1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/opensips/opensips.cfg Wed Sep 21 14:02:13 2011 +0200
1.3 @@ -0,0 +1,198 @@
1.4 +##
1.5 +## opensips.cfg -- OpenSIPS server configuration
1.6 +##
1.7 +
1.8 +#
1.9 +# GLOBAL CONFIGURATION PARAMETERS
1.10 +#
1.11 +
1.12 +# process configuration
1.13 +debug=1
1.14 +log_stderror=no
1.15 +fork=yes
1.16 +check_via=no
1.17 +dns=no
1.18 +rev_dns=no
1.19 +children=4
1.20 +user="@l_rusr@"
1.21 +group="@l_rgrp@"
1.22 +fifo="@l_prefix@/var/opensips/opensips.fifo"
1.23 +workdir="@l_prefix@/var/opensips"
1.24 +
1.25 +# network configuration
1.26 +alias="sip.example.com"
1.27 +listen="127.0.0.1"
1.28 +port=5060
1.29 +
1.30 +#
1.31 +# EXTENSION MODULE LOADING
1.32 +#
1.33 +
1.34 +#loadmodule "@l_prefix@/lib/opensips/modules/dbtext.so"
1.35 +
1.36 +loadmodule "@l_prefix@/lib/opensips/modules/sl.so"
1.37 +loadmodule "@l_prefix@/lib/opensips/modules/tm.so"
1.38 +loadmodule "@l_prefix@/lib/opensips/modules/rr.so"
1.39 +loadmodule "@l_prefix@/lib/opensips/modules/maxfwd.so"
1.40 +loadmodule "@l_prefix@/lib/opensips/modules/usrloc.so"
1.41 +loadmodule "@l_prefix@/lib/opensips/modules/registrar.so"
1.42 +loadmodule "@l_prefix@/lib/opensips/modules/textops.so"
1.43 +
1.44 +#loadmodule "@l_prefix@/lib/opensips/modules/auth.so"
1.45 +#loadmodule "@l_prefix@/lib/opensips/modules/auth_db.so"
1.46 +
1.47 +#loadmodule "@l_prefix@/lib/opensips/modules/nathelper.so"
1.48 +
1.49 +#
1.50 +# EXTENSION MODULE CONFIGURATION
1.51 +#
1.52 +
1.53 +# module rr:
1.54 +modparam("rr", "enable_full_lr", 1)
1.55 +
1.56 +# module usrloc:
1.57 +modparam("usrloc", "db_mode", 0)
1.58 +#modparam("usrloc", "db_mode", 2)
1.59 +#modparam("usrloc|auth_db", "db_url", "dbtext://@l_prefix@/var/opensips/db")
1.60 +
1.61 +# module auth:
1.62 +#modparam("auth_db", "calculate_ha1", 1)
1.63 +#modparam("auth_db", "password_column", "password")
1.64 +#modparam("auth_db", "user_column", "username")
1.65 +#modparam("auth_db", "domain_column", "domain")
1.66 +
1.67 +# module nathelper:
1.68 +#modparam("registrar", "nat_flag", 6)
1.69 +#modparam("nathelper", "natping_interval", 30)
1.70 +#modparam("nathelper", "ping_nated_only", 1)
1.71 +#modparam("nathelper", "rtpproxy_sock", "unix:@l_prefix@/var/opensips/opensips_rtpproxy.sock")
1.72 +#modparam("nathelper", "rtpproxy_disable", 0)
1.73 +#modparam("nathelper", "rtpproxy_disable_tout", 20)
1.74 +#modparam("nathelper", "sipping_from", "sip:pinger@sip.example.com")
1.75 +
1.76 +#
1.77 +# MAIN ROUTING LOGIC
1.78 +#
1.79 +
1.80 +route{
1.81 + # initial sanity checks -- messages with
1.82 + # max_forwards==0, or excessively long requests
1.83 + if (!mf_process_maxfwd_header("10")) {
1.84 + sl_send_reply("483", "Too Many Hops");
1.85 + exit;
1.86 + };
1.87 + if (msg:len >= max_len) {
1.88 + sl_send_reply("513", "Message too big");
1.89 + exit;
1.90 + };
1.91 +
1.92 + #if (method == "INVITE" && uri != myself) {
1.93 + # sl_send_reply("403", "No relaying");
1.94 + # exit;
1.95 + #};
1.96 +
1.97 + # NAT: special handling for NAT'ed clients; first, NAT test is
1.98 + # executed: it looks for via!=received and RFC1918 addresses in
1.99 + # Contact (may fail if line-folding is used); also, the received
1.100 + # test should, if completed, should check all vias for presence of
1.101 + # received.
