Packetizer Forums: GNU Gatekeeper (GnuGk)

User Poll

2025-08-25T12:36:16Z

The GNU Gatekeeper project is doing a poll what our users need and how we can do better.
Which new features do you need, what needs fixing ?

https://gnugk.org/survey-2025.html

Please give us feedback!

GNU Gatekeeper 5.12

2024-02-19T18:08:17Z

GNU Gatekeeper version 5.12 has been released.

Another important bug in the handling of the ExternalIP switch has been fixed as well as Y2K38 issues.

This release also adds features:
- support for Oracle databases
- easier cloud deployment with IP detection with STUN
- better load scaling by mixing proxied with direct mode endpoints in a single gatekeeper
- Windows 64bit executables with VS2022

All changes and additions:
- enable more runtime hardening flags from OpenSSF recommendation 11/2023
- fix bug with H.245 address when using ExternalIP= switch without H.460.18/.19
- auto-detect public IP with ExternalIP=STUN and STUNServer=stun.example.com
- compiler support for VS2022
- new database driver for Oracle and new timestamp format 'Oracle'
- new switch [EP::xxx] ForceDirectMode=1 to handle all calls from this endpoint in direct mode
- BUGFIX(RasSrv.cxx, gkauth.cxx) make sure time_t is handled unsigned to avoid Y2K38 issue
- BUGFIX(ProxyChannel.cxx) check for too small packets when acting as encryption proxy

Download from https://www.gnugk.org/h323download.html

GNU Gatekeeper 5.9

2021-12-03T14:51:57Z

GNU Gatekeeper version 5.9 has been released.

Download: https://www.gnugk.org/h323download.html

New features:
- new switches [Proxy] CachePortDetection=1 and
CachePortDetectionDuration= to cache port detection packets
for faster media connects when IgnoreSignaledIPs= is active
- new switch: [EP::] ForceTerminalType=
- new place holder for port notifications: %t for port type
- experimental: better error recovery if multiplexed RTP sending fails

Bug fixes:
- fix bug in port detection with AllowSignaledIPsFrom=
- when DNS name resolves to IP without alias, remove alias from ACF completely (Cisco interop)
- remove RTP session 0 from internal tables once H.245 master has assigned a session ID
- fix compilation of Avaya support
- initialized cmsg struct to zero before using
- fix regression introduced with MatchH239SessionsByIDOnly= switch

If you want a say what goes into the next version, please head over to
https://www.gnugk.org/survey-2021.html and give us some feedback!

GNU Gatekeeper 5.7

2021-03-04T21:04:18Z

This version has some important bug fixes, improves interoperability
with other vendors and also has a few new features.

Bug fixes:
- several severe crashes and a few memory leaks have been fixed

Improved interoperability with:
- Lifesize endpoints
- Poly's Microsoft Teams gateway
- Polycom RealPresence Capture Server

New features:
- You get a warning in the GUI / on the status port if one of your endpoints has an incorrect time setting and this password authentication fails. This makes trouble shooting a lot easier.

- Invalid TPKT packets (eg. due to network errors) now don't necessarily take down an otherwise healthy call. Use the new AbortOnInvalidTPKT=0 switch to enable.

- You have a new %{Vendor} variable for SqlAuth RegQuerys and LuaAuth

Full change log:

- BUGFIX(ProxyChannel.cxx) fix crash on non-standard H.245 Indication from Polycom RealPresence Capture Server
- BUGFIX(ProxyChannel.cxx) fix possible crashes on non-standard generic information in OLCs
- print warning message on status port when passwords get rejected due to wrong time
- BUGFIX(httpacct.cxx) fix memory leak
- BUGFIX(ProxyChannel.cxx) fix possible crash
- BUGFIX(gk.cxx) avoid crash when terminating in the middle of program startup, set non-zero exit code so restarter notices error
- return unused memory back to OS periodically
- new switch: [RoutedMode] AbortOnInvalidTPKT=0 for more graceful handling of network errors
- BUGFIX(gk.cxx) fix for running on Alpine Linux (needs updated PTLib, too)
- don't start GnuGk if RTP multiplexing is configured, but we can't start the listener
- new switch: [RoutedMode] MatchH239SessionsByType=0 to fix presentations with LifeSize endpoints over Poly's Microsoft Teams gateway
- BUGFIX(ProxyChannel.cxx) make sure we don't set RTP address on multiplexed RTCP keepalive
- BUGFIX(RasSrv.cxx) look at all tokens for H.235.TSSM
- add %{Vendor} variable for SqlAuth RegQuery and LuaAuth

GNU Gatekeeper 5.4 released

2020-01-07T12:44:53Z

I am happy to announce the release of GNU Gatekeeper 5.4.

