opensips/opensips.cfg@b972dc20871f
opensips/opensips.cfg
Wed, 21 Sep 2011 16:06:14 +0200
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Wed, 21 Sep 2011 16:06:14 +0200
- changeset 382
- b972dc20871f
- parent 377
- 67e813202d53
- child 397
- c98ae03f4266
- permissions
- -rw-r--r--
Warning, downgrading software version due to TLS or TCP blocking defects in newest vendor version.
1 ##
2 ## opensips.cfg -- OpenSIPS server configuration
3 ##
6 # General configuration help available at:
7 # http://siprouter.teigre.com/doc/gettingstarted/
9 # Specific routing help available at:
10 # http://www.opensips.org/index.php?n=Resources.DocsCoreRoutes
12 # Information on debug and log levels
13 # http://www.voice-system.ro/docs/ser-syslog/
15 # Die Konfigbloecke sind:
16 # Global Configuration Parameters
17 # Extension Module Loading
18 # Extension Module Configuration
19 # Main Request Routing Logic
20 # Secondary Request Routing Logic
21 # Branch Request Routing Logic
22 # Reply Request Routing Logic
23 # Failure Request Routing Logic
24 # Local Request Routing Logic
25 # Error Request Routing Logic
26 #
27 # Logging:
28 # L_ALERT (-3) - used if the error requires immediate action.
29 # L_CRIT (-2) - used if the error is a critical situation.
30 # L_ERR (-1) - used if the error doesn't cause system malfunctioning.
31 # L_WARN (1) - used to write warning messages.
32 # L_NOTICE (2) - used to report unusual situations.
33 # L_INFO (3) - used to write informational messages.
34 # L_DBG (4) - used to write messages for debugging.
37 #
38 # Global Configuration Parameters
39 #
40 # process configuration
41 debug=4
42 log_stderror=no
43 fork=yes
44 children=2
45 tcp_children=2
46 user="@l_rusr@"
47 group="@l_rgrp@"
48 wdir="@l_prefix@/var/opensips"
50 # network configuration
51 listen=udp:voip.realhost.tld:5060
52 #listen = tls:voip.realhost.tld:5061
54 # network aliases
55 alias=voip.firsthost.tld:5060
56 #alias=voip.firsthost.tld:5061
57 alias=voip.secondhost.tld:5060
58 #alias=voip.secondhost.tld:5061
60 # enable TLS
61 #https://confluence.terena.org/display/IPTelCB/3.5.2.+TLS+for+OpenSER+(UA-Proxy)
62 #http://www.opensips.org/html/docs/tutorials/tls-1.4.x.html
63 #
64 #Run 'openserctl tls rootCA' to create @l_prefix@/etc/openser/tls/rootCA/cacert.pem.
65 #Run 'openserctl tls userCERT' to create user-calist.pem, user-cert.pem, user-cert_req.pem, and user-privkey.pem in @l_prefix@/etc/openser/tls/user/.
66 #Copy @l_prefix@/etc/openser/tls/rootCA/cacert.pem to the client host.
67 #On Windows XP client hosts, run 'certmrg.msc' to import the certificate into the root certificate store.
68 #
69 #disable_tls = 0
70 #tls_method = TLSv1
71 #tls_verify_server = 1
72 #tls_verify_client = 1
73 #tls_require_client_certificate = 1
74 #tls_ciphers_list = "HIGH:MEDIUM:!ADH" # openssl ciphers -v HIGH:MEDIUM
75 #tls_certificate = "@l_prefix@/etc/opensips/tls/user/user-cert.pem"
76 #tls_private_key = "@l_prefix@/etc/opensips/tls/user/user-privkey.pem"
77 #tls_ca_list = "@l_prefix@/etc/opensips/tls/user/user-calist.pem"
80 #
81 # Extension Module Loading
82 # http://www.opensips.org/index.php?n=Resources.DocsModules
83 #
84 # set module path
85 mpath="@l_prefix@/lib/opensips/modules/"
87 loadmodule "sl.so" # Stateless replier
