Friday, January 6, 2017

GNU Gatekeeper 4.4 released

GNU Gatekeeper 4.4 was released today. This is mainly a bug fix release
with only 2 new features.

If you use SSH on your status port you are urged to update as soon as
possible and also if you use LUA scripting. Two serious bugs have been
fixed for these features where GnuGk can be crashed remotely.

A new feature is the RequireOneNet policy that allows you to restrict
access to publicly accessible traversal gatekeepers. Now you can easily
define that one end of all calls must terminate in one of your own
networks and prevent abuse of your resources by 3rd parties.

The other new feature is a significant improvement to the MakeCall
command on the status port. It is now able to establish video calls and
supports virtually all endpoints by using GnuGk's call reroute feature.

Changed config switches:
  • [Proxy] ProxyForNAT now defaults to OFF
  • [CTI::MakeCall] DisableFastStart has been removed, fastStart is now always disabled

You can download the new version from

Please see the full change log below.

These know bugs haven't been addressed, yet:
  • when GnuGk acts as a H.460.18 client (as client in a H.460.18 traversal zone with another gatekeeper or as child gatekeeper), it currently does not send a keep-alive on the Q.931 TCP connection  during a call
  • bandwidth management currently only applies to calls from registered endpoints and ignores unregistered calls completely

Changes from 4.3 to 4.4
  • [CTI::MakeCall] TransferMethod can now also be Reroute, DisableFastStart switch removed
  • BUGFIX(MakeCall.cxx) fix MakeCall bearer capabilities to support video calls
  • BUGFIX(ProxyChannel.cxx) don't send Notify after call Reroute: Polycom RealPresens  starts a flood of Status messages
  • BUGFIX(GkStatus.cxx) call ssh_init() and ssh_finalize() only on application start and shutdown
  • BUGFIX(ProxyChannel.cxx) fix IP check for IgnoreSignaledPrivateH239IPs= switch
  • new accounting/authentication policy RequireOneNet
  • pass full RRQ message to LuaAuth
  • BUGFIX(ProxyChannel.cxx) when opening a port from a PortRange fails, try next port  regardless of errno
  • BUGFIX(lua.cxx) add mutex for LUA interpreter, because it is not thread safe
  • added message type parameter in RouteRequest event (ARQ, Setup, LRQ)
  • BUGFIX(yasocket.cxx) fix UDP with LARGE_FDSET on Solaris, OpenBSD and NetBSD
  • BUGFIX(RasTbl.cxx) fix crash on invalid AliasTypeFilter setting
  • changed default setting: [Proxy] ProxyForNAT now defaults to off, if you want to keep the previous behaviour, please set it explicitely