1.102 + #if (nat_uac_test("3")) {
1.103 + # # allow RR-ed requests, as these may indicate that NAT-enabled
1.104 + # # aproxy takes care of it; unless it is REGISTER
1.105 + # if (method == "REGISTER" || ! search("^Record-Route:")) {
1.106 + # log("LOG: Someone trying to register from private IP, rewriting\n");
1.107 + # fix_nated_contact(); # rewrite contact with source IP of signalling
1.108 + # if (method == "INVITE") {
1.109 + # fix_nated_sdp("1"); # add direction=active to SDP
1.110 + # };
1.111 + # force_rport(); # add rport parameter to topmost Via
1.112 + # setflag(6); # mark as NAT'ed
1.113 + # };
1.114 + #};
1.115 +
1.116 + # we record-route all messages -- to make sure that
1.117 + # subsequent messages will go through our proxy; that's
1.118 + # particularly good if upstream and downstream entities
1.119 + # use different transport protocol
1.120 + if (method != "REGISTER") {
1.121 + record_route();
1.122 + };
1.123 +
1.124 + # subsequent messages withing a dialog should take the
1.125 + # path determined by record-routing
1.126 + if (loose_route()) {
1.127 + # mark routing logic in request
1.128 + append_hf("P-hint: rr-enforced\r\n");
1.129 + route(1);
1.130 + };
1.131 +
1.132 + if (uri != myself) {
1.133 + # mark routing logic in request
1.134 + append_hf("P-hint: outbound\r\n");
1.135 + route(1);
1.136 + };
1.137 +
1.138 + # if the request is for other domain use USRLOC
1.139 + # (in case, it does not work, use the following command
1.140 + # with proper names and addresses in it)
1.141 + if (uri == myself) {
1.142 + if (method == "REGISTER") {
1.143 + # uncomment this if you want to use digest authentication
1.144 + #if (!www_authorize("sip.example.com", "subscriber")) {
1.145 + # www_challenge("sip.example.com", "0");
1.146 + # exit;
1.147 + #};
1.148 + save("location");
1.149 + exit;
1.150 + };
1.151 +
1.152 + lookup("aliases");
1.153 + if (uri != myself) {
1.154 + append_hf("P-hint: outbound alias\r\n");
1.155 + route(1);
1.156 + };
1.157 +
1.158 + # native SIP destinations are handled using our USRLOC DB
1.159 + if (!lookup("location")) {
1.160 + sl_send_reply("404", "Not Found");
1.161 + exit;
1.162 + };
1.163 + append_hf("P-hint: usrloc applied\r\n");
1.164 + };
1.165 +
1.166 + route(1);
1.167 +}
1.168 +
1.169 +route[1] {
1.170 + # disable RFC1918 peers
1.171 + if (uri =~ "[@:](192\.168\.|10\.|172\.(1[6-9]|2[0-9]|3[0-1])\.)" && !search("^Route:")) {
1.172 + sl_send_reply("479", "We don't forward to RFC 1918 IPv4 addresses");
1.173 + exit;
1.174 + };
1.175 +
1.176 + # NAT: if client or server know to be behind a NAT, enable relay
1.177 + #if (isflagset(6)) {
1.178 + # force_rtp_proxy();
1.179 + #};
1.180 +
1.181 + # NAT: processing of replies; apply to all transactions
1.182 + #t_on_reply("1");
1.183 +
1.184 + # send it out now; use stateful forwarding as it works reliably even for UDP2TCP
1.185 + if (!t_relay()) {
1.186 + sl_reply_error();
1.187 + };
1.188 +}
1.189 +
1.190 +#onreply_route[1] {
1.191 + # NAT: is it a NAT'ed transaction ?
1.192 + # otherwise, is it a transaction behind a NAT and we did not
1.193 + # know at time of request processing ? (RFC1918 contacts)
1.194 + #if (isflagset(6) && status =~ "(183)|2[0-9][0-9]") {
1.195 + # fix_nated_contact();
1.196 + # force_rtp_proxy();
1.197 + #} else if (nat_uac_test("1")) {
1.198 + # fix_nated_contact();
1.199 + #};
1.200 +#}
1.201 +
