.41
Default: 224.0.1.41

The multicast group for the RAS channel.


EndpointSignalPort=1720
Default: 1720

Default port for call signaling channel of endpoints.


ListenQueueLength=1024
Default: 1024

Queue length for incoming TCP connection.


SignalReadTimeout=1000
Default: 1000

Time in milliseconds for read timeout on call signaling channels (Q931).


StatusReadTimeout=3000
Default: 3000

Time in milliseconds for read timeout on status channel.


StatusWriteTimeout=5000
Default: 5000

Time in milliseconds for write timeout on status channel.


ExternalIP=myip.no-ip.com
Default: N/A

When using GnuGk behind a NAT you can set the external IP address that you wish the gatekeeper to masquerade as. This will allow external endpoints and other gatekeepers to contact the NATed gatekeeper. To work you must port forward the required ports to the gatekeeper IP or put the gatekeeper in the NAT box DMZ. This is different than the bind setting, which specifies a physical IP address on the GnuGk box.

You may specify an IP address or a fully-qualified domain name (FQDN). If you use a FQDN and ExternalIsDynamic is set to false, it will be resolved to an IP address on startup or configuration reload. If ExternalIsDynamic is set to true, the name will be stored and resolved when needed.


ExternalIsDynamic=1
Default: 0

Configures the GnuGk to support an external dynamic address. If enabled, GnuGk will ensure that the Dynamic DNS (DDNS) service receives keep-alive messages to maintain your DDNS name lease. You must also configure the ExternalIP setting with a DNS address maintained by a DDNS service such as http://www.dyndns.com or http://www.no-ip.com.


DefaultDomain=gnugk.org
Default: N/A

If the GnuGk receives a request for an address in the format user@domain.com, this option will strip the domain from the address if it matches the DefaultDomain setting and will then process the request using just the "user" field. This is useful when receiving interdomain calls placed via SRV routing policy where the full URI is received. It can also be used in conjunction with the [RasSrv::RewriteAlias] section to convert the received URI into a E164 number for further processing and routing.


Authenticators=H.235.1,CAT
Default: N/A

Selects the specific authenticators to use when authenticating endpoints. The default options are: H.235.1 (HMAC SHA1 / old H235AnnexD), MD5 (Digest Authentication) and CAT (Cisco Access Tokens ie RADIUS). If this setting is omitted, all authenticators are loaded by default. If you are using plugin authenticators, then you may want to disable the default authenticators to provide optimum security. Note: H.235.1 requires OpenSSL support compiled into GnuGk. This switch is only available if GnuGk is compiled with H323Plus.


DisconnectCallsOnShutdown=0
Default: 1

GnuGk will disconnect all ongoing calls when it shuts down and will send an unregistration request to all endpoints. To override this default, set this parameter to "0". This switch is intended mainly for gatekeepers running in direct mode; in routed mode and proxy mode calls will still get disrupted when the gatekeeper shuts down

2. หัวข้อ [GkStatus::Auth]

Defines a number of rules regarding who is allowed to connect to the status port. Access to the status port provides full control over your gatekeeper. Ensure that this is set correctly.

rule=allow
Default: forbid

Possible values are

forbid - disallow any connection.
allow - allow any connection
explicit - reads the parameter ip=value where ip is the IP address of the client, value is 1,0 or allow,forbid or yes,no. If ip is not listed the parameter default is used.
regex - the IP of the client is matched against the given regular expression.

Example:
To allow client from 195.71.129.0/24 and 195.71.131.0/24:

regex=^195\.71\.(129|131)\.[0-9]+$
password - the user must provide an appropriate username and password to login. The format of username/password is the same as [SimplePasswordAuth] section.
These rules may be combined with "|" (to specify a logical "OR") or "&" (for logical "AND"). For example,

rule=explicit | regex
The IP of the client must match explicit or regex rule.

rule=regex & password
The IP of the client must match regex rule, and the user has to login by username and password.

default=allow
Default: forbid

Only used when rule=explicit.


Shutdown=forbid
Default: allow

To allow the gatekeeper to be shutdown via status port.


DelayReject=5
Default: 0

Time (in seconds) to wait before rejecting an invalid username/password. Useful to insert a delay in brute-force attacks.

