## ## This is the default Flexisip configuration file ## ## ## Some global settings of the flexisip proxy. ## [global] # Outputs very detailed logs # Default value: false debug=1 # Automatically respawn flexisip in case of abnormal termination # (crashes) # Default value: true auto-respawn=true # List of white space separated host names pointing to this machine. # This is to prevent loops while routing SIP messages. # Default value: localhost aliases=localhost sip2.linphone.org sipopen.example.org sip.example.org auth.example.org auth1.example.org auth2.example.org client.example.org sipv4.example.org sipv4-nat64.example.org # List of white space separated SIP uris where the proxy must listen.Wildcard # (*) can be used to mean 'all local ip addresses'. If 'transport' # prameter is unspecified, it will listen to both udp and tcp. An # local address to bind can be indicated in the 'maddr' parameter, # while the domain part of the uris are used as public domain or # ip address. Here some examples to understand: # * listen on all local interfaces for udp and tcp, on standart # port: # transports=sip:* # * listen on all local interfaces for udp,tcp and tls, on standart # ports: # transports=sip:* sips:* # * listen on 192.168.0.29:6060 with tls, but public hostname is # 'sip.linphone.org' used in SIP messages. Bind address won't appear: # transports=sips:sip.linphone.org:6060;maddr=192.168.0.29 # Default value: sip:* #transports=sip:192.168.56.101:5060 sips:192.168.56.101:5061 #note: the ip addresses are explicitely specified here because the machine has several interfaces. In a simple case, using '*' instead of the explicit ip address is sufficient, #and there is no need to specify the ipv6 transport addresses. transports=sip:94.23.19.176:5060 sips:94.23.19.176:5061;tls-certificates-dir=/etc/flexisip/tls/certificates/cn sips:94.23.19.176:5062;tls-certificates-dir=/etc/flexisip/tls/certificates/altname sips:94.23.19.176:5063;tls-verify-incoming=1 sip:94.23.19.176:5064 sip:[2001:41d0:2:14b0::1]:5060 sips:[2001:41d0:2:14b0::1]:5061;tls-certificates-dir=/etc/flexisip/tls/certificates/cn sips:[2001:41d0:2:14b0::1]:5062;tls-certificates-dir=/etc/flexisip/tls/certificates/altname sips:[2001:41d0:2:14b0::1]:5063;tls-verify-incoming=1 sip:[2001:41d0:2:14b0::1]:5064 # An absolute path of a directory where TLS server certificate and # private key can be found, concatenated inside an 'agent.pem' file. # Default value: /etc/flexisip/tls tls-certificates-dir=/etc/flexisip/tls/certificates/cn #tls-certificates-dir=/media/sf_workspaces/workspace-macosx/flexisip ## ## STUN server parameters. ## [stun-server] # Enable or disable stun server. # Default value: true enabled=true # Local ip address where to bind the socket. # Default value: 0.0.0.0 bind-address=0.0.0.0 # STUN server port number. # Default value: 3478 port=3478 ## ## The NatHelper module executes small tasks to make SIP work smoothly ## despite firewalls.It corrects the Contact headers that contain ## obviously inconsistent addresses, and adds a Record-Route to ensure ## subsequent requests are routed also by the proxy, through the ## UDP or TCP channel each client opened to the proxy. ## [module::NatHelper] # Indicate whether the module is activated. # Default value: true enabled=true # A request/response enters module if the boolean filter evaluates # to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain # in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org') # && (user-agent == 'Linphone v2') # Default value: filter= # Internal URI parameter added to response contact by first proxy # and cleaned by last one. # Default value: verified contact-verified-param=verified ## ## The authentication module challenges SIP requests according to ## a user/password database. ## [module::Authentication] # Indicate whether the module is activated. # Default value: false enabled=true no-403=user-agent contains 'tester-no-403' # A request/response enters module if the boolean filter evaluates # to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain # in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org') # && (user-agent == 'Linphone v2') # Default value: filter= from.uri.domain contains 'sip.example.org' || from.uri.domain contains 'auth.example.org' || from.uri.domain contains 'auth1.example.org' || from.uri.domain contains 'auth2.example.org' || from.uri.domain contains 'anonymous.invalid' # List of whitespace separated domain names to challenge. Others # are denied. # Default value: auth-domains= sip.example.org auth.example.org auth1.example.org auth2.example.org # List of whitespace separated IP which will not be challenged. # Default value: trusted-hosts=127.0.0.1 94.23.19.176 # Database backend implementation [odbc, file]. # Default value: odbc db-implementation=file # Odbc connection string to use for connecting to database. ex1: # DSN=myodbc3; where 'myodbc3' is the datasource name. ex2: DRIVER={MySQL};SERVER=host;DATABASE=db;USER=user;PASSWORD=pass;OPTION=3; # for a DSN-less connection. ex3: /etc/flexisip/passwd; for a file # containing one 'user@domain password' by line. # Default value: datasource=/etc/flexisip/userdb.conf # Odbc SQL request to execute to obtain the password # . Named parameters are :id (the user found in the from header), # :domain (the authorization realm) and :authid (the authorization # username). The use of the :id parameter is mandatory. # Default value: select password from accounts where id = :id and domain = :domain and authid=:authid request=select password from accounts where id = :id and domain = :domain and authid=:authid # Use pooling in odbc # Default value: true odbc-pooling=true # Duration of the validity of the credentials added to the cache # in seconds. # Default value: 1800 cache-expire=1800 # True if retrieved passwords from the database are hashed. HA1=MD5(A1) # = MD5(username:realm:pass). # Default value: false hashed-passwords=false # When receiving a proxy authenticate challenge, generate a new # challenge for this proxy. # Default value: false new-auth-on-407=false enable-test-accounts-creation=true ## ## ... ## [module::GatewayAdapter] # Indicate whether the module is activated. # Default value: false enabled=false # A request/response enters module if the boolean filter evaluates # to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain # in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org') # && (user-agent == 'Linphone v2') # Default value: filter= # A gateway uri where to send all requests, as a SIP url (eg 'sip:gateway.example.net') # Default value: gateway= # Modify the from and to domains of incoming register # Default value: gateway-domain= # The gateway will be added to the incoming register contacts. # Default value: true fork-to-gateway=true # Send a REGISTER to the gateway using this server as a contact # in order to be notified on incoming calls by the gateway. # Default value: true register-on-gateway=true # Parameter name hosting the incoming domain that will be sent in # the register to the gateway. # Default value: routing-domain routing-param=routing-domain [module::Router] # Store and retrieve contacts without using the domain. # Default value: false use-global-domain=false # Fork messages to all registered devices # Default value: true fork=true # Force forking and thus the creation of an outgoing transaction # even when only one contact found # Default value: true stateful=true # Fork invites to late registers # Default value: false fork-late=true call-fork-timeout=20 # All the forked have to decline in order to decline the caller # invite # Default value: false fork-no-global-decline=false # Maximum duration for delivering a message (text) # Default value: 3600 message-delivery-timeout=60 ## ## The Registrar module accepts REGISTERs for domains it manages, ## and store the address of record in order to route other requests ## destinated to the client who registered. ## [module::Registrar] # Indicate whether the module is activated. # Default value: true enabled=true # A request/response enters module if the boolean filter evaluates # to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain # in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org') # && (user-agent == 'Linphone v2') # Default value: filter= # List of whitelist separated domain names to be managed by the # registrar. # Default value: localhost reg-domains=localhost sip.example.org sipopen.example.org auth1.example.org sip2.linphone.org client.example.org # Maximum number of registered contacts of an address of record. # Default value: 15 max-contacts-by-aor=15 # List of contact uri parameters that can be used to identify a # user's device. # Default value: +sip.instance #unique-id-parameters= # Maximum expire time for a REGISTER, in seconds. # Default value: 86400 max-expires=60 # Minimum expire time for a REGISTER, in seconds. # Default value: 60 min-expires=1 # File containing the static records to add to database at startup. # Format: one 'sip_uri contact_header' by line. Example: # , # Default value: static-records-file= # Timeout in seconds after which the static records file is re-read # and the contacts updated. # Default value: 600 static-records-timeout=600 # Implementation used for storing address of records contact uris. # [redis-async, redis-sync, internal] # Default value: internal db-implementation=internal # Generate a contact from the TO header and route it to the above # destination. [sip:host:port] # Default value: generated-contact-route= # Require presence of authorization header for specified realm. # [Realm] # Default value: generated-contact-expected-realm= [module::ContactRouteInserter] # Indicate whether the module is activated. # Default value: true enabled=false # A request/response enters module if the boolean filter evaluates # to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain # in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org') # && (user-agent == 'Linphone v2') # Default value: filter= # Hack for workarounding Nortel CS2k gateways bug. # Default