diff --git a/tester/flexisip/flexisip.conf b/tester/flexisip/flexisip.conf old mode 100755 new mode 100644 index be06bbf89..d3c699cf9 --- a/tester/flexisip/flexisip.conf +++ b/tester/flexisip/flexisip.conf @@ -18,7 +18,7 @@ auto-respawn=true # List of white space separated host names pointing to this machine. # This is to prevent loops while routing SIP messages. # Default value: localhost -aliases=localhost sipopen.example.org sip.example.org auth.example.org auth1.example.org auth2.example.org client.example.org sip2.linphone.org +aliases=localhost sip2.linphone.org sipopen.example.org sip.example.org auth.example.org auth1.example.org auth2.example.org client.example.org # List of white space separated SIP uris where the proxy must listen.Wildcard # (*) can be used to mean 'all local ip addresses'. If 'transport' @@ -37,7 +37,12 @@ aliases=localhost sipopen.example.org sip.example.org auth.example.org auth1.exa # transports=sips:sip.linphone.org:6060;maddr=192.168.0.29 # Default value: sip:* #transports=sip:192.168.56.101:5060 sips:192.168.56.101:5061 -transports=sip:*:5060 sips:*:5061;tls-certificates-dir=/etc/flexisip/tls/certificates/cn sips:*:5062;tls-certificates-dir=/etc/flexisip/tls/certificates/altname sips:*:5063;require-peer-certificate=1 sip:*:5064 + +#note: the ip addresses are explicitely specified here because the machine has several interfaces. In a simple case, using '*' instead of the explicit ip address is sufficient, +#and there is no need to specify the ipv6 transport addresses. +transports=sip:94.23.19.176:5060 sips:94.23.19.176:5061;tls-certificates-dir=/etc/flexisip/tls/certificates/cn sips:94.23.19.176:5062;tls-certificates-dir=/etc/flexisip/tls/certificates/altname sips:94.23.19.176:5063;require-peer-certificate=1 sip:94.23.19.176:5064 sip:[2001:41d0:2:14b0::1]:5060 sips:[2001:41d0:2:14b0::1]:5061;tls-certificates-dir=/etc/flexisip/tls/certificates/cn sips:[2001:41d0:2:14b0::1]:5062;tls-certificates-dir=/etc/flexisip/tls/certificates/altname sips:[2001:41d0:2:14b0::1]:5063;require-peer-certificate=1 sip:[2001:41d0:2:14b0::1]:5064 + + # An absolute path of a directory where TLS server certificate and # private key can be found, concatenated inside an 'agent.pem' file. # Default value: /etc/flexisip/tls @@ -61,35 +66,6 @@ bind-address=0.0.0.0 port=3478 -## -## This module bans user when they are sending too much packets on -## a given timelapse -## -[module::DoS] -# Indicate whether the module is activated. -# Default value: true -enabled=true - -# A request/response enters module if the boolean filter evaluates -# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain -# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org') -# && (user-agent == 'Linphone v2') -# Default value: -filter= - -# Number of milliseconds to calculate the packet rate -# Default value: 1000 -time-period=1000 - -# Maximum packet rate received in [time-period] millisecond(s) to -# consider to consider it a DoS attack. -# Default value: 5 -packet-rate-limit=5 - -# Number of minutes to ban the ip/port using iptables -# Default value: 1 -ban-time=1 - ## ## The NatHelper module executes small tasks to make SIP work smoothly @@ -155,7 +131,7 @@ db-implementation=file # for a DSN-less connection. ex3: /etc/flexisip/passwd; for a file # containing one 'user@domain password' by line. # Default value: -datasource=./flexisip/userdb.conf +datasource=/etc/flexisip/userdb.conf # Odbc SQL request to execute to obtain the password # . Named parameters are :id (the user found in the from header), @@ -164,40 +140,17 @@ datasource=./flexisip/userdb.conf # Default value: select password from accounts where id = :id and domain = :domain and authid=:authid request=select password from accounts where id = :id and domain = :domain and authid=:authid -# Maximum length of the login column in database. -# Default value: 100 -max-id-length=100 - -# Maximum length of the password column in database -# Default value: 100 -max-password-length=100 # Use pooling in odbc # Default value: true odbc-pooling=true -# Display timing statistics after this count of seconds -# Default value: 0 -odbc-display-timings-interval=0 - -# Display timing statistics once the number of samples reach this -# number. -# Default value: 0 -odbc-display-timings-after-count=0 - -# Retrieve passwords asynchronously. -# Default value: false -odbc-asynchronous=false # Duration of the validity of the credentials added to the cache # in seconds. # Default value: 1800 cache-expire=1800 -# Retrieve password immediately so that it is cached when an authenticated -# request arrives. -# Default value: true -immediate-retrieve-password=true # True if retrieved passwords from the database are hashed. HA1=MD5(A1) # = MD5(username:realm:pass). @@ -209,15 +162,8 @@ hashed-passwords=false # Default value: false new-auth-on-407=false -# Enable a feature useful for automatic