Thursday, December 3, 2015

GNU Gatekeeper 4.0 available

I am pleased to announce the release of GNU Gatekeeper 4.0.

It is now available from

This release includes source code suitable for Linux, Windows, MacOS X,
FreeBSD, NetBSD, OpenBSD and Solaris and executables for Linux.

GnuGk 4.0 includes many new features as well as some important bug
fixes, but remains fully compatible with your previous configuration

Whats new ?
  • rewrite of the H.235 password authentication - much better interoperability and much more secure (it is high time to get ride of MD5 based authentication!)
  • IP authentication for all RAS and Q.931 messages
  • important IPv6 updates and fixes
  • support for TCS0 call transfers ("reroute") that can be initiated from applications
  • better NAT traversal support for unregistered endpoints
  • better blocking of spam calls using SQLAuth
  • per endpoint codec filtering
  • DisplayIE rewriting
  • more secure handling of status port passwords (only hash stored)
  • important fix for ODBC database driver
  • CalledPartyNumber IE rewriting for better Polycom interoperability
  • bug fixes

Some of the new 4.0 features are discussed in more detail this post:

Changes from 3.9 to 4.0
  • [...PasswordAuth] CheckID switch is now deprecated, use [H235] CheckSendersID instead
  • provide vendor informations from ARQ or Setup as %{Vendor} in SQLAuth CallQuery
  • prepend timestamp to events in status port backlog
  • BUGFIX(Routing.cxx) remove newlines from vendor string before sending out  RouteRequest to virtual queue
  • BUGFIX(gksql_odbc.cxx) fix DSN initialization when having multiple DSNs at the same time
  • new switch: [RoutedMode] UpdateCalledPartyToH225Destination=1 to always rewrite the CalledPartyNumberIE in Setup to the first E.164 of the H.225 destinationAddress
  • BUGFIX(ProxyChannel.cxx) fix crash on shutdown
  • new settings for [RoutedMode] ScreenDisplayIE=: 'Calling', 'Called', 'CallingCalled' to set the DisplayIE to the (rewritten) caller ID
  • new switch: [RoutedMode] AppendToDisplayIE= to add a string to the DisplayIE when ScreenDisplayIE= is on
  • changed default: H.460.18 keep-alive in traversal zone between neighbors now defaults to 19 sec (was 29)
  • new switch: [RoutedMode] H46018KeepAliveInterval=
  • BUGFIX(ProxyChannel.cxx) better port detection for H.239 when IgnoreSignaledPrivateH239IPs=1
  • BUGFIX(gkacct.cxx) %{caller-port} and %{called-port} now default to "0" instead of the empty string when not available (eg. in direct mode) to avoid SQL errors when they are stored in a numeric column
  • BUGFIX(RasSrv.cxx) fix additive registration with parent gatekeeper
  • BUGFIX(ProxyChannel.cxx) fix IPv6 dual-stack proxy on Linux and Windows
  • dump file descriptor usage on USR2 signal (Linux only)
  • new switch [RoutedMode] DisableFastStart=1
  • support for H.235.1, incl. setting and checking tokens in all RAS and Q.931 messages
  • extend SimplePasswordAuth and FileIPAuth to all RAS and all Q.931 messages
  • store only PBKDF2 hash for [GkStatus::Auth] password in config, not a recoverable password
  • BUGFIX(ProxyChannel.cxx) fix crash when receiving message without UUIE
  • new switch [EP::] DisabledCodecs=
  • much improved TCS0 3rd-party call transfer using 'Reroute' command on status port
  • BUGFIX(Routing.cxx) add field for destination alias in ARQ if missing and a dynamic routing policy sets it
  • BUGFIX(ProxyChannel.cxx) fix crash in H.235 Media for endpoints with more than 64 capability entries in TCS
  • new switch [Proxy] AllowSignaledIPs= to skip to skip auto-detect for network when IgnoreSignaledIPs=1