You can download it from https://www.gnugk.org/h323download.html

New features:
- new accounting module to send accounting data to an MQTT server
- support for redis as database (eg. as backend for password storage)

Bug fixes:
- important fix for H.245 tunneling translation with H.460.18 endpoints
- fix for snmpwalk in PTLib-SNMP implementation
- fix sending alternate gatekeeper list to endpoints with assigned gatekeeper
- improved DRQ from child gatekeepers
- fix TLS with neighbor gatekeeper

Please also note that a bug has been found in PTLib that can cause a
crash in any GnuGk version if you use the status port (manually of from
an application). Please upgrade to PTLib 2.10.9.3!

Get PTLib and H323Plus from https://www.h323plus.org/source/

GNU Gatekeeper 5.3

2019-10-30T14:37:38Z

GNU Gatekeeper 5.3 is out!

You can download it from https://www.gnugk.org/h323download.html

This release has a number of new features as well as some important bug
fixes.

Whats new ?

LRQ loop detection to optimize calls flows between multiple
neighbor gatekeepers
This new feature has the potential to significantly reduce the load
on all gatekeepers and prevent "LRQ storms".
new routing policy to set call destinations by querying HTTP
or REST servers, see [Routing::Http]
much improved support for SNMP
important bug fix for TLS encryption of signaling channels
important bug fixes for H.460.18 (for H.245 tunneling and for
multi-homed servers)
performance optimization: this version can handle 5-10% more proxied
calls on the same hardware
performance optimization: re-authenticate lightweight, additive
registrations only when new aliases differ
This significantly reduces the load on password databases.

Blog post: https://blog.gnugk.org/2019/07/gnu-gatekeeper-5-3.html

Enjoy!

GNU Gatekeeper 5.1

2019-01-07T07:32:22Z

I have released GNU Gatekeeper version 5.1.

You can download it from https://www.gnugk.org/h323download.html

The main new feature in this release is H.245 multiplexing.
Together with the long supported RTP multiplexing it allows GnuGk to
handle a large amount of calls from H.460 endpoints using just 5
ports total.

Whats new ?

- support for H.245 multiplexing with H.460.18:
[RoutedMode] EnableH245Multiplexing=1, H245MultiplexPort=1722
- improved interop with Lifesize Icon (H.235), Scopia VC240 (H.460.18)
and Yealink Mobile (H.460.19)
- improved detection of neighbor gatekeeper availability
- public IP detection for Google Cloud
- new feature to let GnuGk send an event if port detection fails

There were also a number of bug fixes, please see changes.txt or the
blog post:
https://blog.gnugk.org/2019/01/gnu-gatekeeper-5-1.html

Enjoy!

GNU Gatekeeper 3.9 released

2015-07-10T16:16:31Z

GnuGk 3.9 is out now.

Release Notes:
http://blog.gnugk.org/2015/07/gnu-gatekeeper-39-released.html

Download:
http://www.gnugk.org/h323download.html

GNU Gatekeeper 3.2

2013-01-15T17:02:03Z

Dear community,

I'm happy to announce the availability of GNU Gatekeeper 3.2. This is
the first version released by Relaxed Communications GmbH, the company I
recently founded to provide consulting and support for GnuGk.

Version 3.2 has a few new features and many bugfixes, especially for
those of you with a lot of calls. There are executables for Linux,
Windows, FreeBSD, NetBSD and OpenBSD.

http://www.gnugk.org/gnugk-3.2.html

New Features:

The most important new feature in my view is the ability to have
multiple instances of routing policies with different configuration.
Another very important feature is support for additive registrations.

Here is the full list:

allow multiple instances of routing policies with different settings (currently works for sql, enum, srv, dns, numberanalysis, lua, forwarding)
support for additive registration for gateways, new switch [RasSrv::RRQFeatures] EnableAdditiveRegistration
new Alias SQL variable "Additive-RRQ"
new [Gatekeeper::Main] TTLExpireDropCall switch to prevent calls being dropped due to registration timeout
added AssignedGatekeeper support to child gatekeeper
new [Routing::Sql] EnableRegexRewrite switch to support basic regex rewrite in SQL queries
new switch [RoutedMode] RemoveH245AddressFromSetup=
improved speed of H.460.19 port detection
new ACF status item for media routing for calls
extend [RasSrv::PermanentEndpoints] to support vendor information on gateways

Please see changes.txt in the download archives for details on the bug
fixes.

Regards,
Jan

GNU Gatekeeper 3.0

2012-01-04T14:10:37Z

I'm pleased to announce GnuGk 3.0.

