michael@376: ## michael@376: ## opensips.cfg -- OpenSIPS server configuration michael@376: ## michael@376: michael@376: # michael@376: # GLOBAL CONFIGURATION PARAMETERS michael@376: # michael@376: michael@376: # process configuration michael@376: debug=1 michael@376: log_stderror=no michael@376: fork=yes michael@376: check_via=no michael@376: dns=no michael@376: rev_dns=no michael@376: children=4 michael@376: user="@l_rusr@" michael@376: group="@l_rgrp@" michael@376: fifo="@l_prefix@/var/opensips/opensips.fifo" michael@376: workdir="@l_prefix@/var/opensips" michael@376: michael@376: # network configuration michael@376: alias="sip.example.com" michael@376: listen="127.0.0.1" michael@376: port=5060 michael@376: michael@376: # michael@376: # EXTENSION MODULE LOADING michael@376: # michael@376: michael@376: #loadmodule "@l_prefix@/lib/opensips/modules/dbtext.so" michael@376: michael@376: loadmodule "@l_prefix@/lib/opensips/modules/sl.so" michael@376: loadmodule "@l_prefix@/lib/opensips/modules/tm.so" michael@376: loadmodule "@l_prefix@/lib/opensips/modules/rr.so" michael@376: loadmodule "@l_prefix@/lib/opensips/modules/maxfwd.so" michael@376: loadmodule "@l_prefix@/lib/opensips/modules/usrloc.so" michael@376: loadmodule "@l_prefix@/lib/opensips/modules/registrar.so" michael@376: loadmodule "@l_prefix@/lib/opensips/modules/textops.so" michael@376: michael@376: #loadmodule "@l_prefix@/lib/opensips/modules/auth.so" michael@376: #loadmodule "@l_prefix@/lib/opensips/modules/auth_db.so" michael@376: michael@376: #loadmodule "@l_prefix@/lib/opensips/modules/nathelper.so" michael@376: michael@376: # michael@376: # EXTENSION MODULE CONFIGURATION michael@376: # michael@376: michael@376: # module rr: michael@376: modparam("rr", "enable_full_lr", 1) michael@376: michael@376: # module usrloc: michael@376: modparam("usrloc", "db_mode", 0) michael@376: #modparam("usrloc", "db_mode", 2) michael@376: #modparam("usrloc|auth_db", "db_url", "dbtext://@l_prefix@/var/opensips/db") michael@376: michael@376: # module auth: michael@376: #modparam("auth_db", "calculate_ha1", 1) michael@376: #modparam("auth_db", "password_column", "password") michael@376: #modparam("auth_db", "user_column", "username") michael@376: #modparam("auth_db", "domain_column", "domain") michael@376: michael@376: # module nathelper: michael@376: #modparam("registrar", "nat_flag", 6) michael@376: #modparam("nathelper", "natping_interval", 30) michael@376: #modparam("nathelper", "ping_nated_only", 1) michael@376: #modparam("nathelper", "rtpproxy_sock", "unix:@l_prefix@/var/opensips/opensips_rtpproxy.sock") michael@376: #modparam("nathelper", "rtpproxy_disable", 0) michael@376: #modparam("nathelper", "rtpproxy_disable_tout", 20) michael@376: #modparam("nathelper", "sipping_from", "sip:pinger@sip.example.com") michael@376: michael@376: # michael@376: # MAIN ROUTING LOGIC michael@376: # michael@376: michael@376: route{ michael@376: # initial sanity checks -- messages with michael@376: # max_forwards==0, or excessively long requests michael@376: if (!mf_process_maxfwd_header("10")) { michael@376: sl_send_reply("483", "Too Many Hops"); michael@376: exit; michael@376: }; michael@376: if (msg:len >= max_len) { michael@376: sl_send_reply("513", "Message too big"); michael@376: exit; michael@376: }; michael@376: michael@376: #if (method == "INVITE" && uri != myself) { michael@376: # sl_send_reply("403", "No relaying"); michael@376: # exit; michael@376: #}; michael@376: michael@376: # NAT: special handling for NAT'ed clients; first, NAT test is michael@376: # executed: it looks for via!