value: false masquerade-contacts-for-invites=false ## ## This module performs load balancing between a set of configured ## destination proxies. ## [module::LoadBalancer] # Indicate whether the module is activated. # Default value: false enabled=false # A request/response enters module if the boolean filter evaluates # to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain # in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org') # && (user-agent == 'Linphone v2') # Default value: filter= # Whitespace separated list of sip routes to balance the requests. # Example: # Default value: routes= ## ## The MediaRelay module masquerades SDP message so that all RTP ## and RTCP streams go through the proxy. The RTP and RTCP streams ## are then routed so that each client receives the stream of the ## other. MediaRelay makes sure that RTP is ALWAYS established, even ## with uncooperative firewalls. ## [module::MediaRelay] # Indicate whether the module is activated. # Default value: true enabled=true # A request/response enters module if the boolean filter evaluates # to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain # in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org') # && (:q # Default value: filter= (user-agent contains 'Natted Linphone') # SDP attribute set by the first proxy to forbid subsequent proxies # to provide relay. # Default value: nortpproxy nortpproxy=nortpproxy # Set the RTP direction during early media state (duplex, forward) # Default value: duplex #early-media-rtp-dir=duplex # The minimal value of SDP port range # Default value: 1024 sdp-port-range-min=1024 # The maximal value of SDP port range # Default value: 65535 sdp-port-range-max=65535 # Enable I-frame only filtering for video H264 for clients annoucing # a total bandwith below this value expressed in kbit/s. Use 0 to # disable the feature # Default value: 0 #h264-filtering-bandwidth=0 # When above option is activated, keep one I frame over this number. # Default value: 1 #h264-iframe-decim=1 # Sends a ACK and BYE to 200 Ok for INVITEs not belonging to any established call. bye-orphan-dialogs=true ## ## The purpose of the Transcoder module is to transparently transcode ## from one audio codec to another to make the communication possible ## between clients that do not share the same set of supported codecs. ## Concretely it adds all missing codecs into the INVITEs it receives, ## and adds codecs matching the original INVITE into the 200Ok. Rtp ## ports and addresses are masqueraded so that the streams can be ## processed by the proxy. The transcoding job is done in the background ## by the mediastreamer2 library, as consequence the set of supported ## codecs is exactly the the same as the codec set supported by mediastreamer2, ## including the possible plugins you may installed to extend mediastreamer2. ## WARNING: this module can conflict with the MediaRelay module as ## both are changin the SDP. Make sure to configure them with different ## to-domains or from-domains filter if you want to enable both of ## them. ## [module::Transcoder] # Indicate whether the module is activated. # Default value: false enabled=false # A request/response enters module if the boolean filter evaluates # to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain # in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org') # && (user-agent == 'Linphone v2') # Default value: filter= # Nominal size of RTP jitter buffer, in milliseconds. A value of # 0 means no jitter buffer (packet processing). # Default value: 0 jb-nom-size=0 # Whitespace separated list of user-agent strings for which audio # rate control is performed. # Default value: rc-user-agents= # Whitespace seprated list of audio codecs, in order of preference. # Default value: speex/8000 amr/8000 iLBC/8000 gsm/8000 pcmu/8000 pcma/8000 audio-codecs=speex/8000 amr/8000 iLBC/8000 gsm/8000 pcmu/8000 pcma/8000 # If true, retransmissions of INVITEs will be blocked. The purpose # of this option is to limit bandwidth usage and server load on # reliable networks. # Default value: false block-retransmissions=false ## ## This module executes the basic routing task of SIP requests and ## pass them to the transport layer. It must always be enabled. ## [module::Forward] # Indicate whether the module is activated. # Default value: true enabled=true # A request/response enters module if the boolean filter evaluates # to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain # in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org') # && (user-agent == 'Linphone v2') # Default value: filter= # A sip uri where to send all requests # Default value: route= # Rewrite request-uri's host and port according to above route # Default value: false rewrite-req-uri=false [module::Redirect] enabled=true filter = (user-agent contains 'redirect') && !