3. หัวข้อ [GkStatus::Filter]

Status port filtering facilitates control of the amount and type of output messages shown to the end user. Filtering is done using regular expressions which are used to decide whether to include (show) or exclude (ignore) an output message. Filtering control is performed using the following set of commands:


addincludefilter REGEX
Adds regular expression to the include list
addexcludefilter REGEX
Adds regular expression to the exclude list
removeincludefilter INDEX
Removes filter at given INDEX from the include list
removeexcludefilter INDEX
Removes filter at given INDEX from the exclude list
filter 1|0
Enable/Disable message filtering
printincludefilters
Print include filter list
printexcludefilters
Print exclude filter list
In order to enable usage of predefined filters, a new section named [GkStatus::Filtering] has been introduced. You may specify predefined filters to be loaded when the status port starts.


Example:

[GkStatus::Filtering]
IncludeFilter=.+
ExcludeFilter=.RQ

When filtering is enabled using the the filter 1 command, all messages will be shown other than lines with ARQ, LRQ etc. You may also type the following into the status port:

addincludefilter .+
addexcludefilter .RQ
filter 1

Note that enable filtering when there are no filters defined will automatically exclude all message output

4. หัวข้อ [LogFile]
This section defines log file related parameters. Currently, it allows users to specify log file rotation options.


Filename=/var/log/gk_trace.log
Default: N/A

Set the output filename for the log file (same as -o on the command line). This setting doesn't change when the config is reloaded!


Rotate=Hourly | Daily | Weekly | Monthly
Default: N/A

If set, the log file will be rotated based on this setting. Hourly rotation enables rotation once per hour, daily - once per day, weekly - once per week and monthly - once per month. An exact rotation moment is determined by a combination of RotateDay and RotateTime variables. During rotation, an existing file is renamed to CURRENT_FILENAME.YYYYMMDD-HHMMSS, where YYYYMMDD-HHMMSS is replaced with the current timestamp, and new lines are logged to an empty file. To disable rotation, do not configure the Rotate parameter or set it to 0.


Example 1 - rotate every hour (00:45, 01:45, ..., 23:45):
[LogFile]
Rotate=Hourly
RotateTime=45



Example 2 - rotate every day at 23:00 (11PM):
[LogFile]
Rotate=Daily
RotateTime=23:00



Example 3 - rotate every Sunday at 00:59:
[LogFile]
Rotate=Weekly
RotateDay=Sun
RotateTime=00:59



Example 4 - rotate on the last day of each month:
[LogFile]
Rotate=Monthly
RotateDay=31
RotateTime=23:00

5. หัวข้อ [RoutedMode]

Call signaling messages may be passed in two ways: The first method is Direct Endpoint Call Signaling, where call signaling messages are passed directly between the endpoints. The second method is Gatekeeper Routed Call Signaling. With this method, the call signaling messages are routed through the gatekeeper.

When Gatekeeper Routed call signaling is used, there are three different options for routing of the H.245 control channel and media channels.


Case I.
The gatekeeper doesn't route them. The H.245 control channel and media channels are established directly between the endpoints.

Case II.
The H.245 control channel is routed through the gatekeeper, while the media channels are established directly between the endpoints.

Case III.
The gatekeeper routes the H.245 control channel, as well as all media channels, including RTP/RTCP for audio and video, and T.120 channel for data. In this case, no traffic is passed directly between the endpoints. This is usually called a H.323 Proxy, which can be regarded as an H.323-H.323 gateway.

This section defines the gatekeeper routed mode options (case I & II). The proxy feature is defined in the next section.

The settings in this section may be updated by reloading the configuration while the gatekeeper is running.


GKRouted=1
Default: 0

Enables gatekeeper routed signaling mode.


H245Routed=1
Default: 0

Enables routing of the H.245 control channel through the gatekeeper. This setting is honored if GKRouted=1 and H.245 tunneling is disabled for a call. Even when this option is disabled, if Proxy or ProxyForNAT takes effect, a H.245 channel is always routed through the gatekeeper for calls being proxied.


CallSignalPort=1720
Default: 1721

The port for call signaling on the gatekeeper. The default port is 1721. We don't use the well-known port 1720 by default so you can run an H.323 endpoint or gateway in the same machine as the gatekeeper. You may set it to 0 to let the gatekeeper choose an arbitrary port.