=received and RFC1918 addresses in michael@376: # Contact (may fail if line-folding is used); also, the received michael@376: # test should, if completed, should check all vias for presence of michael@376: # received. michael@376: #if (nat_uac_test("3")) { michael@376: # # allow RR-ed requests, as these may indicate that NAT-enabled michael@376: # # aproxy takes care of it; unless it is REGISTER michael@376: # if (method == "REGISTER" || ! search("^Record-Route:")) { michael@376: # log("LOG: Someone trying to register from private IP, rewriting\n"); michael@376: # fix_nated_contact(); # rewrite contact with source IP of signalling michael@376: # if (method == "INVITE") { michael@376: # fix_nated_sdp("1"); # add direction=active to SDP michael@376: # }; michael@376: # force_rport(); # add rport parameter to topmost Via michael@376: # setflag(6); # mark as NAT'ed michael@376: # }; michael@376: #}; michael@376: michael@376: # we record-route all messages -- to make sure that michael@376: # subsequent messages will go through our proxy; that's michael@376: # particularly good if upstream and downstream entities michael@376: # use different transport protocol michael@376: if (method != "REGISTER") { michael@376: record_route(); michael@376: }; michael@376: michael@376: # subsequent messages withing a dialog should take the michael@376: # path determined by record-routing michael@376: if (loose_route()) { michael@376: # mark routing logic in request michael@376: append_hf("P-hint: rr-enforced\r\n"); michael@376: route(1); michael@376: }; michael@376: michael@376: if (uri != myself) { michael@376: # mark routing logic in request michael@376: append_hf("P-hint: outbound\r\n"); michael@376: route(1); michael@376: }; michael@376: michael@376: # if the request is for other domain use USRLOC michael@376: # (in case, it does not work, use the following command michael@376: # with proper names and addresses in it) michael@376: if (uri == myself) { michael@376: if (method == "REGISTER") { michael@376: # uncomment this if you want to use digest authentication michael@376: #if (!www_authorize("sip.example.com", "subscriber")) { michael@376: # www_challenge("sip.example.com", "0"); michael@376: # exit; michael@376: #}; michael@376: save("location"); michael@376: exit; michael@376: }; michael@376: michael@376: lookup("aliases"); michael@376: if (uri != myself) { michael@376: append_hf("P-hint: outbound alias\r\n"); michael@376: route(1); michael@376: }; michael@376: michael@376: # native SIP destinations are handled using our USRLOC DB michael@376: if (!lookup("location")) { michael@376: sl_send_reply("404", "Not Found"); michael@376: exit; michael@376: }; michael@376: append_hf("P-hint: usrloc applied\r\n"); michael@376: }; michael@376: michael@376: route(1); michael@376: } michael@376: michael@376: route[1] { michael@376: # disable RFC1918 peers michael@376: if (uri =~ "[@:](192\.168\.|10\.|172\.(1[6-9]|2[0-9]|3[0-1])\.)" && !search("^Route:")) { michael@376: sl_send_reply("479", "We don't forward to RFC 1918 IPv4 addresses"); michael@376: exit; michael@376: }; michael@376: michael@376: # NAT: if client or server know to be behind a NAT, enable relay michael@376: #if (isflagset(6)) { michael@376: # force_rtp_proxy(); michael@376: #}; michael@376: michael@376: # NAT: processing of replies; apply to all transactions michael@376: #t_on_reply("1"); michael@376: michael@376: # send it out now; use stateful forwarding as it works reliably even for UDP2TCP michael@376: if (!t_relay()) { michael@376: sl_reply_error(); michael@376: }; michael@376: } michael@376: michael@376: #onreply_route[1] { michael@376: # NAT: is it a NAT'ed transaction ? michael@376: # otherwise, is it a transaction behind a NAT and we did not michael@376: # know at time of request processing ? (RFC1918 contacts) michael@376: #if (isflagset(6) && status =~ "(183)|2[0-9][0-9]") { michael@376: # fix_nated_contact(); michael@376: # force_rtp_proxy(); michael@376: #} else if (nat_uac_test("1")) { michael@376: # fix_nated_contact(); michael@376: #}; michael@376: #} michael@376: