|
|
@@ -0,0 +1,1542 @@
|
|
|
+; PJSIP Configuration Samples and Quick Reference
|
|
|
+;
|
|
|
+; This file has several very basic configuration examples, to serve as a quick
|
|
|
+; reference to jog your memory when you need to write up a new configuration.
|
|
|
+; It is not intended to teach PJSIP configuration or serve as an exhaustive
|
|
|
+; reference of options and potential scenarios.
|
|
|
+;
|
|
|
+; This file has two main sections.
|
|
|
+; First, manually written examples to serve as a handy reference.
|
|
|
+; Second, a list of all possible PJSIP config options by section. This is
|
|
|
+; pulled from the XML config help. It only shows the synopsis for every item.
|
|
|
+; If you want to see more detail please check the documentation sources
|
|
|
+; mentioned at the top of this file.
|
|
|
+
|
|
|
+; ============================================================================
|
|
|
+; NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE
|
|
|
+;
|
|
|
+; This file does not maintain the complete option documentation.
|
|
|
+; ============================================================================
|
|
|
+
|
|
|
+; Documentation
|
|
|
+;
|
|
|
+; The official documentation is at http://wiki.asterisk.org
|
|
|
+; You can read the XML configuration help via Asterisk command line with
|
|
|
+; "config show help res_pjsip", then you can drill down through the various
|
|
|
+; sections and their options.
|
|
|
+;
|
|
|
+
|
|
|
+;========!!!!!!!!!!!!!!!!!!! SECURITY NOTICE !!!!!!!!!!!!!!!!!!!!===========
|
|
|
+;
|
|
|
+; At a minimum please read the file "README-SERIOUSLY.bestpractices.txt",
|
|
|
+; located in the Asterisk source directory before starting Asterisk.
|
|
|
+; Otherwise you risk allowing the security of the Asterisk system to be
|
|
|
+; compromised. Beyond that please visit and read the security information on
|
|
|
+; the wiki at: https://wiki.asterisk.org/wiki/x/EwFB
|
|
|
+;
|
|
|
+; A few basics to pay attention to:
|
|
|
+;
|
|
|
+; Anonymous Calls
|
|
|
+;
|
|
|
+; By default anonymous inbound calls via PJSIP are not allowed. If you want to
|
|
|
+; route anonymous calls you'll need to define an endpoint named "anonymous".
|
|
|
+; res_pjsip_endpoint_identifier_anonymous.so handles that functionality so it
|
|
|
+; must be loaded. It is not recommended to accept anonymous calls.
|
|
|
+;
|
|
|
+; Access Control Lists
|
|
|
+;
|
|
|
+; See the example ACL configuration in this file. Read the configuration help
|
|
|
+; for the section and all of its options. Look over the samples in acl.conf
|
|
|
+; and documentation at https://wiki.asterisk.org/wiki/x/uA80AQ
|
|
|
+; If possible, restrict access to only networks and addresses you trust.
|
|
|
+;
|
|
|
+; Dialplan Contexts
|
|
|
+;
|
|
|
+; When defining configuration (such as an endpoint) that links into
|
|
|
+; dialplan configuration, be aware of what that dialplan does. It's easy to
|
|
|
+; accidentally provide access to internal or outbound dialing extensions which
|
|
|
+; could cost you severely. The "context=" line in endpoint configuration
|
|
|
+; determines which dialplan context inbound calls will enter into.
|
|
|
+;
|
|
|
+;=============================================================================
|
|
|
+
|
|
|
+; Overview of Configuration Section Types Used in the Examples
|
|
|
+;
|
|
|
+; * Transport "transport"
|
|
|
+; * Configures res_pjsip transport layer interaction.
|
|
|
+; * Endpoint "endpoint"
|
|
|
+; * Configures core SIP functionality related to SIP endpoints.
|
|
|
+; * Authentication "auth"
|
|
|
+; * Stores inbound or outbound authentication credentials for use by trunks,
|
|
|
+; endpoints, registrations.
|
|
|
+; * Address of Record "aor"
|
|
|
+; * Stores contact information for use by endpoints.
|
|
|
+; * Endpoint Identification "identify"
|
|
|
+; * Maps a host directly to an endpoint
|
|
|
+; * Access Control List "acl"
|
|
|
+; * Defines a permission list or references one stored in acl.conf
|
|
|
+; * Registration "registration"
|
|
|
+; * Contains information about an outbound SIP registration
|
|
|
+; * Resource Lists
|
|
|
+; * Contains information for configuring resource lists.
|
|
|
+; * Phone Provisioning "phoneprov"
|
|
|
+; * Contains information needed by res_phoneprov for autoprovisioning
|
|
|
+
|
|
|
+; The following sections show example configurations for various scenarios.
|
|
|
+; Most require a couple or more configuration types configured in concert.
|
|
|
+
|
|
|
+;=============================================================================
|
|
|
+
|
|
|
+; Naming of Configuration Sections
|
|
|
+;
|
|
|
+; Configuration section names are denoted with enclosing brackets,
|
|
|
+; e.g. [6001]
|
|
|
+; In most cases, you can name a section whatever makes sense to you. For example
|
|
|
+; you might name a transport [transport-udp-nat] to help you remember how that
|
|
|
+; section is being used. However, in some cases, ("endpoint" and "aor" types)
|
|
|
+; the section name has a relationship to its function.
|
|
|
+;
|
|
|
+; Depending on the modules loaded, Asterisk can match SIP requests to an
|
|
|
+; endpoint or aor in a few ways:
|
|
|
+;
|
|
|
+; 1) Match a section name for endpoint type sections to the username in the
|
|
|
+; "From" header of inbound SIP requests.
|
|
|
+; 2) Match a section name for aor type sections to the username in the "To"
|
|
|
+; header of inbound SIP REGISTER requests.
|
|
|
+; 3) With an identify type section configured, match an inbound SIP request of
|
|
|
+; any type to an endpoint or aor based on the IP source address of the
|
|
|
+; request.
|
|
|
+;
|
|
|
+; Note that sections can have the same name as long as their "type" options are
|
|
|
+; set to different values. In most cases it makes sense to have associated
|
|
|
+; configuration sections use the same name, as you'll see in the examples within
|
|
|
+; this file.
|
|
|
+
|
|
|
+;===============EXAMPLE TRANSPORTS============================================
|
|
|
+;
|
|
|
+; A few examples for potential transport options.
|
|
|
+;
|
|
|
+; For the NAT transport example, be aware that the options starting with
|
|
|
+; the prefix "external_" will only apply to communication with addresses
|
|
|
+; outside the range set with "local_net=".
|
|
|
+;
|
|
|
+; You can have more than one of any type of transport, as long as it doesn't
|
|
|
+; use the same resources (bind address, port, etc) as the others.
|
|
|
+
|
|
|
+; Basic UDP transport
|
|
|
+;
|
|
|
+;[transport-udp]
|
|
|
+;type=transport
|
|
|
+;protocol=udp ;udp,tcp,tls,ws,wss
|
|
|
+;bind=0.0.0.0
|
|
|
+
|
|
|
+; UDP transport behind NAT
|
|
|
+;
|
|
|
+;[transport-udp-nat]
|
|
|
+;type=transport
|
|
|
+;protocol=udp
|
|
|
+;bind=0.0.0.0
|
|
|
+;local_net=192.0.2.0/24
|
|
|
+;external_media_address=203.0.113.1
|
|
|
+;external_signaling_address=203.0.113.1
|
|
|
+
|
|
|
+; Basic IPv6 UDP transport
|
|
|
+;
|
|
|
+;[transport-udp-ipv6]
|
|
|
+;type=transport
|
|
|
+;protocol=udp
|
|
|
+;bind=::
|
|
|
+
|
|
|
+; Example IPv4 TLS transport
|
|
|
+;
|
|
|
+;[transport-tls]
|
|
|
+;type=transport
|
|
|
+;protocol=tls
|
|
|
+;bind=0.0.0.0
|
|
|
+;cert_file=/path/mycert.crt
|
|
|
+;priv_key_file=/path/mykey.key
|
|
|
+;cipher=ADH-AES256-SHA,ADH-AES128-SHA
|
|
|
+;method=tlsv1
|
|
|
+
|
|
|
+
|
|
|
+;===============OUTBOUND REGISTRATION WITH OUTBOUND AUTHENTICATION============
|
|
|
+;
|
|
|
+; This is a simple registration that works with some SIP trunking providers.
|
|
|
+; You'll need to set up the auth example "mytrunk_auth" below to enable outbound
|
|
|
+; authentication. Note that we "outbound_auth=" use for outbound authentication
|
|
|
+; instead of "auth=", which is for inbound authentication.
|
|
|
+;
|
|
|
+; If you are registering to a server from behind NAT, be sure you assign a transport
|
|
|
+; that is appropriately configured with NAT related settings. See the NAT transport example.
|
|
|
+;
|
|
|
+; "contact_user=" sets the SIP contact header's user portion of the SIP URI
|
|
|
+; this will affect the extension reached in dialplan when the far end calls you at this
|
|
|
+; registration. The default is 's'.
|
|
|
+;
|
|
|
+; If you would like to enable line support and have incoming calls related to this
|
|
|
+; registration go to an endpoint automatically the "line" and "endpoint" options must
|
|
|
+; be set. The "endpoint" option specifies what endpoint the incoming call should be
|
|
|
+; associated with.