CallSignalHandlerNumber=10
Default: 5

The number of threads dedicated to handle signaling/H.245 channels (between 1-200). You may increase this number in a heavy loaded gatekeeper. Each thread can process one signaling message at time, so increasing this number will increase call throughput. Under Windows, there exists a default limit of 64 sockets used by a single signaling thread, so each signaling thread is able to handle at most 32 calls (with H.245 tunneling enabled).


RtpHandlerNumber=2
Default: 1

The number of RTP proxy handling threads. Increase this value only if you experience problems with RTP delay or jitter on a heavily loaded gatekeeper. A special care has to be taken on Windows, at RTP handling threads are subject of the same limit of 64 sockets as signaling threads. Each RTP thread is able to handle at most 32 proxied calls (2 sockets per call).


AcceptNeighborsCalls=1
Default: 1

With this feature enabled, the call signaling thread will accept calls without a pre-existing CallRec found in the CallTable, provided an endpoint corresponding to the destinationAddress in Setup can be found in the RegistrationTable, and the calling party is a neighbor or parent gatekeeper. The gatekeeper will also use it's own call signaling address in LCF in responding to an LRQ. That means, the call signaling will be routed to gatekeeper 2 in gatekeeper-to-gatekeeper calls. As a result, the CDRs in gatekeeper 2 can correctly show the connected time, instead of 'unconnected'.


AcceptUnregisteredCalls=1
Default: 0

With this feature enabled, the gatekeeper will accept calls from any unregistered endpoint. Make sure you do proper authentication on these calls if you don't want to let everybody use your gatekeeper. When working with unregistered, you will probably also want to change the CallSignalPort to 1720.


RemoveH245AddressOnTunneling=1
Default: 0

Some endpoints send h245Address in the UUIE of Q.931 even when h245Tunneling is set to TRUE. This may cause interoperability problems. If the option is TRUE, the gatekeeper will remove h245Address when h245Tunneling flag is TRUE. This enforces the remote party to stay in tunneling mode.


RemoveCallOnDRQ=0
Default: 1

With this option turning off, the gatekeeper will not disconnect a call if it receives a DRQ for it. This avoids potential race conditions when a DRQ overtakes a Release Complete. This is only meaningful in routed mode because in direct mode, the only mechanism to signal end-of-call is a DRQ. When using call failover this must be set to 0.


DropCallsByReleaseComplete=1
Default: 0

According to Recommendation H.323, the gatekeeper could tear down a call by sending RAS DisengageRequest to endpoints. However, some bad endpoints just ignore this command. With this option turning on, the gatekeeper will send Q.931 Release Complete instead of RAS DRQ to both endpoints to force them drop the call.


SendReleaseCompleteOnDRQ=1
Default: 0

On hangup, the endpoint sends both Release Complete within H.225/Q.931 and DRQ within RAS. It may happen that DRQ is processed first, causing the gatekeeper to close the call signaling channel, thus preventing the Release Complete from being forwarding to the other endpoint. Though the gatekeeper closes the TCP channel to the destination, some endpoints (e.g. Cisco CallManager) don't drop the call even if the call signaling channel is closed. This results in phones that keep ringing if the caller hangs up before the callee pickups. Setting this parameter to 1 makes the gatekeeper always send Release Complete to both endpoints before closing the call when it receives DRQ from one of the parties.


SupportNATedEndpoints=1
Default: 0

Whether to allow an endpoint behind an NAT box register to the gatekeeper. If yes, the gatekeeper will translate the IP address in Q.931 and H.245 channel into the IP of NAT box.

GnuGk supports NAT outbound calls (from an endpoint behind NAT to public networks) directly without any necessary modification of endpoints or NAT box. Just register the endpoint with GnuGk and you can make call now.


SupportCallingNATedEndpoints=0
Default: 1

Whether to allow an endpoint behind an NAT box that support GnuGk Nat Traversal technique to receive calls. Use this to block errant gateways that do not support GnuGk Nat Traversal technique properly from causing one way audio problems when trying to call to the gateway. Calls to the gateways return caller unreachable. To be effective SupportNATedEndpoints must be set to 1.