tests, allowing a client -# to create a temporary account in the password database in memory. -# This MUST not be used for production as it is a real security -# hole. -# Default value: false - enable-test-accounts-creation=true - ## ## ... ## @@ -277,6 +223,7 @@ fork-late=true call-fork-timeout=20 + # All the forked have to decline in order to decline the caller # invite # Default value: false @@ -544,5 +491,127 @@ filter= # Default value: collector-address=sip:collector@sip.example.org +## +## This module performs push notifications to mobile phone notification +## systems: apple, android, windows, as well as a generic http get/post +## to a custom server to which actual sending of the notification +## is delegated. The push notification is sent when an INVITE or +## MESSAGE request is not answered by the destination of the request +## within a certain period of time, configurable hereunder as 'timeout' +## parameter. +## + +[module::PushNotification] +# Indicate whether the module is activated. +# Default value: false +enabled=true + +# A request/response enters module if the boolean filter evaluates +# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain +# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org') +# && (user-agent == 'Linphone v2') +# Default value: +filter= + +# Number of second to wait before sending a push notification to +# device(if <=0 then disabled) +# Default value: 5 +timeout=5 + +# Maximum number of notifications queued for each client +# Default value: 10 +max-queue-size=10 + +# Enable push notification for apple devices +# Default value: true +apple=false + +# Path to directory where to find Apple Push Notification service +# certificates. They should bear the appid of the application, suffixed +# by the release mode and .pem extension. For example: org.linphone.dev.pem +# org.linphone.prod.pem com.somephone.dev.pem etc... The files should +# be .pem format, and made of certificate followed by private key. +# Default value: /etc/flexisip/apn +apple-certificate-dir=/etc/flexisip/apn + +# Enable push notification for android devices +# Default value: true +google=false + +# List of couples projectId:ApiKey for each android project that +# supports push notifications +# Default value: +google-projects-api-keys= + +# Enable push notification for windows phone 8 devices +# Default value: true +windowsphone=false + +# Set the badge value to 0 for apple push +# Default value: false +no-badge=false + +# Instead of having Flexisip sending the push notification directly +# to the Google/Apple/Microsoft push servers, send an http request +# to an http server with all required information encoded in URL, +# to which the actual sending of the push notification is delegated. +# The following arguments can be substitued in the http request +# uri, with the following values: +# - $type : apple, google, wp +# - $event : call, message +# - $from-name : the display name in the from header +# - $from-uri : the sip uri of the from header +# - $from-tag : the tag of the from header +# - $call-id : the call-id of the INVITE or MESSAGE request +# - $to-uri : the sip uri of the to header +# - $api-key : the api key to use (google only) +# - $msgid : the message id to put in the notification +# - $sound : the sound file to play with the notification +# + The content of the text message is put in the body of the http +# request as text/plain, if any. +# Example: http://192.168.0.2/$type/$event?from-uri=$from-uri&tag=$from-tag&callid=$callid&to=$to-uri +# Default value: +external-push-uri=http://127.0.0.1:80/$type/$event?from-uri=$from-uri&tag=$from-tag&callid=$callid&to=$to-uri + +# Method for reaching external-push-uri, typically GET or POST +# Default value: GET +external-push-method=GET + +## +## This module bans user when they are sending too much packets on +## a given timelapseTo see the list of currently banned ips/ports, +## use iptables -LYou can also check the queue of unban commands +## using atq +## +[module::DoSProtection] + +# Indicate whether the module is activated. +# Default value: true +enabled=true + +# A request/response enters module if the boolean filter evaluates +# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain +# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org') +# && (user-agent == 'Linphone v2') +# Default value: +filter= + +# Number of milliseconds to consider to compute the packet rate +# Default value: 3000 +time-period=15000 + +# Maximum packet rate received in [time-period] millisecond(s) to +# consider it as a DoS attack. +# Default value: 20 +packet-rate-limit=5 + +# Number of minutes to ban the ip/port using iptables (might be +# less because it justs uses the minutes of the clock, not the seconds. +# So if the unban command is queued at 13:11:56 and scheduled and +# the ban time is 1 minute, it will be executed at 13:12:00) +# Default value: 2 +ban-time=2 +