88 loadmodule "tm.so" # Transaction stateful
89 loadmodule "signaling.so" # Signaling wrapper of sl/tm
90 loadmodule "rr.so" # Record Route and Route
91 loadmodule "maxfwd.so" # Maximum Forward processor
92 loadmodule "db_text.so" # Text backend for database API
93 loadmodule "usrloc.so" # User location implementation
94 loadmodule "registrar.so" # SIP Registrar implementation
95 loadmodule "uri.so" # Generic URI operation
96 loadmodule "auth.so" # Authentication Interface
97 loadmodule "textops.so" # Text based manipulations
98 loadmodule "acc.so" # Accounting
99 loadmodule "auth_db.so" # Database backend authentication
100 loadmodule "mi_fifo.so" # FIFO support for Management Interface
101 #loadmodule "flatstore.so" # Fast writing only text database
102 #loadmodule "alias_db.so" # Database aliases
103 #loadmodule "domain.so" # Multidomain support
104 #loadmodule "nathelper.so" # NAT traversal helper
105 #loadmodule "enum.so" # ENUM lookup
108 #
109 # Extension Module Configuration
110 #
111 # ----- dbtext params -----
112 modparam("db_text", "db_mode", 0) # caching for persistence
114 # ----- multimodule params -----
115 modparam("usrloc|uri|auth_db", "db_url", "text://@l_prefix@/var/opensips/db")
117 # ----- rr params -----
118 modparam("rr", "enable_full_lr", 1) # add value to ;lr param for broken UAs
119 modparam("rr", "append_fromtag", 1) # important when using detect_direction
121 # ----- usrloc params -----
122 /* see 'multimodule params' as well */
123 modparam("usrloc", "db_mode", 2) # Write back database persistence scheme
125 # ----- registrar params -----
126 modparam("registrar", "max_contacts", 10) # contacts per AOR allowed
128 # ----- acc params -----
129 /* see 'multimodule params' as well */
130 modparam("acc", "db_url", "dbtext://@l_prefix@/var/opensips/db")
131 #modparam("acc", "db_url", "flatstore:@l_prefix@/var/opensips/acc")
132 modparam("acc", "early_media", 1)
133 modparam("acc", "report_ack", 1)
134 modparam("acc", "report_cancels", 1)
135 modparam("acc", "detect_direction", 1)
136 modparam("acc", "log_level", 2)
137 modparam("acc", "log_flag", 1)
138 modparam("acc", "log_missed_flag", 2)
139 modparam("acc", "db_flag", 1)
140 modparam("acc", "db_missed_flag", 2)
141 modparam("acc", "failed_transaction_flag", 4)
143 # ----- mi_fifo params -----
144 modparam("mi_fifo", "fifo_name", "@l_prefix@/var/opensips/opensips.fifo")
145 modparam("mi_fifo", "reply_dir", "@l_prefix@/var/opensips/tmp/")
148 #
149 # Main Request Routing Logic
150 #
151 route {
152 # message diagnostics
153 #log(3, "new branch at $ru\n");
154 xlog("L_INFO", "$rm: Orig - $ou\n");
155 xlog("L_INFO", "$rm: Req - $ru\n");
156 xlog("L_INFO", "$rm: To - $tu\n");
157 xlog("L_INFO", "$rm: Dest - $du\n");
158 xlog("L_INFO", "$rm: From - $fu\n");
160 # sanity checks
161 if (!mf_process_maxfwd_header("10")) { # avoid loops in forward logic
162 sl_send_reply("483","Too Many Hops");
163 exit;
164 }
165 if (msg:len > max_len) { # repel DoS attacks
166 sl_send_reply("513", "Message Too Large");
167 exit;
168 };
170 # sequential request within a dialog should
171 # take the path determined by record routing
172 if (has_totag()) {
173 if (loose_route()) {
174 if (is_method("BYE")) {
175 setflag(1); # do accouting...