TreatUnregisteredNAT=1
Default: 0

Used in conjunction with AcceptUnregisteredCalls and SupportNATedEndpoints will automatically treat all unregistered calls which cannot be determined as being NAT are treated as being NAT.

Not all Endpoints send sourceSignalAddress in the setup message which can be used to determine whether a caller is NAT. This adds support to those that don't.


ScreenDisplayIE=MyID
Default: N/A

Modify the DisplayIE of Q.931 to the specified value.


ScreenCallingPartyNumberIE=0965123456
Default: N/A

Modify the CallingPartyNumberIE of Q.931 to the specified value.


ScreenSourceAddress=MyID
Default: N/A

Modify the sourceAddress field of UUIE element from Q.931 Setup message.


ForwardOnFacility=1
Default: 0

If yes, on receiving Q.931 Facility with reason callForwarded, the gatekeeper will forwards call Setup directly to the forwarded endpoint, instead of passing the message back to the caller. If you have broken endpoints that can't handle Q.931 Facility with reason callForwarded, turn on this option. Note that this feature may not always work correctly, as it does not provide any means of capability renegotiation and media channel reopening.


ShowForwarderNumber=0
Default: 0

Whether to rewrite the calling party number to the number of forwarder. It's usually used for billing purpose. Only valid if ForwardOnFacility=1.


Q931PortRange=20000-20999
Default: N/A (let the OS allocate ports)

Specify the range of TCP port number for Q.931 signaling channels. Note the range size may limit the number of concurrent calls. Make sure this range is wide enough to take into account TIME_WAIT TCP socket timeout before a socket can be reused after closed. TIME_WAIT may vary from 15 seconds to a few minutes, depending on an OS. So if for example your range is 2000-2001 and you made two calls, the next two calls can be made after TIME_WAIT timeout elapses and the sockets can be reused. The same applies to H245PortRange and T120PortRange. TIME_WAIT can be usually tuned down on most OSes.


H245PortRange=30000-30999
Default: N/A (let the OS allocate ports)

Specify the range of TCP port number for H.245 control channels. Note the range size may limit the number of concurrent calls. See remarks about TIME_WAIT socket state timeout in the Q931PortRange description.


SetupTimeout=4000
Default: 8000

A timeout value (in milliseconds) to wait for a first message (Setup) to be received after a signaling TCP channel has been opened.


SignalTimeout=10000
Default: 30000

A timeout value (in milliseconds) to wait for a signaling channel to be opened after an ACF message is sent or to wait for an Alerting message after a signaling channel has been opened. This option can be thought as a maximum allowed PDD (Post Dial Delay) value.


AlertingTimeout=60000
Default: 180000

A timeout value (in milliseconds) to wait for a Connect message after a call entered Alerting state. This option can be thought as a maximum "ringing time".


TcpKeepAlive=0
Default: 1

Enable/disable keepalive feature on TCP signaling sockets. This can help to detect inactive signaling channels and prevent dead calls from hanging in the call table. For this option to work, you also need to tweak system settings to adjust keep alive timeout. See docs/keepalive.txt for more details.


TranslateFacility=1
Default: 0

Enable this option if you have interoperability problems between H.323v4 and non-H.323v4 endpoints. It converts Facility messages with reason = transportedInformation into Facility messages with an empty body, because some endpoints do not process tunneled H.245 messages inside Facility, if the body is not empty. The conversion is performed only when necessary - if both endpoints are v4 or both endpoints are pre-v4, nothing is changed.


SocketCleanupTimeout=1000
Default: 5000

Define time to wait before an unused socket is closed (if it is not yet closed) and deleted (its memory is released). If you use very small port ranges, like a few ports (e.g. RTPPortRange=2000-2009), you may want to decrease this value to get sockets reusable faster.


ActivateFailover=1
Default: 0

Activate call failover: When activated, GnuGk will try to find other possible routes to a destination if the call fails on the first route. The list of routes for a call is built when the call first comes in and currently not all routing policies are able to provide multiple routes. You can use the 'internal' and the 'sql' policy to provide multiple routes. In addition to that multiple routes can be set by SQL and Radius authenticators.

For accounting of calls using failover, see the SingleFailoverCDR switch in the [CallTable] section.