|
|
|
+
|
|
|
+;[mytrunk]
|
|
|
+;type=registration
|
|
|
+;transport=transport-udp
|
|
|
+;outbound_auth=mytrunk_auth
|
|
|
+;server_uri=sip:sip.example.com
|
|
|
+;client_uri=sip:1234567890@sip.example.com
|
|
|
+;contact_user=1234567890
|
|
|
+;retry_interval=60
|
|
|
+;forbidden_retry_interval=600
|
|
|
+;expiration=3600
|
|
|
+;line=yes
|
|
|
+;endpoint=mytrunk
|
|
|
+
|
|
|
+;[mytrunk_auth]
|
|
|
+;type=auth
|
|
|
+;auth_type=userpass
|
|
|
+;password=1234567890
|
|
|
+;username=1234567890
|
|
|
+;realm=sip.example.com
|
|
|
+
|
|
|
+;===============ENDPOINT CONFIGURED AS A TRUNK, OUTBOUND AUTHENTICATION=======
|
|
|
+;
|
|
|
+; This is one way to configure an endpoint as a trunk. It is set up with
|
|
|
+; "outbound_auth=" to enable authentication when dialing out through this
|
|
|
+; endpoint. There is no inbound authentication set up since a provider will
|
|
|
+; not normally authenticate when calling you.
|
|
|
+;
|
|
|
+; The identify configuration enables IP address matching against this endpoint.
|
|
|
+; For calls from a trunking provider, the From user may be different every time,
|
|
|
+; so we want to match against IP address instead of From user.
|
|
|
+;
|
|
|
+; If you want the provider of your trunk to know where to send your calls
|
|
|
+; you'll need to use an outbound registration as in the example above this
|
|
|
+; section.
|
|
|
+;
|
|
|
+; NAT
|
|
|
+;
|
|
|
+; At a basic level configure the endpoint with a transport that is set up
|
|
|
+; with the appropriate NAT settings. There may be some additional settings you
|
|
|
+; need here based on your NAT/Firewall scenario. Look to the CLI config help
|
|
|
+; "config show help res_pjsip endpoint" or on the wiki for other NAT related
|
|
|
+; options and configuration. We've included a few below.
|
|
|
+;
|
|
|
+; AOR
|
|
|
+;
|
|
|
+; Endpoints use one or more AOR sections to store their contact details.
|
|
|
+; You can define multiple contact addresses in SIP URI format in multiple
|
|
|
+; "contact=" entries.
|
|
|
+;
|
|
|
+
|
|
|
+;[mytrunk]
|
|
|
+;type=endpoint
|
|
|
+;transport=transport-udp
|
|
|
+;context=from-external
|
|
|
+;disallow=all
|
|
|
+;allow=ulaw
|
|
|
+;outbound_auth=mytrunk_auth
|
|
|
+;aors=mytrunk
|
|
|
+; ;A few NAT relevant options that may come in handy.
|
|
|
+;force_rport=yes ;It's a good idea to read the configuration help for each
|
|
|
+;direct_media=no ;of these options.
|
|
|
+;ice_support=yes
|
|
|
+
|
|
|
+;[mytrunk]
|
|
|
+;type=aor
|
|
|
+;contact=sip:198.51.100.1:5060
|
|
|
+;contact=sip:198.51.100.2:5060
|
|
|
+
|
|
|
+;[mytrunk]
|
|
|
+;type=identify
|
|
|
+;endpoint=mytrunk
|
|
|
+;match=198.51.100.1
|
|
|
+;match=198.51.100.2
|
|
|
+;match=192.168.10.0:5061/24
|
|
|
+
|
|
|
+
|
|
|
+;=============ENDPOINT CONFIGURED AS A TRUNK, INBOUND AUTH AND REGISTRATION===
|
|
|
+;
|
|
|
+; Here we are allowing a remote device to register to Asterisk and requiring
|
|
|
+; that they authenticate for registration and calls.
|
|
|
+; You'll note that this configuration is essentially the same as configuring
|
|
|
+; an endpoint for use with a SIP phone.
|
|
|
+
|
|
|
+
|
|
|
+;[7000]
|
|
|
+;type=endpoint
|
|
|
+;context=from-external
|
|
|
+;disallow=all
|
|
|
+;allow=ulaw
|
|
|
+;transport=transport-udp
|
|
|
+;auth=7000
|
|
|
+;aors=7000
|
|
|
+
|
|
|
+;[7000]
|
|
|
+;type=auth
|
|
|
+;auth_type=userpass
|
|
|
+;password=7000
|
|
|
+;username=7000
|
|
|
+
|
|
|
+;[7000]
|
|
|
+;type=aor
|
|
|
+;max_contacts=1
|
|
|
+
|
|
|
+
|
|
|
+;===============ENDPOINT CONFIGURED FOR USE WITH A SIP PHONE==================
|
|
|
+;
|
|
|
+; This example includes the endpoint, auth and aor configurations. It
|
|
|
+; requires inbound authentication and allows registration, as well as references
|
|
|
+; a transport that you'll need to uncomment from the previous examples.
|
|
|
+;
|
|
|
+; Uncomment one of the transport lines to choose which transport you want. If
|
|
|
+; not specified then the default transport chosen is the first compatible transport
|
|
|
+; in the configuration file for the contact URL.
|
|
|
+;
|
|
|
+; Modify the "max_contacts=" line to change how many unique registrations to allow.
|
|
|
+;
|
|
|
+; Use the "contact=" line instead of max_contacts= if you want to statically
|
|
|
+; define the location of the device.
|
|
|
+;
|
|
|
+; If using the TLS enabled transport, you may want the "media_encryption=sdes"
|
|
|
+; option to additionally enable SRTP, though they are not mutually inclusive.
|
|
|
+;
|
|
|
+; If this endpoint were remote, and it was using a transport configured for NAT
|
|
|
+; then you likely want to use "direct_media=no" to prevent audio issues.
|
|
|
+
|
|
|
+
|
|
|
+;[6001]
|
|
|
+;type=endpoint
|
|
|
+;transport=transport-udp
|
|
|
+;context=from-internal
|
|
|
+;disallow=all
|
|
|
+;allow=ulaw
|
|
|
+;allow=gsm
|
|
|
+;auth=6001
|
|
|
+;aors=6001
|
|
|
+;
|
|
|
+; A few more transports to pick from, and some related options below them.
|
|
|
+;
|
|
|
+;transport=transport-tls
|
|
|
+;media_encryption=sdes
|
|
|
+;transport=transport-udp-ipv6
|
|
|
+;transport=transport-udp-nat
|
|
|
+;direct_media=no
|
|
|
+;
|
|
|
+; MWI related options
|
|
|
+
|
|
|
+;aggregate_mwi=yes
|
|
|
+;mailboxes=6001@default,7001@default
|
|
|
+;mwi_from_user=6001
|
|
|
+;
|
|
|
+; Extension and Device state options
|
|
|
+;
|
|
|
+;device_state_busy_at=1
|
|
|
+;allow_subscribe=yes
|
|
|
+;sub_min_expiry=30
|
|
|
+;
|
|
|
+; STIR/SHAKEN support.
|
|
|
+;
|
|
|
+;stir_shaken=no
|
|
|
+
|
|
|
+;[6001]
|
|
|
+;type=auth
|
|
|
+;auth_type=userpass
|
|
|
+;password=6001
|
|
|
+;username=6001
|
|
|
+
|
|
|
+;[6001]
|
|
|
+;type=aor
|
|
|
+;max_contacts=1
|
|
|
+;contact=sip:6001@192.0.2.1:5060
|
|
|
+
|
|
|
+;===============ENDPOINT BEHIND NAT OR FIREWALL===============================
|
|
|
+;
|
|
|
+; This example assumes your transport is configured with a public IP and the
|
|
|
+; endpoint itself is behind NAT and maybe a firewall, rather than having
|
|
|
+; Asterisk behind NAT. For the sake of simplicity, we'll assume a typical
|
|
|
+; VOIP phone. The most important settings to configure are:
|
|
|
+;
|
|
|
+; * direct_media, to ensure Asterisk stays in the media path
|
|
|
+; * rtp_symmetric and force_rport options to help the far-end NAT/firewall
|
|
|
+;
|
|
|
+; Depending on the settings of your remote SIP device or NAT/firewall device
|
|
|
+; you may have to experiment with a combination of these settings.
|
|
|
+;
|
|
|
+; If both Asterisk and the remote phones are a behind NAT/firewall then you'll
|
|
|
+; have to make sure to use a transport with appropriate settings (as in the
|
|
|
+; transport-udp-nat example).
|
|
|
+;
|
|
|
+;[6002]
|
|
|
+;type=endpoint
|
|
|
+;transport=transport-udp
|
|
|
+;context=from-internal
|
|
|
+;disallow=all
|
|
|
+;allow=ulaw
|
|
|
+;auth=6002
|
|
|
+;aors=6002
|
|
|
+;direct_media=no
|
|
|
+;rtp_symmetric=yes
|
|
|
+;force_rport=yes
|
|
|
+;rewrite_contact=yes ; necessary if endpoint does not know/register public ip:port
|
|
|
+;ice_support=yes ;This is specific to clients that support NAT traversal
|
|
|
+ ;for media via ICE,STUN,TURN. See the wiki at:
|
|
|
+ ;https://wiki.asterisk.org/wiki/x/D4FHAQ
|
|
|
+ ;for a deeper explanation of this topic.
