Linux H.323 setup and configuration

Updated: 2004-07-27
Created: 2004-02-04

Licensing and disclaimer of warranty

This document is an incomplete draft.

Especially but not only if one has broadband access to the Internet, or even locally, voice/video/... conferencing may be useful, in that it is both convenient and cheap.

However, as in most cases, the relevant standards and the software that implements them are arguably shoddy in design, coding and documentation, and unnecessarily hard to set up and configure.

This is a little guide to do so for some of the H.323 software out there, mostly for Linux, but also a bit about MS Windows, to ensure interoperation. It is not quite an HOWTO because it tries to provide insight as well as recipes, as in general it is hard to provide recipes that just work, instead of being mere guidelines.

I have also created a small set of sample OpenH323 and GNUGK configuration files.

To successfully set up and configure for operation H.323 software one may need several different things, for example:

What H.323 is in theory and in practice.

H.323 is a series of related standards published by the ITU, and is largely based on the ISO family of standards.

It defines how one endpoint may discover another, call it, and transfer data.

An endpoint can be either a process on a computer or a real telephone; it can be identified with a telephone number in both cases, or with an IP address if it is a process running on a computer.

Most endpoints are terminals, or they can be gateways in which case their main role is to act as intermediaries between other endpoints.

A gatekeeper is a special type of endpoint to which other endpoints can connect to register a symbolic name or number for themselves, and usually to ask the gatekeeper to make or receive calls on their behalf. Somewhat similar to a PBX/switch in function.

A gatekeeper is usually required for calls to real telephones, in which case the gatekeeper acts as gateway. When both endpoints involved in a call with a gatekeeper in the middle are IP based, it operates as a proxy, and this for example is useful when NAT/masquerading is involved. Gatekeepers can be either peers or endpoints to other gatekeepers.

H.323 mostly applies to calls between endpoints where at least one of them is a process with an IP address. It might also be used for calls between real telephones, where at least a segment of the path (usually the longest ins some sense) is over the Internet.

These notes however are only for the case where all endpoints involved are processes with IP addresses.

In practice H.323 exists in two variants: the original one, and the somewhat modified variants that Microsoft has introduced with NetMeeting. Even if NetMeeting has been retired by Microsoft, it is still somewhat widely used. The NetMeeting variant contains some incompatible extensions or restrictions.

However, there are at least a couple of simple, small but functional freeware MS Windows applications that can be used instead of NetMeeting, and thus these notes will not mention the NetMeeting variant much, as it is possible to use the freeware alternatives instead.

Some details about the H.323 procotols

First of all, the data (sound/video/...) transport protocols of H.323 are trivial; it's just RTP over UDP, and they sort of just work.

All the major difficulties arise out of endpoint discovery and call setup, especially in the complicated cases where one has firewalls, gatekeepers, and reflectors.

Setup instruction, configuration files and optiona often refer by name to the invidual standards and protocol that are part of H.323, for example:

H.225.0 RAS
UDP protocol, unicast or multicast, for interacting with a called endpoint which is a gatekeeper, and includes asking the gatekeeper for registration, for calling another endpoint, etc.
H.225 non-RAS
TCP protocol for interacting with a called endpoint which is a terminal.
TCP based procotol, used embedded in H.225 non RAS, for setting up direct calls to endpoint which is a terminal.
Protocol embedded inside H.225 for secure authentication of an endpoint to a gatekeeper. Note that this is not symmetrical; gatekeepers never authenticate themselves to their endpoints.
TCP, complementary to H.225, can be embedded within it, deals with setting up data connections using RTP over UDP, text messaging etc.
Call rediction of various sorts (hol,d, forwarding, transfer).
Purely UDP, is used to carry real time streams of voice or video data.

Within H.225 there are a number of significant interactions between an endpooint (or a peer) and a gatekeeper:

Q.931 Setup
Call setup from endpoint directluy to another endpoint. Usually to port 1720 of the called endpoint, and from port 1720 of the caller.
H.225 RAS
The various interactions between an endpoint and the gatekeeper it uses (Registration, Admission and Security):
  • GRQ: Gatekeeper ReQuest (connect to gatekeeper)
  • RRQ: Registration ReQuest (log into gatekeeper)
  • IRQ: Information ReQuest (gatekeeper queries endpoint)
  • ARQ: Admission ReQuest (call another endpoint via gatekeeper)
  • LRQ: Location ReQuest (ask another gatekeeper about endpoint)
  • BRQ: Bandwidth ReQuest (ask gatekeeper for bandwidth change)
  • DRQ: Disengage ReQuest (close call to another endpoint)
  • URQ: Unregister ReQuest (log out of gatekeeper)

Random notes to be sorted out