Thursday, January 2, 2014

GNU Gatekeeper Version 3.5 released

I'm happy to announce the release of GNU Gatekeeper version 3.5.
The new version brings a number of new features as well as a number of
important bug fixes and a few changes in configuration options.

As usual, you can download the source code and executable for Linux, Windows, FreeBSD, OpenBSD, NetBSD and Solaris from

New features:

  • implement H.460.22 to negotiate the use of TLS
  • language based routing (using the upcoming H.323v8)
  • new command line switch -mlock to prevent GnuGk from being swapped out
  • new section [ModeVendorSelection] to set proxy mode based on endpoint vendor
  • support for challenge/response authentication using DES-ECB, eg. from Avaya endpoints
  • new switch [RoutedMode] FilterEmptyFacility= (Avaya interop)
  • new switch [RoutedMode] ProxyHandlerHighPrio=0 to avoid setting the proxy handler to  high priority; needed to run GnuGk on certain virtualization platforms
  • print number of proxied calls and peak number of calls in statistics on status port
  • new switch [RoutedMode] H46023ForceNat
  • new switch [RewriteSourceAddress] TreatNumberURIDialedDigits
  • more detailed codec descriptions in %{codec} and Radius attribute
  • process multiple terminal-alias VSA from Radius
  • extend [GkStatus::Message] for URQ

 Configuration changes:

  • changed default call signaling port from 1721 to 1720
  • replace H235HalfCallMediaStrength= switch with H235HalfCallMaxTokenLength= switch
  • disable use of SHA1 for TLS by default, the new switch [TLS] CipherList= can be used to customize the cipher selection

Bug fixes:

  • BUGFIX(GkStatus.cxx) disable ssh compression to avoid libssh bug, fix memleak, implement cmdline command execution
  • BUGFIX(Neighbor.cxx) fix H.460 VendorInfo in LCF without TLS or NAT Support
  • BUGFIX(Routing.cxx) fix DNS policy to allow calls by IP:port to endpoint on same IP as gatekeeper
  • BUGFIX(ProxyChannel.cxx) fix RTCP forwarding with EnableRTCPStats=1
  • BUGFIX(ProxyChannel.cxx) fix race condition in call failover
  • BUGFIX(ProxyChannel.cxx) fix use of RTP multiplex port for non-multiplexing calls
  • BUGFIX(ProxyChannel.cxx) offer H.245 tunneling for H.460.18 calls when translation switch is on
  • BUGFIX(ProxyChannel.cxx) fix removal of h245Address in H.245 tunneling translation
  • BUGFIX(ProxyChannel.cxx) fix H.245 tunneling translation when H.245 connection is  actively established by the gatekeeper and there are pending H.245 messages
  • BUGFIX(ProxyChannel.cxx) don't send a ReleaseComplete for Status messages outside of calls
  • BUGFIX(ProxyChannel.cxx) use Facility with reason transportedInformation for  H.245 tunneling translation for H.225 version >= 4
  • BUGFIX(RasSrv.cxx) fix port detection for traversal clients
  • BUGFIX(RasTbl.h) fix translation of 2nd CallProceeding to unregistered endpoint
  • BUGFIX(yasocket.h) fix TLS with LARGE_FDSET