176 setflag(4); # ...even if the transaction fails
177 }
178 # mark routing logic in request
179 append_hf("P-hint: rr-enforced\r\n");
180 route(1);
181 } else {
182 sl_send_reply("404", "Not Found");
183 }
184 exit;
185 }
187 #
188 # initial requests
189 #
190 if (is_method("CANCEL")) { # CANCEL processing
191 if (t_check_trans())
192 t_relay();
193 exit;
194 }
196 t_check_trans();
198 # authenticate if from local subscriber (uncomment to enable auth)
199 #if (!is_method("REGISTER") && from_uri == myself) {
200 # if (!proxy_authorize("", "subscriber")) {
201 # proxy_challenge("", "0");
202 # exit;
203 # }
204 # if (!check_from()) {
205 # sl_send_reply("403","Forbidden");
206 # exit;
207 # }
208 #
209 # consume_credentials();
210 # # caller authenticated
211 #}
213 # record route all messages to ensure that subsequent messages
214 # will go through our proxy, particularly good if upstream
215 # and downstream entities use different transport protocol
216 if (!is_method("REGISTER|MESSAGE")) {
217 record_route();
218 }
220 # account only INVITEs
221 if (is_method("INVITE")) {
222 setflag(1);
223 }
225 if (!uri == myself) {
226 /* replace with following line if multidomain support is used */
227 #if (!is_uri_host_local()) {
228 append_hf("P-hint: outbound\r\n");
229 # if you have some interdomain connections via TLS
230 #if ($rd == "tls_domain1.net") {
231 # t_relay("tls:domain1.net");
232 # exit;
233 #} else if ($rd == "tls_domain2.net") {
234 # t_relay("tls:domain2.net");
235 # exit;
236 #}
237 route(1);
238 }
240 #
241 # requests for my domain
242 #
243 if (is_method("PUBLISH")) {
244 sl_send_reply("503", "Service Unavailable");
245 exit;
246 }
248 if (is_method("REGISTER")) {
249 # authenticate the REGISTER requests (uncomment to enable auth)
250 #if (!www_authorize("", "subscriber")) {
251 # www_challenge("", "0");
252 # exit;
253 #}
254 #
255 #if (!check_to()) {
256 # sl_send_reply("403","Forbidden");
257 # exit;
258 #}
260 if (!save("location"))
261 sl_reply_error();
263 exit;
264 }
266 if ($rU == NULL) {
267 # request with no Username in RURI
268 sl_send_reply("484","Address Incomplete");
269 exit;
270 }
272 lookup("location");
273 switch ($retcode) {
274 case 1:
275 append_hf("P-hint: usrloc applied\r\n");
276 break;
277 case -1:
278 t_newtran();
279 t_reply("404", "Not Found");
280 exit;
281 case -2:
282 sl_send_reply("405", "Method Not Allowed");
283 exit;
284 case -3:
285 t_newtran();
286 t_reply("500", "Server Internal Error");
287 exit;
288 }
290 setflag(2); # when routing via usrloc then
291 route(1); # log the missed calls as well
292 }
295 #
296 # Secondary Request Routing Logic
297 #
298 route[1] {
299 # for INVITEs enable some additional helper routes
300 if (is_method("INVITE")) {
301 t_on_branch("1");
302 t_on_reply("1");
303 t_on_failure("1");
304 }
306 # send with stateful forwarding which works reliably even for UDP2TCP
307 if (!t_relay())
308 sl_reply_error();
310 exit; # safeguard
311 }
314 #
315 # Branch Request Routing Logic
316 #
317 branch_route[1] {
318 xlog("L_INFO", "new branch at $ru\n");
319 }
322 #
323 # Reply Request Routing Logic
324 #
325 onreply_route[1] {
326 xlog("L_INFO", "incoming reply at $ru\n");
327 # if ($ua =~ fritz.box)
328 # xlog("L_ERR", "$rm: The Fritzbox replied!\n");
329 # if ($ua =~ fritz.box && has_body("application/sdp"))
330 # search_append_body("a=sendrecv.*", "\na=ptime:30");
331 }
334 #
335 # Failure Request Routing Logic
336 #
337 failure_route[1] {
338 xlog("L_INFO", "failed route at $ru\n");
339 if (t_was_cancelled())
340 exit;
342 # uncomment the following lines to block
343 # client redirect based on 3xx replies
344 #if (t_check_status("3[0-9][0-9]")) {
345 #t_reply("404","Not Found");
346 # exit;
347 #}
349 # uncomment the following lines to redirect
350 # failed calls to a different new destination
351 #if (t_check_status("486|408")) {
352 # sethostport("192.168.2.100:5060");
353 # append_branch();
354 # # do not set the missed call flag again
355 # t_relay();
356 #}
357 }
360 #
361 # Local Request Routing Logic
362 #
363 local_route {
364 if (is_method("INVITE") && $ru=~"@foreign.tld") {
365 append_hf("P-hint: foreign request\r\n");
366 exit;
367 }
368 if (is_method("BYE"))
369 xlog("L_INFO", "internally generated BYE\n");
370 }
373 #
374 # Error Request Routing Logic
375 #
376 error_route {
377 xlog("L_ERR", "error route class=$(err.class) level=$(err.level) info=$(err.info) rcode=$(err.rcode) rreason=$(err.rreason)\n");
378 xlog("L_ERR", "error from [$si:$sp]\n");
379 xlog("L_ERR", "++++\n$mb\n++++\n");
380 sl_send_reply("$err.rcode", "$err.rreason");
381 exit;
382 }