|
|
|
+
|
|
|
+;[6002]
|
|
|
+;type=auth
|
|
|
+;auth_type=userpass
|
|
|
+;password=6002
|
|
|
+;username=6002
|
|
|
+
|
|
|
+;[6002]
|
|
|
+;type=aor
|
|
|
+;max_contacts=2
|
|
|
+
|
|
|
+
|
|
|
+;============EXAMPLE ACL CONFIGURATION==========================================
|
|
|
+;
|
|
|
+; The ACL or Access Control List section defines a set of permissions to permit
|
|
|
+; or deny access to various address or addresses. Alternatively it references an
|
|
|
+; ACL configuration already set in acl.conf.
|
|
|
+;
|
|
|
+; The ACL configuration is independent of individual endpoint configuration and
|
|
|
+; operates on all inbound SIP communication using res_pjsip.
|
|
|
+
|
|
|
+; Reference an ACL defined in acl.conf.
|
|
|
+;
|
|
|
+;[acl]
|
|
|
+;type=acl
|
|
|
+;acl=example_named_acl1
|
|
|
+
|
|
|
+; Reference a contactacl specifically.
|
|
|
+;
|
|
|
+;[acl]
|
|
|
+;type=acl
|
|
|
+;contact_acl=example_contact_acl1
|
|
|
+
|
|
|
+; Define your own ACL here in pjsip.conf and
|
|
|
+; permit or deny by IP address or range.
|
|
|
+;
|
|
|
+;[acl]
|
|
|
+;type=acl
|
|
|
+;deny=0.0.0.0/0.0.0.0
|
|
|
+;permit=209.16.236.0/24
|
|
|
+;deny=209.16.236.1
|
|
|
+
|
|
|
+; Restrict based on Contact Headers rather than IP.
|
|
|
+; Define options multiple times for various addresses or use a comma-delimited string.
|
|
|
+;
|
|
|
+;[acl]
|
|
|
+;type=acl
|
|
|
+;contact_deny=0.0.0.0/0.0.0.0
|
|
|
+;contact_permit=209.16.236.0/24
|
|
|
+;contact_permit=209.16.236.1
|
|
|
+;contact_permit=209.16.236.2,209.16.236.3
|
|
|
+
|
|
|
+; Restrict based on Contact Headers rather than IP and use
|
|
|
+; advanced syntax. Note the bang symbol used for "NOT", so we can deny
|
|
|
+; 209.16.236.12/32 within the permit= statement.
|
|
|
+;
|
|
|
+;[acl]
|
|
|
+;type=acl
|
|
|
+;contact_deny=0.0.0.0/0.0.0.0
|
|
|
+;contact_permit=209.16.236.0
|
|
|
+;permit=209.16.236.0/24, !209.16.236.12/32
|
|
|
+
|
|
|
+
|
|
|
+;============EXAMPLE RLS CONFIGURATION==========================================
|
|
|
+;
|
|
|
+;Asterisk provides support for RFC 4662 Resource List Subscriptions. This allows
|
|
|
+;for an endpoint to, through a single subscription, subscribe to the states of
|
|
|
+;multiple resources. Resource lists are configured in pjsip.conf using the
|
|
|
+;resource_list configuration object. Below is an example of a resource list that
|
|
|
+;allows an endpoint to subscribe to the presence of alice, bob, and carol.
|
|
|
+
|
|
|
+;[my_list]
|
|
|
+;type=resource_list
|
|
|
+;list_item=alice
|
|
|
+;list_item=bob
|
|
|
+;list_item=carol
|
|
|
+;event=presence
|
|
|
+
|
|
|
+;The "event" option in the resource list corresponds to the SIP event-package
|
|
|
+;that the subscribed resources belong to. A resource list can only provide states
|
|
|
+;for resources that belong to the same event-package. This means that you cannot
|
|
|
+;create a list that is a combination of presence and message-summary resources,
|
|
|
+;for instance. Any event-package that Asterisk supports can be used in a resource
|
|
|
+;list (presence, dialog, and message-summary). Whenever support for a new event-
|
|
|
+;package is added to Asterisk, support for that event-package in resource lists
|
|
|
+;will automatically be supported.
|
|
|
+
|
|
|
+;The "list_item" options indicate the names of resources to subscribe to. The
|
|
|
+;way these are interpreted is event-package specific. For instance, with presence
|
|
|
+;list_items, hints in the dialplan are looked up. With message-summary list_items,
|
|
|
+;mailboxes are looked up using your installed voicemail provider (app_voicemail
|
|
|
+;by default). Note that in the above example, the list_item options were given
|
|
|
+;one per line. However, it is also permissible to provide multiple list_item
|
|
|
+;options on a single line (e.g. list_item = alice,bob,carol).
|
|
|
+
|
|
|
+;In addition to the options presented in the above configuration, there are two
|
|
|
+;more configuration options that can be set.
|
|
|
+; * full_state: dictates whether Asterisk should always send the states of
|
|
|
+; all resources in the list at once. Defaults to "no". You should only set
|
|
|
+; this to "yes" if you are interoperating with an endpoint that does not
|
|
|
+; behave correctly when partial state notifications are sent to it.
|
|
|
+; * notification_batch_interval: By default, Asterisk will send a NOTIFY request
|
|
|
+; immediately when a resource changes state. This option causes Asterisk to
|
|
|
+; start batching resource state changes for the specified number of milliseconds
|
|
|
+; after a resource changes states. This way, if multiple resources change state
|
|
|
+; within a brief interval, Asterisk can send a single NOTIFY request with all
|
|
|
+; of the state changes reflected in it.
|
|
|
+
|
|
|
+;There is a limitation to the size of resource lists in Asterisk. If a constructed
|
|
|
+;notification from Asterisk will exceed 64000 bytes, then the message is deemed
|
|
|
+;too large to send. If you find that you are seeing error messages about SIP
|
|
|
+;NOTIFY requests being too large to send, consider breaking your lists into
|
|
|
+;sub-lists.
|
|
|
+
|
|
|
+;============EXAMPLE PHONEPROV CONFIGURATION================================
|
|
|
+
|
|
|
+; Before configuring provisioning here, see the documentation for res_phoneprov
|
|
|
+; and configure phoneprov.conf appropriately.
|
|
|
+
|
|
|
+; For each user to be autoprovisioned, a [phoneprov] configuration section
|
|
|
+; must be created. At a minimum, the 'type', 'PROFILE' and 'MAC' variables must
|
|
|
+; be set. All other variables are optional.
|
|
|
+; Example:
|
|
|
+
|
|
|
+;[1000]
|
|
|
+;type=phoneprov ; must be specified as 'phoneprov'
|
|
|
+;endpoint=1000 ; Required only if automatic setting of
|
|
|
+ ; USERNAME, SECRET, DISPLAY_NAME and CALLERID
|
|
|
+ ; are needed.
|
|
|
+;PROFILE=digium ; required
|
|
|
+;MAC=deadbeef4dad ; required
|
|
|
+;SERVER=myserver.example.com ; A standard variable
|
|
|
+;TIMEZONE=America/Denver ; A standard variable
|
|
|
+;MYVAR=somevalue ; A user confdigured variable
|
|
|
+
|
|
|
+; If the phoneprov sections have common variables, it is best to create a
|
|
|
+; phoneprov template. The example below will produce the same configuration
|
|
|
+; as the one specified above except that MYVAR will be overridden for
|
|
|
+; the specific user.
|
|
|
+; Example:
|
|
|
+
|
|
|
+;[phoneprov_defaults](!)
|
|
|
+;type=phoneprov ; must be specified as 'phoneprov'
|
|
|
+;PROFILE=digium ; required
|
|
|
+;SERVER=myserver.example.com ; A standard variable
|
|
|
+;TIMEZONE=America/Denver ; A standard variable
|
|
|
+;MYVAR=somevalue ; A user configured variable
|
|
|
+
|
|
|
+;[1000](phoneprov_defaults)
|
|
|
+;endpoint=1000 ; Required only if automatic setting of
|
|
|
+ ; USERNAME, SECRET, DISPLAY_NAME and CALLERID
|
|
|
+ ; are needed.
|
|
|
+;MAC=deadbeef4dad ; required
|
|
|
+;MYVAR=someOTHERvalue ; A user confdigured variable
|
|
|
+
|
|
|
+; To have USERNAME and SECRET automatically set, the endpoint
|
|
|
+; specified here must in turn have an outbound_auth section defined.
|
|
|
+
|
|
|
+; Fuller example:
|
|
|
+
|
|
|
+;[1000]
|
|
|
+;type=endpoint
|
|
|
+;outbound_auth=1000-auth
|
|
|
+;callerid=My Name <8005551212>
|
|
|
+;transport=transport-udp-nat
|
|
|
+
|
|
|
+;[1000-auth]
|
|
|
+;type=auth
|
|
|
+;auth_type=userpass
|
|
|
+;username=myname
|
|
|
+;password=mysecret
|
|
|
+
|
|
|
+;[phoneprov_defaults](!)
|
|
|
+;type=phoneprov ; must be specified as 'phoneprov'
|
|
|
+;PROFILE=someprofile ; required
|
|
|
+;SERVER=myserver.example.com ; A standard variable
|
|
|
+;TIMEZONE=America/Denver ; A standard variable
|
|
|
+;MYVAR=somevalue ; A user configured variable
|
|
|
+
|
|
|
+;[1000](phoneprov_defaults)
|
|
|
+;endpoint=1000 ; Required only if automatic setting of
|
|
|
+ ; USERNAME, SECRET, DISPLAY_NAME and CALLERID
|
|
|
+ ; are needed.
