## ## This is the default Flexisip configuration file ## ## ## Some global settings of the flexisip proxy. ## [global] # Outputs very detailed logs # Default value: false debug=false # Automatically respawn flexisip in case of abnormal termination # (crashes) # Default value: true auto-respawn=true # List of white space separated host names pointing to this machine. # This is to prevent loops while routing SIP messages. # Default value: localhost aliases=localhost sipopen.example.org sip.example.org auth.example.org auth1.example.org auth2.example.org # List of white space separated SIP uris where the proxy must listen.Wildcard # (*) can be used to mean 'all local ip addresses'. If 'transport' # prameter is unspecified, it will listen to both udp and tcp. An # local address to bind can be indicated in the 'maddr' parameter, # while the domain part of the uris are used as public domain or # ip address. Here some examples to understand: # * listen on all local interfaces for udp and tcp, on standart # port: # transports=sip:* # * listen on all local interfaces for udp,tcp and tls, on standart # ports: # transports=sip:* sips:* # * listen on 192.168.0.29:6060 with tls, but public hostname is # 'sip.linphone.org' used in SIP messages. Bind address won't appear: # transports=sips:sip.linphone.org:6060;maddr=192.168.0.29 # Default value: sip:* #transports=sip:192.168.56.101:5060 sips:192.168.56.101:5061 transports=sip:127.0.0.1:5060 sips:127.0.0.1:5061 # An absolute path of a directory where TLS server certificate and # private key can be found, concatenated inside an 'agent.pem' file. # Default value: /etc/flexisip/tls #tls-certificates-dir=/etc/flexisip/tls #tls-certificates-dir=/media/sf_workspaces/workspace-macosx/flexisip tls-certificates-dir=/Users/jehanmonnier/workspaces/workspace-sip-parser/linphone-private/tester/certificates ## ## STUN server parameters. ## [stun-server] # Enable or disable stun server. # Default value: true enabled=true # Local ip address where to bind the socket. # Default value: 0.0.0.0 bind-address=0.0.0.0 # STUN server port number. # Default value: 3478 port=3478 ## ## DOS protection parameters. ## [dos-protection] # Enable or disable DOS protection using IPTables firewall. # Default value: false enabled=false # List of whitelist IPs which won't be affected by DOS protection. # Default value: 127.0.0.1 authorized-ip=127.0.0.1 # Local ports to protect. # Default value: 5060 port=5060 # Time (in seconds) while an IP have to not send any packet in order # to leave the blacklist. # Default value: 60 ban-duration=60 # Number of packets authorized in 1sec before considering them as # DOS attack. # Default value: 20 packets-limit=20 # Maximal amount of simultaneous connections to accept. # Default value: 1000 maximum-connections=1000 ## ## The NatHelper module executes small tasks to make SIP work smoothly ## despite firewalls.It corrects the Contact headers that contain ## obviously inconsistent addresses, and adds a Record-Route to ensure ## subsequent requests are routed also by the proxy, through the ## UDP or TCP channel each client opened to the proxy. ## [module::NatHelper] # Indicate whether the module is activated. # Default value: true enabled=true # A request/response enters module if the boolean filter evaluates # to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain # in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org') # && (user-agent == 'Linphone v2') # Default value: filter= # Internal URI parameter added to response contact by first proxy # and cleaned by last one. # Default value: verified contact-verified-param=verified ## ## The authentication module challenges SIP requests according to ## a user/password database. ## [module::Authentication] # Indicate whether the module is activated. # Default value: false enabled=true # A request/response enters module if the boolean filter evaluates # to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain # in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org') # && (user-agent == 'Linphone v2') # Default value: filter= from.uri.domain contains 'sip.example.org' || from.uri.domain contains 'auth.example.org' || from.uri.domain contains 'auth1.example.org' || from.uri.domain contains 'auth2.example.org' # List of whitespace separated domain names to challenge. Others # are denied. # Default value: auth-domains= sip.example.org auth.example.org auth1.example.org auth2.example.org # List of whitespace separated IP which will not be challenged. # Default value: trusted-hosts= # Database backend implementation [odbc, file]. # Default value: odbc db-implementation=file # Odbc connection string to use for connecting to database. ex1: # DSN=myodbc3; where 'myodbc3' is the datasource name. ex2: DRIVER={MySQL};SERVER=host;DATABASE=db;USER=user;PASSWORD=pass;OPTION=3; # for a DSN-less connection. ex3: /etc/flexisip/passwd; for a file # containing one 'user@domain password' by line. # Default value: datasource=./userdb.conf # Odbc SQL request to execute to obtain the password # . Named parameters are :id (the user found in the from header), # :domain (the authorization realm) and :authid (the authorization # username). The use of the :id parameter is mandatory. # Default value: select password from accounts where id = :id and domain = :domain and authid=:authid request=select password from accounts where id = :id and domain = :domain and authid=:authid # Maximum length of the login column in database. # Default value: 100 max-id-length=100 # Maximum length of the password column in database # Default value: 100 max-password-length=100 # Use pooling in odbc # Default value: true odbc-pooling=true # Display timing statistics after this count of seconds # Default value: 0 odbc-display-timings-interval=0 # Display timing statistics once the number of samples reach this # number. # Default value: 0 odbc-display-timings-after-count=0 # Retrieve passwords asynchronously. # Default value: false odbc-asynchronous=false # Duration of the validity of the credentials added to the cache # in seconds. # Default value: 1800 cache-expire=1800 # Retrieve password immediately so that it is cached when an authenticated # request arrives. # Default value: true immediate-retrieve-password=true # True if retrieved passwords from the database are hashed. HA1=MD5(A1) # = MD5(username:realm:pass). # Default value: false hashed-passwords=false # When receiving a proxy authenticate challenge, generate a new # challenge for this proxy. # Default value: false new-auth-on-407=false ## ## ... ## [module::GatewayAdapter] # Indicate whether the module is activated. # Default value: false enabled=false # A request/response enters module if the boolean filter evaluates # to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain # in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org') # && (user-agent == 'Linphone v2') # Default value: filter= # A gateway uri where to send all requests, as a SIP url (eg 'sip:gateway.example.net') # Default value: gateway= # Modify the from and to domains of incoming register # Default value: gateway-domain= # The gateway will be added to the incoming register contacts. # Default value: true fork-to-gateway=true # Send a REGISTER to the gateway using this server as a contact # in order to be notified on incoming calls by the gateway. # Default value: true register-on-gateway=true # Parameter name hosting the incoming domain that will be sent in # the register to the gateway. # Default value: routing-domain routing-param=routing-domain ## ## The Registrar module accepts REGISTERs for domains it manages, ## and store the address of record in order to route other requests ## destinated to the client who registered. ## [module::Registrar] # Indicate whether the module is activated. # Default value: true enabled=true # A request/response enters module if the boolean filter evaluates # to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain # in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org') # && (user-agent == 'Linphone v2') # Default value: filter= # List of whitelist separated domain names to be managed by the # registrar. # Default value: localhost reg-domains=localhost sip.example.org sipopen.example.org auth1.example.org sip2.linphone.org # Maximum number of registered contacts of an address of record. # Default value: 15 max-contacts-by-aor=15 # List of contact uri parameters that can be used to identify a # user's device. # Default value: line unique-id-parameters=line # Maximum expire time for a REGISTER, in seconds. # Default value: 86400 max-expires=86400 # Minimum expire time for a REGISTER, in seconds. # Default value: 60 min-expires=1 # File containing the static records to add to database at startup. # Format: one 'sip_uri contact_header' by line. Example: # , # Default value: static-records-file= # Timeout in seconds after which the static records file is re-read # and the contacts updated. # Default value: 600 static-records-timeout=600 # Implementation used for storing address of records contact uris. # [redis-async, redis-sync, internal] # Default value: internal db-implementation=internal # Store and retrieve contacts without using the domain. # Default value: false use-global-domain=false # Fork messages to all registered devices # Default value: true fork=true # Force forking and thus the creation of an outgoing transaction # even when only one contact found # Default value: true stateful=true # Fork invites to late registers # Default value: false fork-late=false # Only forward one response of forked invite to the caller # Default value: true fork-one-response=true # All the forked have to decline in order to decline the caller # invite # Default value: false fork-no-global-decline=false # Maximum duration for delivering a message (text) # Default value: 3600 message-delivery-timeout=3600 # Generate a contact from the TO header and route it to the above # destination. [sip:host:port] # Default value: generated-contact-route= # Require presence of authorization header for specified realm. # [Realm] # Default value: generated-contact-expected-realm= ## ## This module performs push notifications ## [module::PushNotification] # Indicate whether the module is activated. # Default value: false enabled=false # A request/response enters module if the boolean filter evaluates # to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain # in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org') # && (user-agent == 'Linphone v2') # Default value: filter= # Number of second to wait before sending a push notification to # device(if <=0 then disabled) # Default value: 5 timeout=5 # Maximum number of notifications queued for each client # Default value: 10 max-queue-size=10 # Enable push notification for apple devices # Default value: true apple=true # Path to directory where to find Apple Push Notification service # certificates. They should bear the appid of the application, suffixed # by the release mode and .pem extension. For example: org.linphone.dev.pem # org.linphone.prod.pem com.somephone.dev.pem etc... The files should # be .pem format, and made of certificate followed by private key. # Default value: /etc/flexisip/apn apple-certificate-dir=/etc/flexisip/apn # Enable push notification for android devices # Default value: true google=true # List of couple projectId:ApiKey for each android project which # support push notifications # Default value: google-projects-api-keys= ## ## The purpose of the ContactRouteInserter module is to masquerade ## the contact header of incoming registers that are not handled ## locally (think about flexisip used as a SBC gateway) in such a ## way that it is then possible to route back outgoing invites to ## the original address. It is a kind of similar mechanism as Record-Route, ## but for REGISTER. ## [module::ContactRouteInserter] # Indicate whether the module is activated. # Default value: true enabled=false # A request/response enters module if the boolean filter evaluates # to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain # in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org') # && (user-agent == 'Linphone v2') # Default value: filter= # Hack for workarounding Nortel CS2k gateways bug. # Default value: false masquerade-contacts-for-invites=false ## ## This module performs load balancing between a set of configured ## destination proxies. ## [module::LoadBalancer] # Indicate whether the module is activated. # Default value: false enabled=false # A request/response enters module if the boolean filter evaluates # to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain # in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org') # && (user-agent == 'Linphone v2') # Default value: filter= # Whitespace separated list of sip routes to balance the requests. # Example: # Default value: routes= ## ## The MediaRelay module masquerades SDP message so that all RTP ## and RTCP streams go through the proxy. The RTP and RTCP streams ## are then routed so that each client receives the stream of the ## other. MediaRelay makes sure that RTP is ALWAYS established, even ## with uncooperative firewalls. ## [module::MediaRelay] # Indicate whether the module is activated. # Default value: true enabled=false # A request/response enters module if the boolean filter evaluates # to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain # in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org') # && (user-agent == 'Linphone v2') # Default value: filter= # SDP attribute set by the first proxy to forbid subsequent proxies # to provide relay. # Default value: nortpproxy nortpproxy=nortpproxy # Set the RTP direction during early media state (duplex, forward) # Default value: duplex early-media-rtp-dir=duplex # The minimal value of SDP port range # Default value: 1024 sdp-port-range-min=1024 # The maximal value of SDP port range # Default value: 65535 sdp-port-range-max=65535 # Enable I-frame only filtering for video H264 for clients annoucing # a total bandwith below this value expressed in kbit/s. Use 0 to # disable the feature # Default value: 0 #h264-filtering-bandwidth=0 # When above option is activated, keep one I frame over this number. # Default value: 1 #h264-iframe-decim=1 ## ## The purpose of the Transcoder module is to transparently transcode ## from one audio codec to another to make the communication possible ## between clients that do not share the same set of supported codecs. ## Concretely it adds all missing codecs into the INVITEs it receives, ## and adds codecs matching the original INVITE into the 200Ok. Rtp ## ports and addresses are masqueraded so that the streams can be ## processed by the proxy. The transcoding job is done in the background ## by the mediastreamer2 library, as consequence the set of supported ## codecs is exactly the the same as the codec set supported by mediastreamer2, ## including the possible plugins you may installed to extend mediastreamer2. ## WARNING: this module can conflict with the MediaRelay module as ## both are changin the SDP. Make sure to configure them with different ## to-domains or from-domains filter if you want to enable both of ## them. ## [module::Transcoder] # Indicate whether the module is activated. # Default value: false enabled=false # A request/response enters module if the boolean filter evaluates # to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain # in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org') # && (user-agent == 'Linphone v2') # Default value: filter= # Nominal size of RTP jitter buffer, in milliseconds. A value of # 0 means no jitter buffer (packet processing). # Default value: 0 jb-nom-size=0 # Whitespace separated list of user-agent strings for which audio # rate control is performed. # Default value: rc-user-agents= # Whitespace seprated list of audio codecs, in order of preference. # Default value: speex/8000 amr/8000 iLBC/8000 gsm/8000 pcmu/8000 pcma/8000 audio-codecs=speex/8000 amr/8000 iLBC/8000 gsm/8000 pcmu/8000 pcma/8000 # If true, retransmissions of INVITEs will be blocked. The purpose # of this option is to limit bandwidth usage and server load on # reliable networks. # Default value: false block-retransmissions=false ## ## This module executes the basic routing task of SIP requests and ## pass them to the transport layer. It must always be enabled. ## [module::Forward] # Indicate whether the module is activated. # Default value: true enabled=true # A request/response enters module if the boolean filter evaluates # to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain # in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org') # && (user-agent == 'Linphone v2') # Default value: filter= # A sip uri where to send all requests # Default value: route= # Rewrite request-uri's host and port according to above route # Default value: false rewrite-req-uri=false