FailoverCauses=1-15,21-127
Default: 1-15,21-127

Define which cause codes in a ReleaseComplete will trigger call failover.


DisableRetryChecks=1
Default: 0

This will disable all checks if a failed call has already received FastStart or H.245 messages. Caution: Using this switch enables you to retry more calls, but you run the risk that some of the retried calls will fail because the caller is already in a state where he can't talkt to a new partner.


CalledTypeOfNumber=1
Default: N/A

Sets Called-Party-Number type of number to the specified value for all calls (0 - UnknownType, 1 - InternationalType, 2 - NationalType, 3 - NetworkSpecificType, 4 - SubscriberType, 6 - AbbreviatedType, 7 - ReservedType).


CallingTypeOfNumber=1
Default: N/A

Sets Calling-Party-Number type of number to the specified value for all calls (0 - UnknownType, 1 - InternationalType, 2 - NationalType, 3 - NetworkSpecificType, 4 - SubscriberType, 6 - AbbreviatedType, 7 - ReservedType).


CalledPlanOfNumber=1
Default: N/A

Sets Called-Numbering-Plan of number to the specified value (0 - UnknownType, 1 - ISDN, 3 - X.121 numbering, 4 - Telex, 8 - National standard, 9 - private numbering).


CallingPlanOfNumber=1
Default: N/A

Sets Calling-Numbering-Plan of number to the specified value (0 - UnknownType, 1 - ISDN, 3 - X.121 numbering, 4 - Telex, 8 - National standard, 9 - private numbering).


ENUMservers=e164.org,e164.arpa
Default: N/A

Sets the eum server list in priority order seperated by (,) for the enum policy. This overrides the PWLIB_ENUM_PATH environmental variable.


RDSservers=myvirtualhost.com
Default: N/A

Use this to set RDS server to query for rds routing policy. This set the domains to use to resolve URI's which do not have SRV records and maybe virtually hosted or SRV records are stored in another host. This overrides the PWLIB_RDS_PATH environmental variable.


CpsLimit=10
Default: 0

Limit the rate of incomming calls to n calls per second. If more calls are received they are rejected on TCP level without H.323 error messages and they won't show up in CDRs. A value of zero (default) disables the feature.

The limit only applies if the calls in the check interval are greater than check-interval * CPS-rate. This allows small call spikes on a machine without much load, but will apply strict limits when the overall load is high.

This feature is meant to shield the gatekeeper from overload and to avoid as much resource usage a possible in an overload situation.

Currently the calls are blocked when the first message comes in on the signalling port. This makes it very effective for unregistered calls. But so far ARQs are not blocked, so it will be less effective with registered calls.


CpsCheckInterval=1
Default: 5

Define the check interval in seconds before the CpsLimit is applied.


GenerateCallProceeding=1
Default: 0

When set, GnuGk will generate a CallProceeding for each Setup message it receives. This can be helpfull to avoid a timeout in calling endpoints if the destination takes a long time to answer or the call is processed in a virtual queue. Without setting UseProvisionalRespToH245Tunneling=1 this will disable H.245 tunneling.

CallProceeding messages sent by endpoints or gateways will be translated into Facility or Progress messages.


UseProvisionalRespToH245Tunneling=1
Default: 0

WARNING: This is an experimental feature and not tested very well.

If you only use H.323 equipment that supports provisionalRespToH245Tunneling, you can set this switch to keep H.245 tunneling enabled when using gatekeeper generated CallProceeding.


EnableH450.2=1
Default: 0

When set, GnuGk will intercept H.450.2 call transfer messages and if possible transfer the call on behalf of the endpoint. This allows the endpoint initiated transfering of calls where the remote endpoint may not support H.450 and the gatekeeper initiates the call transfer.


TranslateReceivedQ931Cause=17:=34
Default: N/A

Translate all received cause codes in ReleaseComplete messages. In the above example code 17 (User busy) will be translated into cause code 34 (No circuit/channel available).


TranslateSentQ931Cause=21:=34,27:=34
Default: N/A

Translate all cause codes in ReleaseComplete messages sent out. In the above example code 21 and 27 will be translated into cause code 34, because this particular gateway might deal with error code 34 better than with others.