|
|
|
+;MAC=deadbeef4dad ; required
|
|
|
+;MYVAR=someUSERvalue ; A user confdigured variable
|
|
|
+;LABEL=1000 ; A standard variable
|
|
|
+
|
|
|
+; The previous sections would produce a template substitution map as follows:
|
|
|
+
|
|
|
+;MAC=deadbeef4dad ;added by pp1000
|
|
|
+;USERNAME=myname ;automatically added by 1000-auth username
|
|
|
+;SECRET=mysecret ;automatically added by 1000-auth password
|
|
|
+;PROFILE=someprofile ;added by defaults
|
|
|
+;SERVER=myserver.example.com ;added by defaults
|
|
|
+;SERVER_PORT=5060 ;added by defaults
|
|
|
+;MYVAR=someUSERvalue ;added by defaults but overdidden by user
|
|
|
+;CALLERID=8005551212 ;automatically added by 1000 callerid
|
|
|
+;DISPLAY_NAME=My Name ;automatically added by 1000 callerid
|
|
|
+;TIMEZONE=America/Denver ;added by defaults
|
|
|
+;TZOFFSET=252100 ;automatically calculated by res_phoneprov
|
|
|
+;DST_ENABLE=1 ;automatically calculated by res_phoneprov
|
|
|
+;DST_START_MONTH=3 ;automatically calculated by res_phoneprov
|
|
|
+;DST_START_MDAY=9 ;automatically calculated by res_phoneprov
|
|
|
+;DST_START_HOUR=3 ;automatically calculated by res_phoneprov
|
|
|
+;DST_END_MONTH=11 ;automatically calculated by res_phoneprov
|
|
|
+;DST_END_MDAY=2 ;automatically calculated by res_phoneprov
|
|
|
+;DST_END_HOUR=1 ;automatically calculated by res_phoneprov
|
|
|
+;ENDPOINT_ID=1000 ;automatically added by this module
|
|
|
+;AUTH_ID=1000-auth ;automatically added by this module
|
|
|
+;TRANSPORT_ID=transport-udp-nat ;automatically added by this module
|
|
|
+;LABEL=1000 ;added by user
|
|
|
+
|
|
|
+; MODULE PROVIDING BELOW SECTION(S): res_pjsip
|
|
|
+;==========================ENDPOINT SECTION OPTIONS=========================
|
|
|
+;[endpoint]
|
|
|
+; SYNOPSIS: Endpoint
|
|
|
+;100rel=yes ; Allow support for RFC3262 provisional ACK tags (default:
|
|
|
+ ; "yes")
|
|
|
+;aggregate_mwi=yes ; (default: "yes")
|
|
|
+;allow= ; Media Codec s to allow (default: "")
|
|
|
+;allow_overlap=yes ; Enable RFC3578 overlap dialing support. (default: "yes")
|
|
|
+;aors= ; AoR s to be used with the endpoint (default: "")
|
|
|
+;auth= ; Authentication Object s associated with the endpoint (default: "")
|
|
|
+;callerid= ; CallerID information for the endpoint (default: "")
|
|
|
+;callerid_privacy=allowed_not_screened ; Default privacy level (default: "allowed_not_screened")
|
|
|
+;callerid_tag= ; Internal id_tag for the endpoint (default: "")
|
|
|
+;context=default ; Dialplan context for inbound sessions (default:
|
|
|
+ ; "default")
|
|
|
+;direct_media_glare_mitigation=none ; Mitigation of direct media re INVITE
|
|
|
+ ; glare (default: "none")
|
|
|
+;direct_media_method=invite ; Direct Media method type (default: "invite")
|
|
|
+;trust_connected_line=yes ; Accept Connected Line updates from this endpoint
|
|
|
+ ; (default: "yes")
|
|
|
+;send_connected_line=yes ; Send Connected Line updates to this endpoint
|
|
|
+ ; (default: "yes")
|
|
|
+;connected_line_method=invite ; Connected line method type.
|
|
|
+ ; When set to "invite", check the remote's
|
|
|
+ ; Allow header and if UPDATE is allowed, send
|
|
|
+ ; UPDATE instead of INVITE to avoid SDP
|
|
|
+ ; renegotiation. If UPDATE is not Allowed,
|
|
|
+ ; send INVITE.
|
|
|
+ ; If set to "update", send UPDATE regardless
|
|
|
+ ; of what the remote Allows.
|
|
|
+ ; (default: "invite")
|
|
|
+;direct_media=yes ; Determines whether media may flow directly between
|
|
|
+ ; endpoints (default: "yes")
|
|
|
+;disable_direct_media_on_nat=no ; Disable direct media session refreshes when
|
|
|
+ ; NAT obstructs the media session (default:
|
|
|
+ ; "no")
|
|
|
+;disallow= ; Media Codec s to disallow (default: "")
|
|
|
+;dtmf_mode=rfc4733 ; DTMF mode (default: "rfc4733")
|
|
|
+;media_address= ; IP address used in SDP for media handling (default: "")
|
|
|
+;bind_rtp_to_media_address= ; Bind the RTP session to the media_address.
|
|
|
+ ; This causes all RTP packets to be sent from
|
|
|
+ ; the specified address. (default: "no")
|
|
|
+;force_rport=yes ; Force use of return port (default: "yes")
|
|
|
+;ice_support=no ; Enable the ICE mechanism to help traverse NAT (default: "no")
|
|
|
+;identify_by=username ; A comma-separated list of ways the Endpoint or AoR can be
|
|
|
+ ; identified.
|
|
|
+ ; "username": Identify by the From or To username and domain
|
|
|
+ ; "auth_username": Identify by the Authorization username and realm
|
|
|
+ ; "ip": Identify by the source IP address
|
|
|
+ ; "header": Identify by a configured SIP header value.
|
|
|
+ ; In the username and auth_username cases, if an exact match
|
|
|
+ ; on both username and domain/realm fails, the match is
|
|
|
+ ; retried with just the username.
|
|
|
+ ; (default: "username,ip")
|
|
|
+;redirect_method=user ; How redirects received from an endpoint are handled
|
|
|
+ ; (default: "user")
|
|
|
+;mailboxes= ; NOTIFY the endpoint when state changes for any of the specified mailboxes.
|
|
|
+ ; Asterisk will send unsolicited MWI NOTIFY messages to the endpoint when state
|
|
|
+ ; changes happen for any of the specified mailboxes. (default: "")
|
|
|
+;voicemail_extension= ; The voicemail extension to send in the NOTIFY Message-Account header
|
|
|
+ ; (default: global/default_voicemail_extension)
|
|
|
+;mwi_subscribe_replaces_unsolicited=no
|
|
|
+ ; An MWI subscribe will replace unsoliticed NOTIFYs
|
|
|
+ ; (default: "no")
|
|
|
+;moh_suggest=default ; Default Music On Hold class (default: "default")
|
|
|
+;moh_passthrough=yes ; Pass Music On Hold through using SIP re-invites with sendonly
|
|
|
+ ; when placing on hold and sendrecv when taking off hold
|
|
|
+;outbound_auth= ; Authentication object used for outbound requests (default:
|
|
|
+ ; "")
|
|
|
+;outbound_proxy= ; Proxy through which to send requests, a full SIP URI
|
|
|
+ ; must be provided (default: "")
|
|
|
+;rewrite_contact=no ; Allow Contact header to be rewritten with the source
|
|
|
+ ; IP address port (default: "no")
|
|
|
+;rtp_symmetric=no ; Enforce that RTP must be symmetric (default: "no")
|
|
|
+;send_diversion=yes ; Send the Diversion header conveying the diversion
|
|
|
+ ; information to the called user agent (default: "yes")
|
|
|
+;send_pai=no ; Send the P Asserted Identity header (default: "no")
|
|
|
+;send_rpid=no ; Send the Remote Party ID header (default: "no")
|
|
|
+;rpid_immediate=no ; Send connected line updates on unanswered incoming calls immediately. (default: "no")
|
|
|
+;timers_min_se=90 ; Minimum session timers expiration period (default:
|
|
|
+ ; "90")
|
|
|
+;timers=yes ; Session timers for SIP packets (default: "yes")
|
|
|
+;timers_sess_expires=1800 ; Maximum session timer expiration period
|
|
|
+ ; (default: "1800")
|
|
|
+;transport= ; Explicit transport configuration to use (default: "")
|
|
|
+ ; This will force the endpoint to use the specified transport
|
|
|
+ ; configuration to send SIP messages. You need to already know
|
|
|
+ ; what kind of transport (UDP/TCP/IPv4/etc) the endpoint device
|
|
|
+ ; will use.
|
|
|
+
|
|
|
+;trust_id_inbound=no ; Accept identification information received from this
|
|
|
+ ; endpoint (default: "no")
|
|
|
+;trust_id_outbound=no ; Send private identification details to the endpoint
|
|
|
+ ; (default: "no")
|
|
|
+;type= ; Must be of type endpoint (default: "")
|
|
|
+;use_ptime=no ; Use Endpoint s requested packetisation interval (default:
|
|
|
+ ; "no")
|
|
|
+;use_avpf=no ; Determines whether res_pjsip will use and enforce usage of
|
|
|
+ ; AVPF for this endpoint (default: "no")
|
|
|
+;media_encryption=no ; Determines whether res_pjsip will use and enforce
|
|
|
+ ; usage of media encryption for this endpoint (default:
|
|
|
+ ; "no")
|
|
|
+;media_encryption_optimistic=no ; Use encryption if possible but don't fail the call
|
|
|
+ ; if not possible.