(request.uri.params contains 'redirected') contact= ## ## The purpose of the StatisticsCollector module is to collect call ## statistics (RFC 6035) and store them on the server. ## [module::StatisticsCollector] # Indicate whether the module is activated. # Default value: false enabled=true # A request/response enters module if the boolean filter evaluates # to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain # in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org') # && (user-agent == 'Linphone v2') # Default value: filter= # SIP URI of the statistics collector. Note that the messages destinated # to this address will be deleted by this module and thus not be # delivered. # Default value: collector-address=sip:sip.example.org ## ## This module performs push notifications to mobile phone notification ## systems: apple, android, windows, as well as a generic http get/post ## to a custom server to which actual sending of the notification ## is delegated. The push notification is sent when an INVITE or ## MESSAGE request is not answered by the destination of the request ## within a certain period of time, configurable hereunder as 'timeout' ## parameter. ## [module::PushNotification] # Indicate whether the module is activated. # Default value: false enabled=true # A request/response enters module if the boolean filter evaluates # to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain # in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org') # && (user-agent == 'Linphone v2') # Default value: filter= # Number of second to wait before sending a push notification to # device(if <=0 then disabled) # Default value: 5 timeout=5 # Maximum number of notifications queued for each client # Default value: 10 max-queue-size=10 # Enable push notification for apple devices # Default value: true apple=false # Path to directory where to find Apple Push Notification service # certificates. They should bear the appid of the application, suffixed # by the release mode and .pem extension. For example: org.linphone.dev.pem # org.linphone.prod.pem com.somephone.dev.pem etc... The files should # be .pem format, and made of certificate followed by private key. # Default value: /etc/flexisip/apn apple-certificate-dir=/etc/flexisip/apn # Enable push notification for android devices # Default value: true google=false # List of couples projectId:ApiKey for each android project that # supports push notifications # Default value: google-projects-api-keys= # Enable push notification for windows phone 8 devices # Default value: true windowsphone=false # Set the badge value to 0 for apple push # Default value: false no-badge=false # Instead of having Flexisip sending the push notification directly # to the Google/Apple/Microsoft push servers, send an http request # to an http server with all required information encoded in URL, # to which the actual sending of the push notification is delegated. # The following arguments can be substitued in the http request # uri, with the following values: # - $type : apple, google, wp # - $event : call, message # - $from-name : the display name in the from header # - $from-uri : the sip uri of the from header # - $from-tag : the tag of the from header # - $call-id : the call-id of the INVITE or MESSAGE request # - $to-uri : the sip uri of the to header # - $api-key : the api key to use (google only) # - $msgid : the message id to put in the notification # - $sound : the sound file to play with the notification # The content of the text message is put in the body of the http # request as text/plain, if any. # Example: http://192.168.0.2/$type/$event?from-uri=$from-uri&tag=$from-tag&callid=$callid&to=$to-uri # Default value: external-push-uri=http://127.0.0.1:80/$type/$event?from-uri=$from-uri&tag=$from-tag&callid=$callid&to=$to-uri # Method for reaching external-push-uri, typically GET or POST # Default value: GET external-push-method=GET ## ## This module bans user when they are sending too much packets on ## a given timelapseTo see the list of currently banned ips/ports, ## use iptables -LYou can also check the queue of unban commands ## using atq ## [module::DoSProtection] # Indicate whether the module is activated. # Default value: true enabled=true # A request/response enters module if the boolean filter evaluates # to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain # in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org') # && (user-agent == 'Linphone v2') # Default value: filter= # Number of milliseconds to consider to compute the packet rate # Default value: 3000 time-period=15000 # Maximum packet rate received in [time-period] millisecond(s) to # consider it as a DoS attack. # Default value: 20 packet-rate-limit=10 # Number of minutes to ban the ip/port using iptables (might be # less because it justs uses the minutes of the clock, not the seconds. # So if the unban command is queued at 13:11:56 and scheduled and # the ban time is 1 minute, it will be executed at 13:12:00) # Default value: 2 ban-time=1 [module::Presence] enabled=true presence-server = only-list-subscription = !(user-agent contains 'full-presence-support') [presence-server] expires = 600 transports = sip:127.0.0.1:5065;transport=tcp