RemoveH235Call=1
Default: 0

For compatibility with endpoints which do not support large Setup messages, this switch removes tokens and cryptoTokens from Setups to make them smaller.


RemoveH460Call=1
Default: 0

For compatibility with pre-H323v4 devices that do not support H.460, this switch strips the H.460 feature advertisements from the Setup PDU. Usually they should be ignored anyway; use this switch if they cause trouble.


ForceNATKeepAlive=1
Default: 0

Force ALL registrations to use a keepAlive TCP socket.


EnableH46018=1
Default: 0

Enable support for H.460.18 and H.460.19. This feature is covered by patents held by Tandberg. If you don't use the official releases by the GNU Gatekeeper Project, make sure you have a valid license before enabling it.


H46018NoNat=0
Default: 1

Enable H.460.18 if the endpoint is not behind a NAT. Setting to 0 will disable H.460.18 if the endpoint is detected as not being behind a NAT. If H.460.23 is supported and enabled then direct media is still supported.


EnableH46023=1
Default: 0

Enable support for H.460.23/.24


H46023STUN=stun.ekiga.net,192.168.1.10
Default: N/A

Sets the STUN server list for use with H.460.23 seperated by (,). Each Network interface must have a STUNserver set for H.460.23 support on that interface.


TranslateSorensonSourceInfo=1
Default: 0

Translate the non-standard caller information from a Sorenson VP200 into sourceAddress and CallingPartyIE.

6. หัวข้อ [Proxy]

The section defines the H.323 proxy features. It means the gatekeeper will route all the traffic between the calling and called endpoints, so there is no traffic between the two endpoints directly. Thus it is very useful if you have some endpoints using private IP behind an NAT box and some endpoints using public IP outside the box.

The gatekeeper can do proxy for logical channels of RTP/RTCP (audio and video) and T.120 (data). Logical channels opened by fast-connect procedures or H.245 tunneling are also supported.

Note to make proxy work, the gatekeeper must have direct connection to both networks of the caller and callee.


Enable=1
Default: 0

Whether to enable the proxy function. You have to enable gatekeeper routed mode first (see the previous section). You don't have to specify H.245 routed. It will automatically be used if required.


InternalNetwork=10.0.1.0/24
Default: N/A

Define the networks behind the proxy. Multiple internal networks are allowed. The proxy route channels only the communications between one endpoint in the internal network and one external. If you don't specify it, all calls will be proxied. If using GnuGk behind a NAT and the [Gatekeeper::Main] ExternalIP is set then there is not requirement to set this as it is auto-detected at startup. Using this setting will simply override the default detected settings.


Format:
InternalNetwork=network address/netmask[,network address/netmask,...]

The netmask can be expressed in decimal dot notation or CIDR notation (prefix length), as shown in the example.

Example:
InternalNetwork=10.0.0.0/255.0.0.0,192.168.0.0/24


ProxyAlways=1
Default: 0

Always proxy all calls regardles of other settings.


T120PortRange=40000-40999
Default: N/A (let the OS allocate ports)

Specify the range of TCP port number for T.120 data channels. Note the range size may limit the number of concurrent calls. See remarks about TIME_WAIT socket state timeout in the Q931PortRange description.


RTPPortRange=50000-59999
Default: 1024-65535

Specify the range of UDP port number for RTP/RTCP channels. Since RTP streams require two sockets, the range has to contain an even number of ports. Note that the range size may limit the number of possible concurrent calls.


ProxyForNAT=1
Default: 1

If yes, the gatekeeper will proxy for calls to which one of the endpoints participated is behind an NAT box. This ensure the RTP/RTCP stream can penetrate into the NAT box without modifying it. However, the endpoint behind the NAT box must use the same port to send and receive RTP/RTCP stream. If you have bad or broken endpoints that don't satisfy the precondition, you have better to disable this feature and let the NAT box forward RTP/RTCP stream for you.


ProxyForSameNAT=1
Default: 1

Whether to proxy for calls between endpoints from the same NAT box. There is a degree of uncertainty when endpoints are behind the same NAT as to whether they can communicate directly as one or both may be on subNATs. Disable this feature with caution.


DisableH235Call=1
Default: 0

This setting removes the cryptoTokens and clearTokens off the Setup message. Use this when working with IP phones that do not support large Setup messages


DisableH460Call=1
Default: 0

This setting removes the H.460 features from the Setup message. Use this with pre-H.323v4 endpoints and gateways which cannot decode these messages.