|
|
|
+;g726_non_standard=no ; When set to "yes" and an endpoint negotiates g.726
|
|
|
+ ; audio then g.726 for AAL2 packing order is used contrary
|
|
|
+ ; to what is recommended in RFC3551. Note, 'g726aal2' also
|
|
|
+ ; needs to be specified in the codec allow list
|
|
|
+ ; (default: "no")
|
|
|
+;inband_progress=no ; Determines whether chan_pjsip will indicate ringing
|
|
|
+ ; using inband progress (default: "no")
|
|
|
+;call_group= ; The numeric pickup groups for a channel (default: "")
|
|
|
+;pickup_group= ; The numeric pickup groups that a channel can pickup (default:
|
|
|
+ ; "")
|
|
|
+;named_call_group= ; The named pickup groups for a channel (default: "")
|
|
|
+;named_pickup_group= ; The named pickup groups that a channel can pickup
|
|
|
+ ; (default: "")
|
|
|
+;device_state_busy_at=0 ; The number of in use channels which will cause busy
|
|
|
+ ; to be returned as device state (default: "0")
|
|
|
+;t38_udptl=no ; Whether T 38 UDPTL support is enabled or not (default: "no")
|
|
|
+;t38_udptl_ec=none ; T 38 UDPTL error correction method (default: "none")
|
|
|
+;t38_udptl_maxdatagram=0 ; T 38 UDPTL maximum datagram size (default:
|
|
|
+ ; "0")
|
|
|
+;fax_detect=no ; Whether CNG tone detection is enabled (default: "no")
|
|
|
+;fax_detect_timeout=30 ; How many seconds into a call before fax_detect is
|
|
|
+ ; disabled for the call.
|
|
|
+ ; Zero disables the timeout.
|
|
|
+ ; (default: "0")
|
|
|
+;t38_udptl_nat=no ; Whether NAT support is enabled on UDPTL sessions
|
|
|
+ ; (default: "no")
|
|
|
+;tone_zone= ; Set which country s indications to use for channels created
|
|
|
+ ; for this endpoint (default: "")
|
|
|
+;language= ; Set the default language to use for channels created for this
|
|
|
+ ; endpoint (default: "")
|
|
|
+;one_touch_recording=no ; Determines whether one touch recording is allowed for
|
|
|
+ ; this endpoint (default: "no")
|
|
|
+;record_on_feature=automixmon ; The feature to enact when one touch recording
|
|
|
+ ; is turned on (default: "automixmon")
|
|
|
+;record_off_feature=automixmon ; The feature to enact when one touch recording
|
|
|
+ ; is turned off (default: "automixmon")
|
|
|
+;rtp_engine=asterisk ; Name of the RTP engine to use for channels created
|
|
|
+ ; for this endpoint (default: "asterisk")
|
|
|
+;allow_transfer=yes ; Determines whether SIP REFER transfers are allowed
|
|
|
+ ; for this endpoint (default: "yes")
|
|
|
+;sdp_owner=- ; String placed as the username portion of an SDP origin o line
|
|
|
+ ; (default: "-")
|
|
|
+;sdp_session=Asterisk ; String used for the SDP session s line (default:
|
|
|
+ ; "Asterisk")
|
|
|
+;tos_audio=0 ; DSCP TOS bits for audio streams (default: "0")
|
|
|
+;tos_video=0 ; DSCP TOS bits for video streams (default: "0")
|
|
|
+;cos_audio=0 ; Priority for audio streams (default: "0")
|
|
|
+;cos_video=0 ; Priority for video streams (default: "0")
|
|
|
+;allow_subscribe=yes ; Determines if endpoint is allowed to initiate
|
|
|
+ ; subscriptions with Asterisk (default: "yes")
|
|
|
+;sub_min_expiry=0 ; The minimum allowed expiry time for subscriptions
|
|
|
+ ; initiated by the endpoint (default: "0")
|
|
|
+;from_user= ; Username to use in From header for requests to this endpoint
|
|
|
+ ; (default: "")
|
|
|
+;mwi_from_user= ; Username to use in From header for unsolicited MWI NOTIFYs to
|
|
|
+ ; this endpoint (default: "")
|
|
|
+;from_domain= ; Domain to user in From header for requests to this endpoint
|
|
|
+ ; (default: "")
|
|
|
+;dtls_verify=no ; Verify that the provided peer certificate is valid (default:
|
|
|
+ ; "no")
|
|
|
+;dtls_rekey=0 ; Interval at which to renegotiate the TLS session and rekey
|
|
|
+ ; the SRTP session (default: "0")
|
|
|
+;dtls_auto_generate_cert= ; Enable ephemeral DTLS certificate generation (default:
|
|
|
+ ; "no")
|
|
|
+;dtls_cert_file= ; Path to certificate file to present to peer (default:
|
|
|
+ ; "")
|
|
|
+;dtls_private_key= ; Path to private key for certificate file (default:
|
|
|
+ ; "")
|
|
|
+;dtls_cipher= ; Cipher to use for DTLS negotiation (default: "")
|
|
|
+;dtls_ca_file= ; Path to certificate authority certificate (default: "")
|
|
|
+;dtls_ca_path= ; Path to a directory containing certificate authority
|
|
|
+ ; certificates (default: "")
|
|
|
+;dtls_setup= ; Whether we are willing to accept connections connect to the
|
|
|
+ ; other party or both (default: "")
|
|
|
+;dtls_fingerprint= ; Hash to use for the fingerprint placed into SDP
|
|
|
+ ; (default: "SHA-256")
|
|
|
+;srtp_tag_32=no ; Determines whether 32 byte tags should be used instead of 80
|
|
|
+ ; byte tags (default: "no")
|
|
|
+;set_var= ; Variable set on a channel involving the endpoint. For multiple
|
|
|
+ ; channel variables specify multiple 'set_var'(s)
|
|
|
+;rtp_keepalive= ; Interval, in seconds, between comfort noise RTP packets if
|
|
|
+ ; RTP is not flowing. This setting is useful for ensuring that
|
|
|
+ ; holes in NATs and firewalls are kept open throughout a call.
|
|
|
+;rtp_timeout= ; Hang up channel if RTP is not received for the specified
|
|
|
+ ; number of seconds when the channel is off hold (default:
|
|
|
+ ; "0" or not enabled)
|
|
|
+;rtp_timeout_hold= ; Hang up channel if RTP is not received for the specified
|
|
|
+ ; number of seconds when the channel is on hold (default:
|
|
|
+ ; "0" or not enabled)
|
|
|
+;contact_user= ; On outgoing requests, force the user portion of the Contact
|
|
|
+ ; header to this value (default: "")
|
|
|
+;preferred_codec_only=yes ; Respond to a SIP invite with the single most preferred codec
|
|
|
+ ; rather than advertising all joint codec capabilities. This
|
|
|
+ ; limits the other side's codec choice to exactly what we prefer.
|
|
|
+ ; default is no.
|
|
|
+;asymmetric_rtp_codec= ; Allow the sending and receiving codec to differ and
|
|
|
+ ; not be automatically matched (default: "no")
|
|
|
+;refer_blind_progress= ; Whether to notifies all the progress details on blind
|
|
|
+ ; transfer (default: "yes"). The value "no" is useful
|
|
|
+ ; for some SIP phones (Mitel/Aastra, Snom) which expect
|
|
|
+ ; a sip/frag "200 OK" after REFER has been accepted.
|
|
|
+;notify_early_inuse_ringing = ; Whether to notifies dialog-info 'early'
|
|
|
+ ; on INUSE && RINGING state (default: "no").
|
|
|
+ ; The value "yes" is useful for some SIP phones
|
|
|
+ ; (Cisco SPA) to be able to indicate and pick up
|
|
|
+ ; ringing devices.
|
|
|
+;max_audio_streams= ; The maximum number of allowed negotiated audio streams
|
|
|
+ ; (default: 1)
|
|
|
+;max_video_streams= ; The maximum number of allowed negotiated video streams
|
|
|
+ ; (default: 1)
|
|
|
+;webrtc= ; When set to "yes" this also enables the following values that are needed
|
|
|
+ ; for webrtc: rtcp_mux, use_avpf, ice_support, and use_received_transport.
|
|
|
+ ; The following configuration settings also get defaulted as follows:
|
|
|
+ ; media_encryption=dtls
|
|
|
+ ; dtls_verify=fingerprint
|
|
|
+ ; dtls_setup=actpass
|
|
|
+ ; A dtls_cert_file and a dtls_ca_file still need to be specified.
|
|
|
+ ; Default for this option is "no"
|
|
|
+;incoming_mwi_mailbox = ; Mailbox name to use when incoming MWI NOTIFYs are
|
|
|
+ ; received.
|
|
|
+ ; If an MWI NOTIFY is received FROM this endpoint,
|
|
|
+ ; this mailbox will be used when notifying other modules
|
|
|
+ ; of MWI status changes. If not set, incoming MWI
|
|
|
+ ; NOTIFYs are ignored.
|
|
|
+;follow_early_media_fork = ; On outgoing calls, if the UAS responds with
|
|
|
+ ; different SDP attributes on subsequent 18X or 2XX
|
|
|
+ ; responses (such as a port update) AND the To tag
|
|
|
+ ; on the subsequent response is different than that
|
|
|
+ ; on the previous one, follow it. This usually
|
|
|
+ ; happens when the INVITE is forked to multiple UASs
|
|
|
+ ; and more than 1 sends an SDP answer.
|
|
|
+ ; This option must also be enabled in the system
|
|
|
+ ; section.
