Sunday, January 25, 2015

Replacing a Radvision ECS Gatekeeper with a GNU Gatekeeper

In many cases GnuGk can act as a drop-in replacement for the ECS Gatekeeper. I just noticed one strange thing: Radvision MCUs seem to register endpoint aliases instead of prefixes with the ECS and the ECS treats registrations from MCUs as prefixes. To fix that, you can simply assign prefixes to the MCU in your GNU Gatekeeper configuration and everything works like before.


Friday, January 2, 2015

GNU Gatekeeper 3.8 released

I am pleased to announce a new release of the GNU Gatekeeper, version 3.8, available from

This release includes source code sutitable for (Linux, Windows, MacOS, FreeBsd, NetBSD, OpenBSD and Solaris) and executables for Linux.

In addition to the new GnuGk version, I'm also happy to announce the general availability of the new Web Interface.

In response to the current wave of H.323 spam / hacking GnuGk 3.8 has a number of improvements to security related features:

  • endpoint IDs are now completely random and not as easily guessable as they were before
  • GnuGk is now using better random numbers in security relevant places
  • new authentication modules using LUA scripts called LuaAuth
  • new switch [RasSrv::ARQFeatures] CheckSenderIP=1 to make sure ARQs  come from the same IP as the initial registration
  • FileIPAuth is now able to check ARQ messages
  • AliasAuth updated to work with H.460.18 endpoint
  • PrefixAuth was extended to support unregistered calls
  • SQLAuth can now operate on SrcInfo fields using %{SrcInfo}
  • improvements to the addpasswd utility.

Other new non-security related features include:

  • The CatchAll policy now rewrites the destination alias which makes it easier to send CatchAll calls to MCU rooms.
  • You can now filter out whole capability classes, eg. all video or H.239 capabilities if some of your endpoints have trouble handling them
  • A new switch [Gatekeeper::Main] MinH323Version= lets you set the H.323 version GnuGk identifies itself as using (up to the latest version 7). This is mainly to deal with endpoint that switch features when they believe they are talking to older endpoints (which one shouldn't be doing...)
  • a number bugs and crashes fixed