DisableRTPQueueing=1
Default: 0

Sometimes GnuGk will receive RTP data before it knows where to fordward it to. By default GnuGk will queue this data up to a ceratin amount and send it once the destination becomes available. In some cases this can cause a short loopback of RTP data, so you might want to disable RTP queueing.


EnableRTPMute=1
Default: 0

This setting allows either call party in media proxy mode to mute the audio/video by sending a * as either string or tone.userinput. The sending of * mutes the audio/video and a subsequent send of * unmutes the audio/video. Only the party who muted the call can unmute. This is designed as a hold function for terminals which do not support H450.4.


RemoveMCInFastStartTransmitOffer=1
Default: 0

Remove the mediaChannel from fastStart transmit offers. For unicast transmit channels, mediaChannel should not be sent on offer; it is responsibility of callee to provide mediaChannel in an answer.


SearchBothSidesOnCLC=1
Default: 0

The H.245 CloseLogicalChannel request should only reference the endpoint's own logical channels. Some bad endpoint implementations require searching and closing logical channels for the other endpoint as well. Up to version 2.3.0 GnuGk did this automatically, but it can break channel establishment in some cases, so now you have to set this switch if you have these broken endpoints.

7. หัวข้อ [ModeSelection]

In routed mode or proxy mode, you can use this section to specify the exact routing mode (routed mode, routed mode plus H.245 routing or proxy mode) by IP network.


Syntax:
network=mode[,mode]

The network is specified by an IP plus optional CIDR, eg. 192.168.1.0/24. The rule for the network with the longest netmask is used (the most specific).


Possible modes are (the names are case in-sensitive)

ROUTED
Routed mode where Q.931 messages are routed, but not H.245 messages (unless H.245 tunneling is active).
H245ROUTED
Routed mode plus H.245 routing.
PROXY
Proxy mode with RTP proxying.
The first mode is used for calls into and out of the specified network. The second mode is used for calls that stay inside the network. If only one mode is specified it is used for both cases.


Example:
In this example calls into and out of the 1.2.3.0/24 network are proxied, but calls that remain inside this network are in routed mode. Calls in the 3.4.5.0/24 are always proxied, even when they remain inside the network, unless IP 3.4.5.6 is involved. If 2 networks have a rule for the call, the one with the most proxying is used, eg. a call from 192.168.1.222 to 3.4.5.20 would be proxied.


[ModeSelection]
127.0.0.0/24=ROUTED
192.168.0.0/18=H245ROUTED,ROUTED
1.2.3.0/24=PROXY,ROUTED
3.4.5.0/24=PROXY,PROXY
3.4.5.6=ROUTED


If no rules matches the settings [RoutedMode]GkRouted=, H245Routed= or [Proxy]Enable= are used to determine the routing mode.

There are a few cases where these rules don't apply, because GnuGk knows that the call needs proxying: For example calls involving H.460.18/.19 will always be proxied (because this protocol requires proxing).

8. คอนฟิกเกี่ยวกับ Routing
The following sections in the config file can be used to configure how calls are routed.

Each call gets passed down a chain of routing policies. Each policy may route the call and terminate the chain or modify it and pass it on. You can use the setting in the following sections to specify which policies to use and modify their behavior.

8.1 หัวข้อ [RoutingPolicy]

This section explains how the various potential routing policies within the gatekeeper work.

The incoming call requests can be routed using the following possibilities:


explicit

The destination is explicitly specified in the routing request.


internal

The classical rule; search the destination in RegistrationTable


parent

Route the call using information sent by the parent gatekeeper in reply to an ARQ the gatekeeper will send. You can define your parent gatekeeper using the Endpoint section.


neighbor

Route the call using neighbors by exchanging LRQ messages.


dns

The destination is resolved from DNS, provided it is resolvable.


sql

Route calls by rewriting the called alias with a database query or send them directly to a destination IP. The database parameters are specified in the Routing::Sql section.


vqueue

Use the virtual queue mechanism and generate a RouteRequest event to let an external application do the routing.