|
|
|
+ ; (default: yes)
|
|
|
+;accept_multiple_sdp_answers =
|
|
|
+ ; On outgoing calls, if the UAS responds with
|
|
|
+ ; different SDP attributes on non-100rel 18X or 2XX
|
|
|
+ ; responses (such as a port update) AND the To tag on
|
|
|
+ ; the subsequent response is the same as that on the
|
|
|
+ ; previous one, process it. This can happen when the
|
|
|
+ ; UAS needs to change ports for some reason such as
|
|
|
+ ; using a separate port for custom ringback.
|
|
|
+ ; This option must also be enabled in the system
|
|
|
+ ; section.
|
|
|
+ ; (default: no)
|
|
|
+;suppress_q850_reason_headers =
|
|
|
+ ; Suppress Q.850 Reason headers for this endpoint.
|
|
|
+ ; Some devices can't accept multiple Reason headers
|
|
|
+ ; and get confused when both 'SIP' and 'Q.850' Reason
|
|
|
+ ; headers are received. This option allows the
|
|
|
+ ; 'Q.850' Reason header to be suppressed.
|
|
|
+ ; (default: no)
|
|
|
+;ignore_183_without_sdp =
|
|
|
+ ; Do not forward 183 when it doesn't contain SDP.
|
|
|
+ ; Certain SS7 internetworking scenarios can result in
|
|
|
+ ; a 183 to be generated for reasons other than early
|
|
|
+ ; media. Forwarding this 183 can cause loss of
|
|
|
+ ; ringback tone. This flag emulates the behavior of
|
|
|
+ ; chan_sip and prevents these 183 responses from
|
|
|
+ ; being forwarded.
|
|
|
+ ; (default: no)
|
|
|
+;stir_shaken =
|
|
|
+ ; If this is enabled, STIR/SHAKEN operations will be
|
|
|
+ ; performed on this endpoint. This includes inbound
|
|
|
+ ; and outbound INVITEs. On an inbound INVITE, Asterisk
|
|
|
+ ; will check for an Identity header and attempt to
|
|
|
+ ; verify the call. On an outbound INVITE, Asterisk will
|
|
|
+ ; add an Identity header that others can use to verify
|
|
|
+ ; calls from this endpoint. Additional configuration is
|
|
|
+ ; done in stir_shaken.conf.
|
|
|
+ ; The STIR_SHAKEN dialplan function must be used to get
|
|
|
+ ; the verification results on inbound INVITEs. Nothing
|
|
|
+ ; happens to the call if verification fails; it's up to
|
|
|
+ ; you to determine what to do with the results.
|
|
|
+ ; (default: no)
|
|
|
+
|
|
|
+;==========================AUTH SECTION OPTIONS=========================
|
|
|
+;[auth]
|
|
|
+; SYNOPSIS: Authentication type
|
|
|
+;
|
|
|
+; Note: Using the same auth section for inbound and outbound
|
|
|
+; authentication is not recommended. There is a difference in
|
|
|
+; meaning for an empty realm setting between inbound and outbound
|
|
|
+; authentication uses. Look to the CLI config help
|
|
|
+; "config show help res_pjsip auth realm" or on the wiki for the
|
|
|
+; difference.
|
|
|
+;
|
|
|
+;auth_type=userpass ; Authentication type (default: "userpass")
|
|
|
+;nonce_lifetime=32 ; Lifetime of a nonce associated with this
|
|
|
+ ; authentication config (default: "32")
|
|
|
+;md5_cred= ; MD5 Hash used for authentication (default: "")
|
|
|
+;password= ; PlainText password used for authentication (default: "")
|
|
|
+;realm= ; SIP realm for endpoint (default: "")
|
|
|
+;type= ; Must be auth (default: "")
|
|
|
+;username= ; Username to use for account (default: "")
|
|
|
+
|
|
|
+
|
|
|
+;==========================DOMAIN_ALIAS SECTION OPTIONS=========================
|
|
|
+;[domain_alias]
|
|
|
+; SYNOPSIS: Domain Alias
|
|
|
+;type= ; Must be of type domain_alias (default: "")
|
|
|
+;domain= ; Domain to be aliased (default: "")
|
|
|
+
|
|
|
+
|
|
|
+;==========================TRANSPORT SECTION OPTIONS=========================
|
|
|
+;[transport]
|
|
|
+; SYNOPSIS: SIP Transport
|
|
|
+;
|
|
|
+;async_operations=1 ; Number of simultaneous Asynchronous Operations
|
|
|
+ ; (default: "1")
|
|
|
+;bind= ; IP Address and optional port to bind to for this transport (default:
|
|
|
+ ; "")
|
|
|
+; Note that for the Websocket transport the TLS configuration is configured
|
|
|
+; in http.conf and is applied for all HTTPS traffic.
|
|
|
+;ca_list_file= ; File containing a list of certificates to read TLS ONLY
|
|
|
+ ; (default: "")
|
|
|
+;ca_list_path= ; Path to directory containing certificates to read TLS ONLY.
|
|
|
+ ; PJProject version 2.4 or higher is required for this option to
|
|
|
+ ; be used.
|
|
|
+ ; (default: "")
|
|
|
+;cert_file= ; Certificate file for endpoint TLS ONLY
|
|
|
+ ; Will read .crt or .pem file but only uses cert,
|
|
|
+ ; a .key file must be specified via priv_key_file.
|
|
|
+ ; Since PJProject version 2.5: If the file name ends in _rsa,
|
|
|
+ ; for example "asterisk_rsa.pem", the files "asterisk_dsa.pem"
|
|
|
+ ; and/or "asterisk_ecc.pem" are loaded (certificate, inter-
|
|
|
+ ; mediates, private key), to support multiple algorithms for
|
|
|
+ ; server authentication (RSA, DSA, ECDSA). If the chains are
|
|
|
+ ; different, at least OpenSSL 1.0.2 is required.
|
|
|
+ ; (default: "")
|
|
|
+;cipher= ; Preferred cryptography cipher names TLS ONLY (default: "")
|
|
|
+;method= ; Method of SSL transport TLS ONLY (default: "")
|
|
|
+;priv_key_file= ; Private key file TLS ONLY (default: "")
|
|
|
+;verify_client= ; Require verification of client certificate TLS ONLY (default:
|
|
|
+ ; "")
|
|
|
+;verify_server= ; Require verification of server certificate TLS ONLY (default:
|
|
|
+ ; "")
|
|
|
+;require_client_cert= ; Require client certificate TLS ONLY (default: "")
|
|
|
+;domain= ; Domain the transport comes from (default: "")
|
|
|
+;external_media_address= ; External IP address to use in RTP handling
|
|
|
+ ; (default: "")
|
|
|
+;external_signaling_address= ; External address for SIP signalling (default:
|
|
|
+ ; "")
|
|
|
+;external_signaling_port=0 ; External port for SIP signalling (default:
|
|
|
+ ; "0")
|
|
|
+;local_net= ; Network to consider local used for NAT purposes (default: "")
|
|
|
+;password= ; Password required for transport (default: "")
|
|
|
+;protocol=udp ; Protocol to use for SIP traffic (default: "udp")
|
|
|
+;type= ; Must be of type transport (default: "")
|
|
|
+;tos=0 ; Enable TOS for the signalling sent over this transport (default: "0")
|
|
|
+;cos=0 ; Enable COS for the signalling sent over this transport (default: "0")
|
|
|
+;websocket_write_timeout=100 ; Default write timeout to set on websocket
|
|
|
+ ; transports. This value may need to be adjusted
|
|
|
+ ; for connections where Asterisk must write a
|
|
|
+ ; substantial amount of data and the receiving
|
|
|
+ ; clients are slow to process the received
|
|
|
+ ; information. Value is in milliseconds; default
|
|
|
+ ; is 100 ms.
|
|
|
+;allow_reload=no ; Although transports can now be reloaded, that may not be
|
|
|
+ ; desirable because of the slight possibility of dropped
|
|
|
+ ; calls. To make sure there are no unintentional drops, if
|
|
|
+ ; this option is set to 'no' (the default) changes to the
|
|
|
+ ; particular transport will be ignored. If set to 'yes',
|
|
|
+ ; changes (if any) will be applied.
|
|
|
+;symmetric_transport=no ; When a request from a dynamic contact comes in on a
|
|
|
+ ; transport with this option set to 'yes', the transport
|
|
|
+ ; name will be saved and used for subsequent outgoing
|
|
|
+ ; requests like OPTIONS, NOTIFY and INVITE. It's saved
|
|
|
+ ; as a contact uri parameter named 'x-ast-txp' and will
|
|
|
+ ; display with the contact uri in CLI, AMI, and ARI
|
|
|
+ ; output. On the outgoing request, if a transport
|
|
|
+ ; wasn't explicitly set on the endpoint AND the request
|
|
|
+ ; URI is not a hostname, the saved transport will be
|
|
|
+ ; used and the 'x-ast-txp' parameter stripped from the
|
|
|
+ ; outgoing packet.
