Softpedia >Linux >System >Networking >GNU Gatekeeper >  Changelog

GNU Gatekeeper Changelog

What's new in GNU Gatekeeper 3.9

Jul 12, 2015
  • bug fixes, including a crash and hanging status port on Windows servers
  • a new IP/port detection algorithm for endpoints behind NAT that works well even with unregistered (!) endpoint
  • neighbor pings to speed up call routing if your neighbors are frequently down
  • geo-blocking: with the GeoIPAuth policy, you can allow or block calls based on the location of the IP
  • status port event back log: When you connect to the status port to diagnose an issue, the relevant events are already gone. With this new feature you can tell GnuGk to save the last n events and show them later on. This way you can take a look at eg. the last 100 failed registrations etc.
  • QoS DiffServ marking for RAS, H.225 and H.245 messages (based on patch provided by Vidyo) Now you can set the DiffServ class for signaling messages. Previously you could only mark RTP packets.
  • support for H.235.TSSM: H.235 needs time synchronization between gatekeeper and endpoints and the proposed H.235.TSSM standard provides a means for endpoints to detect that they are not in sync with the gatekeeper and apply a time offset.

New in GNU Gatekeeper 3.8 (Jan 29, 2015)

  • In response to the current wave of H.323 spam / hacking GnuGk 3.8 has a number of improvements to security related features:
  • endpoint IDs are now completely random and not as easily guessable as they were before
  • GnuGk is now using better random numbers in security relevant places
  • new authentication modules using LUA scripts called LuaAuth
  • new switch [RasSrv::ARQFeatures] CheckSenderIP=1 to make sure ARQs come from the same IP as the initial registration
  • FileIPAuth is now able to check ARQ messages
  • AliasAuth updated to work with H.460.18 endpoint
  • PrefixAuth was extended to support unregistered calls
  • SQLAuth can now operate on SrcInfo fields using %{SrcInfo}
  • improvements to the addpasswd utility.
  • Other new non-security related features include:
  • The CatchAll policy now rewrites the destination alias which makes it easier to send CatchAll calls to MCU rooms.
  • You can now filter out whole capability classes, eg. all video or H.239 capabilities if some of your endpoints have trouble handling them
  • A new switch [Gatekeeper::Main] MinH323Version= lets you set the H.323 version GnuGk identifies itself as using (up to the latest version 7). This is mainly to deal with endpoint that switch features when they believe they are talking to older endpoints (which one shouldn't be doing...)
  • a number bugs and crashes fixed

New in GNU Gatekeeper 3.5 (Jan 3, 2014)

  • New features:
  • implement H.460.22 to negotiate the use of TLS
  • language based routing (using the upcoming H.323v8)
  • new command line switch -mlock to prevent GnuGk from being swapped out
  • new section [ModeVendorSelection] to set proxy mode based on endpoint vendor
  • support for challenge/response authentication using DES-ECB, eg. from Avaya endpoints
  • new switch [RoutedMode] FilterEmptyFacility= (Avaya interop)
  • new switch [RoutedMode] ProxyHandlerHighPrio=0 to avoid setting the proxy handler to high priority; needed to run GnuGk on certain virtualization platforms
  • print number of proxied calls and peak number of calls in statistics on status port
  • new switch [RoutedMode] H46023ForceNat
  • new switch [RewriteSourceAddress] TreatNumberURIDialedDigits
  • more detailed codec descriptions in %{codec} and Radius attribute
  • process multiple terminal-alias VSA from Radius
  • extend [GkStatus::Message] for URQ
  • Configuration changes:
  • changed default call signaling port from 1721 to 1720
  • replace H235HalfCallMediaStrength= switch with H235HalfCallMaxTokenLength= switch
  • disable use of SHA1 for TLS by default, the new switch [TLS] CipherList= can be used to customize the cipher selection
  • Bug fixes:
  • BUGFIX(GkStatus.cxx) disable ssh compression to avoid libssh bug, fix memleak, implement cmdline command execution
  • BUGFIX(Neighbor.cxx) fix H.460 VendorInfo in LCF without TLS or NAT Support
  • BUGFIX(Routing.cxx) fix DNS policy to allow calls by IP:port to endpoint on same IP as gatekeeper
  • BUGFIX(ProxyChannel.cxx) fix RTCP forwarding with EnableRTCPStats=1
  • BUGFIX(ProxyChannel.cxx) fix race condition in call failover
  • BUGFIX(ProxyChannel.cxx) fix use of RTP multiplex port for non-multiplexing calls
  • BUGFIX(ProxyChannel.cxx) offer H.245 tunneling for H.460.18 calls when translation switch is on
  • BUGFIX(ProxyChannel.cxx) fix removal of h245Address in H.245 tunneling translation
  • BUGFIX(ProxyChannel.cxx) fix H.245 tunneling translation when H.245 connection is actively established by the gatekeeper and there are pending H.245 messages
  • BUGFIX(ProxyChannel.cxx) don't send a ReleaseComplete for Status messages outside of calls
  • BUGFIX(ProxyChannel.cxx) use Facility with reason transportedInformation for H.245 tunneling translation for H.225 version >= 4
  • BUGFIX(RasSrv.cxx) fix port detection for traversal clients
  • BUGFIX(RasTbl.h) fix translation of 2nd CallProceeding to unregistered endpoint
  • BUGFIX(yasocket.h) fix TLS with LARGE_FDSET

New in GNU Gatekeeper 3.4 (Sep 20, 2013)

  • This version brings support for H.460.26 (RTP over TCP) and many new crypto features, as well as LDAP/ActiveServer support.

New in GNU Gatekeeper 3.3 (May 14, 2013)

  • Ths new version support H.460.18/.19 between parent and child gatekeepers as well as pre-granted ARQs.
  • It also has a number of interoperability fixes and bugfixes.

New in GNU Gatekeeper 3.2 (Jan 16, 2013)

  • This release allows multiple instances of routing policies and supports additive registrations.
  • It also has many bugfixes for high load situations.

New in GNU Gatekeeper 3.0.2 (May 5, 2012)

  • This version fixes two bugs in the stable release.

New in GNU Gatekeeper 3.0.1 (Jan 30, 2012)

  • This bugfix release fixes three rare bugs.

New in GNU Gatekeeper 3.0 (Jan 5, 2012)

  • Full support for IPv6 and gatekeeper-to-gatekeeper traversal zones are the most important features.
  • RTP multiplexing allows all calls to work on a total of 2 sockets, H.235 password support was improved, and firewalls can now be notified when new ports need to be opened.

New in GNU Gatekeeper 2.2.8 (Jan 10, 2009)

  • This release includes new database drivers for ODBC and SQLite, an auto-reconnect feature for all database drivers, and support for using stored procedures when using MySQL.
  • The extended 'sql' routing policy now supports setting multiple failover routes.