numberanalysis

Provides support for overlapped digit sending for ARQ messages. This also partially supports Setup messages (no overlapped sending - only number length validation).


enum

ENUM (RFC3761) is a method to use DNS lookups to convert real International Direct Dialing E.164 numbers into H.323 dialing information. The default servers are e164.voxgratia.net, e164.org and e164.arpa. To specify your own server you may either specify the list via the ENUMserver variable in the RoutedMode section or specify an environmental variable PWLIB_ENUM_PATH with the address of your preferred enum servers. Multiple servers should be separated by a colon(:) on Linux and a semicolon (;) on Windows. (PWLIB_ENUM_PATH is supported starting with PWLib 1.8.0; 1.7.5.2 (Pandora) doesn't support it.)

The enum policy replaces the destination with the information returned by the ENUM server, so you must have the appropriate routing policies to continue processing the call after the enum policy. You should have the srv and dns policies after the enum policy, because the new location is often returned in the form of 'number@gatekeeper' and the srv and dns policies are needed to resolve this.

Finally, keep in mind that each routing check with the enum policy requires a DNS lookup. To speed up your routing, make sure you resolve internal destinations before the enum policy is applied.


srv

DNS SRV or H.323 Annex O allows for the routing of calls using a H.323 URI. Addresses can be configured as user (at) domain. H.323 URIs are stored in the DNS domain records of the domain and are queried to find the destination. Records can be used to determine the signaling address or for the LRQ address.


rds

URN RDS or Universal resources name resolver discovery system is a system (as defined in RFC 2915 Sect 7.2 whereby domain names SRV records are hosted on other domains. In this policy the servers set by [RoutedMode] RDSServers are queried to resolve URI's whose domains do not have SRV records. This can be used to virtually host URL domains or centralize the control of SRV records.


catchall

This policy will route all calls that reach it to one endpoint specified in the Routing::CatchAll section. You can use it as a fallback at the end of the policy chain to route all calls which would otherwise fail.



Default configuration for routing policies is as follows:


[RoutingPolicy]
default=explicit,internal,parent,neighbor
If one policy does not match, the next policy is tried.

These policies can be applied to a number of routing request types and routing input data. The different types are ARQ, LRQ, Setup and Facility (with the callForwarded reason). There is also the general routing policy, which is a default for the other types.


Example:

[RoutingPolicy]
h323_ID=dns,internal
002=neighbor,internal
Default=internal,neighbor,parent
When a message is received which requires a routing decision, all calls to an alias of the h323_ID type will be resolved using DNS. If DNS fails to resolve the alias, it is matched against the internal registration table. If a call is requested to an alias starting with 002, first the neighbors are checked and then the internal registration table. If the requested alias is not an h323_ID or an alias starting with 002, the default policy is used by querying the internal registration table, then the neighbors, and if that fails the parent.

For the ARQ, LRQ, Setup and Facility messages one would use the [RoutingPolicy::OnARQ], [RoutingPolicy::OnLRQ], [RoutingPolicy::OnSetup] and [RoutingPolicy::OnFacility] sections using the syntax explained above.


Example:

[RoutingPolicy::OnARQ]
default=numberanalysis,internal,neighbor
A typical ENUM routing setup would look like this:

Example:

[RoutingPolicy]
default=explicit,internal,enum,dns,internal,parent,neighbor

8.2 หัวข้อ [RasSrv::RewrteE164]

This section defines the rewriting rules for dialedDigits (E.164 number).


Format:
[!]original-prefix=target-prefix

If the number begins with original-prefix, it is rewritten to target-prefix. If the `!' flag precedes the original-prefix, the sense is inverted and the target-prefix is prepended to the dialed number. Special wildcard characters ('.' and '%') are available.

Example:
08=18888

If you dial 08345718, it is rewritten to 18888345718.

Example:
!08=18888

If you dial 09345718, it is rewritten to 1888809345718.

Option:

Fastmatch=08
Default: N/A

Only rewrite dialDigits beginning with the specified prefix.

8.3 หัวข้อ [RasSrv::RewriteAlias]

This section defines the rewriting rules for aliases. This can be used to map gatekeeper assigned aliases to registered endpoints.


Format:
[!]original-alias=target-alias

If the alias is original-alias, it is rewritten to target-alias.

Example:
bill=033123456