|
|
|
+
|
|
|
+;==========================AOR SECTION OPTIONS=========================
|
|
|
+;[aor]
|
|
|
+; SYNOPSIS: The configuration for a location of an endpoint
|
|
|
+;contact= ; Permanent contacts assigned to AoR (default: "")
|
|
|
+;default_expiration=3600 ; Default expiration time in seconds for
|
|
|
+ ; contacts that are dynamically bound to an AoR
|
|
|
+ ; (default: "3600")
|
|
|
+;mailboxes= ; Allow subscriptions for the specified mailbox(es)
|
|
|
+ ; This option applies when an external entity subscribes to an AoR
|
|
|
+ ; for Message Waiting Indications. (default: "")
|
|
|
+;voicemail_extension= ; The voicemail extension to send in the NOTIFY Message-Account header
|
|
|
+ ; (default: global/default_voicemail_extension)
|
|
|
+;maximum_expiration=7200 ; Maximum time to keep an AoR (default: "7200")
|
|
|
+;max_contacts=0 ; Maximum number of contacts that can bind to an AoR (default:
|
|
|
+ ; "0")
|
|
|
+;minimum_expiration=60 ; Minimum keep alive time for an AoR (default: "60")
|
|
|
+;remove_existing=no ; Allow a registration to succeed by displacing any existing
|
|
|
+ ; contacts that now exceed the max_contacts count. Any
|
|
|
+ ; removed contacts are the next to expire. The behaviour is
|
|
|
+ ; beneficial when rewrite_contact is enabled and max_contacts
|
|
|
+ ; is greater than one. The removed contact is likely the old
|
|
|
+ ; contact created by rewrite_contact that the device is
|
|
|
+ ; refreshing.
|
|
|
+ ; (default: "no")
|
|
|
+;type= ; Must be of type aor (default: "")
|
|
|
+;qualify_frequency=0 ; Interval at which to qualify an AoR via OPTIONS requests.
|
|
|
+ ; (default: "0")
|
|
|
+;qualify_timeout=3.0 ; Qualify timeout in fractional seconds (default: "3.0")
|
|
|
+;authenticate_qualify=no ; Authenticates a qualify request if needed
|
|
|
+ ; (default: "no")
|
|
|
+;outbound_proxy= ; Proxy through which to send OPTIONS requests, a full SIP URI
|
|
|
+ ; must be provided (default: "")
|
|
|
+
|
|
|
+
|
|
|
+;==========================SYSTEM SECTION OPTIONS=========================
|
|
|
+[system]
|
|
|
+type=system
|
|
|
+; SYNOPSIS: Options that apply to the SIP stack as well as other system-wide settings
|
|
|
+;timer_t1=500 ; Set transaction timer T1 value milliseconds (default: "500")
|
|
|
+;timer_b=32000 ; Set transaction timer B value milliseconds (default: "32000")
|
|
|
+;compact_headers=no ; Use the short forms of common SIP header names
|
|
|
+ ; (default: "no")
|
|
|
+;threadpool_initial_size=0 ; Initial number of threads in the res_pjsip
|
|
|
+ ; threadpool (default: "0")
|
|
|
+;threadpool_auto_increment=5 ; The amount by which the number of threads is
|
|
|
+ ; incremented when necessary (default: "5")
|
|
|
+;threadpool_idle_timeout=60 ; Number of seconds before an idle thread
|
|
|
+ ; should be disposed of (default: "60")
|
|
|
+;threadpool_max_size=0 ; Maximum number of threads in the res_pjsip threadpool
|
|
|
+ ; A value of 0 indicates no maximum (default: "0")
|
|
|
+;disable_tcp_switch=yes ; Disable automatic switching from UDP to TCP transports
|
|
|
+ ; if outgoing request is too large.
|
|
|
+ ; See RFC 3261 section 18.1.1.
|
|
|
+ ; Disabling this option has been known to cause interoperability
|
|
|
+ ; issues, so disable at your own risk.
|
|
|
+ ; (default: "yes")
|
|
|
+;follow_early_media_fork = ; On outgoing calls, if the UAS responds with
|
|
|
+ ; different SDP attributes on subsequent 18X or 2XX
|
|
|
+ ; responses (such as a port update) AND the To tag
|
|
|
+ ; on the subsequent response is different than that
|
|
|
+ ; on the previous one, follow it. This usually
|
|
|
+ ; happens when the INVITE is forked to multiple UASs
|
|
|
+ ; and more than 1 sends an SDP answer.
|
|
|
+ ; This option must also be enabled on endpoints that
|
|
|
+ ; require this functionality.
|
|
|
+ ; (default: yes)
|
|
|
+;accept_multiple_sdp_answers =
|
|
|
+ ; On outgoing calls, if the UAS responds with
|
|
|
+ ; different SDP attributes on non-100rel 18X or 2XX
|
|
|
+ ; responses (such as a port update) AND the To tag on
|
|
|
+ ; the subsequent response is the same as that on the
|
|
|
+ ; previous one, process it. This can happen when the
|
|
|
+ ; UAS needs to change ports for some reason such as
|
|
|
+ ; using a separate port for custom ringback.
|
|
|
+ ; This option must also be enabled on endpoints that
|
|
|
+ ; require this functionality.
|
|
|
+ ; (default: no)
|
|
|
+;disable_rport=no ; Disable the use of "rport" in outgoing requests.
|
|
|
+;type= ; Must be of type system (default: "")
|
|
|
+
|
|
|
+;==========================GLOBAL SECTION OPTIONS=========================
|
|
|
+;[global]
|
|
|
+; SYNOPSIS: Options that apply globally to all SIP communications
|
|
|
+;max_forwards=70 ; Value used in Max Forwards header for SIP requests
|
|
|
+ ; (default: "70")
|
|
|
+;type= ; Must be of type global (default: "")
|
|
|
+;user_agent=Asterisk PBX ; Allows you to change the user agent string
|
|
|
+ ; The default user agent string also contains
|
|
|
+ ; the Asterisk version. If you don't want to
|
|
|
+ ; expose this, change the user_agent string.
|
|
|
+;default_outbound_endpoint=default_outbound_endpoint ; Endpoint to use when
|
|
|
+ ; sending an outbound
|
|
|
+ ; request to a URI
|
|
|
+ ; without a specified
|
|
|
+ ; endpoint (default: "d
|
|
|
+ ; efault_outbound_endpo
|
|
|
+ ; int")
|
|
|
+;debug=no ; Enable/Disable SIP debug logging. Valid options include yes|no
|
|
|
+ ; or a host address (default: "no")
|
|
|
+;keep_alive_interval=90 ; The interval (in seconds) at which to send (double CRLF)
|
|
|
+ ; keep-alives on all active connection-oriented transports;
|
|
|
+ ; for connection-less like UDP see qualify_frequency.
|
|
|
+ ; (default: "90")
|
|
|
+;contact_expiration_check_interval=30
|
|
|
+ ; The interval (in seconds) to check for expired contacts.
|
|
|
+;disable_multi_domain=no
|
|
|
+ ; Disable Multi Domain support.
|
|
|
+ ; If disabled it can improve realtime performace by reducing
|
|
|
+ ; number of database requsts
|
|
|
+ ; (default: "no")
|
|
|
+;endpoint_identifier_order=ip,username,anonymous
|
|
|
+ ; The order by which endpoint identifiers are given priority.
|
|
|
+ ; Currently, "ip", "header", "username", "auth_username" and "anonymous"
|
|
|
+ ; are valid identifiers as registered by the res_pjsip_endpoint_identifier_*
|
|
|
+ ; modules. Some modules like res_pjsip_endpoint_identifier_user register
|
|
|
+ ; more than one identifier. Use the CLI command "pjsip show identifiers"
|
|
|
+ ; to see the identifiers currently available.
|
|
|
+ ; (default: ip,username,anonymous)
|
|
|
+;max_initial_qualify_time=4 ; The maximum amount of time (in seconds) from
|
|
|
+ ; startup that qualifies should be attempted on all
|
|
|
+ ; contacts. If greater than the qualify_frequency
|
|
|
+ ; for an aor, qualify_frequency will be used instead.
|
|
|
+;regcontext=sipregistrations ; If regcontext is specified, Asterisk will dynamically
|
|
|
+ ; create and destroy a NoOp priority 1 extension for a
|
|
|
+ ; given endpoint who registers or unregisters with us.
|
|
|
+ ; The extension added is the name of the endpoint.
|
|
|
+;default_voicemail_extension=asterisk
|
|
|
+ ; The voicemail extension to send in the NOTIFY Message-Account header
|
|
|
+ ; if not set on endpoint or aor.
|
|
|
+ ; (default: "")
|
|
|
+;
|
|
|
+; The following unidentified_request options are only used when "auth_username"
|
|
|
+; matching is enabled in "endpoint_identifier_order".
|
|
|
+;
|
|
|
+;unidentified_request_count=5 ; The number of unidentified requests that can be
|
|
|
+ ; received from a single IP address in
|
|
|
+ ; unidentified_request_period seconds before a security
|
|
|
+ ; event is generated. (default: 5)
|
|
|
+;unidentified_request_period=5 ; See above. (default: 5 seconds)
|
|
|
+;unidentified_request_prune_interval=30
|
|
|
+ ; The interval at which unidentified requests
|
|
|
+ ; are check to see if they can be pruned. If they're
|
|
|
+ ; older than twice the unidentified_request_period,
|
|
|
+ ; they're pruned.
|
|
|
+;
|
|
|
+;default_from_user=asterisk ; When Asterisk generates an outgoing SIP request, the
|
|
|
+ ; From header username will be set to this value if
|
|
|
+ ; there is no better option (such as CallerID or
|
|
|
+ ; endpoint/from_user) to be used
|
|
|
+;default_realm=asterisk ; When Asterisk generates a challenge, the digest realm
|
|
|
+ ; will be set to this value if there is no better option
|
|
|
+ ; (such as auth/realm) to be used.
|
|
|
+
|
|
|
+ ; Asterisk Task Processor Queue Size
|
|
|
+ ; On heavy loaded system with DB storage you may need to increase
|
|
|
+ ; taskprocessor queue.
|
|
|
+ ; If the taskprocessor queue size reached high water level,
|
|
|
+ ; the alert is triggered.