You can download the new version at
http://www.gnugk.org/h323download.html

New features:

full traversal zone support (gatekeeper-to-gatekeeper H.460.18/.19)
Now you can place one GnuGk behind a firewall and let it tunnel out
the calls for all other devices behind the firewall eg. to a VCS or
to another GnuGk.
This was probably the most request feature in the past.
full IPv6 support (incl. IPv4-IPv6 proxying)
With the proxy function, you can let GnuGk manage a network of IPv6
endpoints and connect them to the IPv4 network or make legacy
endpoints reachable for IPv6 calls.
RTP multiplexing (all calls to and from devices supporting H.460.19
will only use 2 sockets total)
rewrite destination IPs into aliases
ENUM, SRV and RDS routing policies extended for LRQs, in case the
calling gatekeeper isn't able to do this
notifications when GnuGk opens listen ports
This allows you to update firewall rules on the fly, so you only have
the minimum amount of ports open.
improved H.235 password authentication with neighbors
massive performance improvement when (re-)loading large numbers of GW
rewrites
interop fixes for Polycom m100 and Sorenson endpoints
fixes in the underlying libraries so *BSD systems can get the latest
GnuGk features
a few bug fixes

We provide executables for Linux (32 and 64 bit), Windows, MacOS X,
FreeBSD, OpenBSD, NetBSD and Solaris.

GNU Gatekeeper 2.3.5

2011-08-02T19:20:43Z

GNU Gatekeeper version 2.3.5 has been released.
~~[url]~~http://www.gnugk.org/gnugk-2-3-5.html[/url]

The highlights of the new version are:

- H.350 LDAP directory support
Now you can point the gatekeeper to a H.350 directory and assign
endpoints aliases, a gatekeeper or let them do white-page lookups on
the H.350 directory.

- QoS monitoring
The new version supports H.460.9 and will collect QoS data from the
endpoints. For endpoints that don't support QoS reporting, it
can sniff the RTP statistics for the calls routed through the
gatekeeper to obtain QoS data. The collected QoS data is made
available to other applications through the Radius or telnet
interface.

- SSH security
The telnet interface for applications can now be secured with ssh.

- H.460.18/.19 firewall traversal
The traversal code got a major rewrite that has fixed a number of
interoperability issues.

- Call failover
The call failover mechanism was extended so now failing calls can be
re-routed to a pre-defined operator position ('CatchAll endpoint').
Call failover is also now able to recover more error conditions than
before.

- much better checking of the config file for misspellings or obsolete
settings (Fortytwo=42 is now obsolete)

- support for sending RIP messages

- improved VCS interoperability

See Changelog (changes.txt) for full details:
http://openh323gk.cvs.sourceforge.net/viewvc/openh323gk/openh323gk/changes.txt?revision=1.607

Regards,
Jan

GNU Gatekeeper 2.3.4

2011-01-04T15:25:31Z

GNU Gatekeeper version 2.3.4 has been released.

This is a bugfix release, mainly for bandwidth management, H.460.18 and proxy mode selection.

See the release notes at http://www.gnugk.org/gnugk-2-3-4.html for details.

GNU Gatekeeper 2.3.3

2010-11-07T23:48:26Z

Hi,

the new GNU Gatekeeper release 2.3.3 is now available:
http://www.gnugk.org/gnugk-2-3-3.html

New features (gatekeeper configuration):

- all executables now contain all database drivers: MySQL, PostgreSQL, ODBC, SQLite and Firebird!
- much improved bandwidth management for registered endpoints per endpoint and per call
- configure alternate gatekeepers per endpoint IP range with [RasSrv::AlternateGatekeeper]
- call routing by destination IP with [Routing::Explicit]
- gatekeeper-based TCS=0 call transfer: activated through H.450.2 emulator or status port (experimental)
- H.450.2 emulator extended for unregistered calls
- new switch: [CTI::MakeCall]TransferMethod=
- BMV, a web front-end for SQLBill (in contrib/bmv2/)
- configure where to send RAS replies with [ReplyToRasAddress]
- ignore a 2nd column in SQL routing if it equals "IGNORE"
- display H323Plus and PTLib version in GnuGk's version string
- documented [RoutedMode] EnableH460P= and H460PActThread=
switches

New features (API):

- extended status port commands RouteToAlias, RouteToGateway, BindAndRouteToGateway with caller-ID parameter
- updated status port command: TransferCall by call-id and with transfer method
- new status port command RerouteCall (experimental)
- new status port command: DisconnectCallId
- added vendor string in RouteRequest event
- document status port command: DisconnectEndpoint

Config changes:

- change to the format of [Gatekeeper::Main] AlternateGKs=

Bug fixes:

- apply ENUM policy also to Setup and Facility messages
- fix multicast discovery
- fix crash on failover with DisableRetryChecks=1
- avoid bug in H323Plus so H.460.19 feature indicator can be removed
- disregard IPv6 addresses if the machine has any
- DisconnectIP now disconnects all calls on the IP as specified
- fix crash when setting a non-writable trace file in the config file
- signal change of destination alias in parent policy
- don't accept new calls or retry calls when shutdown is in progress, avoids possible crash
- check if routing policies have been configured, before using them
- only rewrite sourceCallSignalAddress if proxying
- fix NAT detection for unregistered callers
- fire unregister event also when endpoint expired
- fix order of home IPs