|
|
|
+ ; If the alert is set the pjsip distibutor stops processing incoming
|
|
|
+ ; requests until the alert is cleared.
|
|
|
+ ; The alert is cleared when taskprocessor queue size drops to the
|
|
|
+ ; low water clear level.
|
|
|
+ ; The next options set taskprocessor queue levels for MWI.
|
|
|
+;mwi_tps_queue_high=500 ; Taskprocessor high water alert trigger level.
|
|
|
+;mwi_tps_queue_low=450 ; Taskprocessor low water clear alert level.
|
|
|
+ ; The default is -1 for 90% of high water level.
|
|
|
+
|
|
|
+ ; Unsolicited MWI
|
|
|
+ ; If there are endpoints configured with unsolicited MWI
|
|
|
+ ; then res_pjsip_mwi module tries to send MWI to all endpoints on startup.
|
|
|
+;mwi_disable_initial_unsolicited=no ; Disable sending unsolicited mwi to all endpoints on startup.
|
|
|
+ ; If disabled then unsolicited mwi will start processing
|
|
|
+ ; on the endpoint's next contact update.
|
|
|
+
|
|
|
+;ignore_uri_user_options=no ; Enable/Disable ignoring SIP URI user field options.
|
|
|
+ ; If you have this option enabled and there are semicolons
|
|
|
+ ; in the user field of a SIP URI then the field is truncated
|
|
|
+ ; at the first semicolon. This effectively makes the semicolon
|
|
|
+ ; a non-usable character for PJSIP endpoint names, extensions,
|
|
|
+ ; and AORs. This can be useful for improving compatability with
|
|
|
+ ; an ITSP that likes to use user options for whatever reason.
|
|
|
+ ; Example:
|
|
|
+ ; URI: "sip:1235557890;phone-context=national@x.x.x.x;user=phone"
|
|
|
+ ; The user field is "1235557890;phone-context=national"
|
|
|
+ ; Which becomes this: "1235557890"
|
|
|
+ ;
|
|
|
+ ; Note: The caller-id and redirecting number strings obtained
|
|
|
+ ; from incoming SIP URI user fields are always truncated at the
|
|
|
+ ; first semicolon.
|
|
|
+
|
|
|
+;send_contact_status_on_update_registration=no ; Enable sending AMI ContactStatus
|
|
|
+ ; event when a device refreshes its registration
|
|
|
+ ; (default: "no")
|
|
|
+
|
|
|
+;taskprocessor_overload_trigger=global
|
|
|
+ ; Set the trigger the distributor will use to detect
|
|
|
+ ; taskprocessor overloads. When triggered, the distributor
|
|
|
+ ; will not accept any new requests until the overload has
|
|
|
+ ; cleared.
|
|
|
+ ; "global": (default) Any taskprocessor overload will trigger.
|
|
|
+ ; "pjsip_only": Only pjsip taskprocessor overloads will trigger.
|
|
|
+ ; "none": No overload detection will be performed.
|
|
|
+ ; WARNING: The "none" and "pjsip_only" options should be used
|
|
|
+ ; with extreme caution and only to mitigate specific issues.
|
|
|
+ ; Under certain conditions they could make things worse.
|
|
|
+
|
|
|
+;norefersub=yes ; Enable sending norefersub option tag in Supported header to advertise
|
|
|
+ ; that the User Agent is capable of accepting a REFER request with
|
|
|
+ ; creating an implicit subscription (see RFC 4488).
|
|
|
+ ; (default: "yes")
|
|
|
+
|
|
|
+; MODULE PROVIDING BELOW SECTION(S): res_pjsip_acl
|
|
|
+;==========================ACL SECTION OPTIONS=========================
|
|
|
+;[acl]
|
|
|
+; SYNOPSIS: Access Control List
|
|
|
+;acl= ; List of IP ACL section names in acl conf (default: "")
|
|
|
+;contact_acl= ; List of Contact ACL section names in acl conf (default: "")
|
|
|
+;contact_deny= ; List of Contact header addresses to deny (default: "")
|
|
|
+;contact_permit= ; List of Contact header addresses to permit (default:
|
|
|
+ ; "")
|
|
|
+;deny= ; List of IP addresses to deny access from (default: "")
|
|
|
+;permit= ; List of IP addresses to permit access from (default: "")
|
|
|
+;type= ; Must be of type acl (default: "")
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+; MODULE PROVIDING BELOW SECTION(S): res_pjsip_outbound_registration
|
|
|
+;==========================REGISTRATION SECTION OPTIONS=========================
|
|
|
+;[registration]
|
|
|
+; SYNOPSIS: The configuration for outbound registration
|
|
|
+;auth_rejection_permanent=yes ; Determines whether failed authentication
|
|
|
+ ; challenges are treated as permanent failures
|
|
|
+ ; (default: "yes")
|
|
|
+;client_uri= ; Client SIP URI used when attemping outbound registration
|
|
|
+ ; (default: "")
|
|
|
+;contact_user= ; Contact User to use in request (default: "")
|
|
|
+;expiration=3600 ; Expiration time for registrations in seconds
|
|
|
+ ; (default: "3600")
|
|
|
+;max_retries=10 ; Maximum number of registration attempts (default: "10")
|
|
|
+;outbound_auth= ; Authentication object to be used for outbound registrations
|
|
|
+ ; (default: "")
|
|
|
+;outbound_proxy= ; Proxy through which to send registrations, a full SIP URI
|
|
|
+ ; must be provided (default: "")
|
|
|
+;retry_interval=60 ; Interval in seconds between retries if outbound
|
|
|
+ ; registration is unsuccessful (default: "60")
|
|
|
+;forbidden_retry_interval=0 ; Interval used when receiving a 403 Forbidden
|
|
|
+ ; response (default: "0")
|
|
|
+;fatal_retry_interval=0 ; Interval used when receiving a fatal response.
|
|
|
+ ; (default: "0") A fatal response is any permanent
|
|
|
+ ; failure (non-temporary 4xx, 5xx, 6xx) response
|
|
|
+ ; received from the registrar. NOTE - if also set
|
|
|
+ ; the 'forbidden_retry_interval' takes precedence
|
|
|
+ ; over this one when a 403 is received. Also, if
|
|
|
+ ; 'auth_rejection_permanent' equals 'yes' a 401 and
|
|
|
+ ; 407 become subject to this retry interval.
|
|
|
+;server_uri= ; SIP URI of the server to register against (default: "")
|
|
|
+;transport= ; Transport used for outbound authentication (default: "")
|
|
|
+;line= ; When enabled this option will cause a 'line' parameter to be
|
|
|
+ ; added to the Contact header placed into the outgoing
|
|
|
+ ; registration request. If the remote server sends a call
|
|
|
+ ; this line parameter will be used to establish a relationship
|
|
|
+ ; to the outbound registration, ultimately causing the
|
|
|
+ ; configured endpoint to be used (default: "no")
|
|
|
+;endpoint= ; When line support is enabled this configured endpoint name
|
|
|
+ ; is used for incoming calls that are related to the outbound
|
|
|
+ ; registration (default: "")
|
|
|
+;type= ; Must be of type registration (default: "")
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+; MODULE PROVIDING BELOW SECTION(S): res_pjsip_endpoint_identifier_ip
|
|
|
+;==========================IDENTIFY SECTION OPTIONS=========================
|
|
|
+;[identify]
|
|
|
+; SYNOPSIS: Identifies endpoints via some criteria.
|
|
|
+;
|
|
|
+; NOTE: If multiple matching criteria are provided then an inbound request will
|
|
|
+; be matched to the endpoint if it matches ANY of the criteria.
|
|
|
+;endpoint= ; Name of endpoint identified (default: "")
|
|
|
+;srv_lookups=yes ; Perform SRV lookups for provided hostnames. (default: yes)
|
|
|
+;match= ; Comma separated list of IP addresses, networks, or hostnames to match
|
|
|
+ ; against (default: "")
|
|
|
+;match_header= ; SIP header with specified value to match against (default: "")
|
|
|
+;type= ; Must be of type identify (default: "")
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+;========================PHONEPROV_USER SECTION OPTIONS=======================
|
|
|
+;[phoneprov]
|
|
|
+; SYNOPSIS: Contains variables for autoprovisioning each user
|
|
|
+;endpoint= ; The endpoint from which to gather username, secret, etc. (default: "")
|
|
|
+;PROFILE= ; The name of a profile configured in phoneprov.conf (default: "")
|
|
|
+;MAC= ; The mac address for this user (default: "")
|
|
|
+;OTHERVAR= ; Any other name value pair to be used in templates (default: "")
|
|
|
+ ; Common variables include LINE, LINEKEYS, etc.
|
|
|
+ ; See phoneprov.conf.sample for others.
|
|
|
+;type= ; Must be of type phoneprov (default: "")
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+; MODULE PROVIDING BELOW SECTION(S): res_pjsip_outbound_publish
|
|
|
+;======================OUTBOUND_PUBLISH SECTION OPTIONS=====================
|
|
|
+; See https://wiki.asterisk.org/wiki/display/AST/Publishing+Extension+State
|
|
|
+; for more information.
|
|
|
+;[outbound-publish]
|
|
|
+;type=outbound-publish ; Must be of type 'outbound-publish'.
|
|
|
+
|
|
|
+;expiration=3600 ; Expiration time for publications in seconds
|
|
|
+
|
|
|
+;outbound_auth= ; Authentication object(s) to be used for outbound
|
|
|
+ ; publishes.
|
|
|
+ ; This is a comma-delimited list of auth sections
|
|
|
+ ; defined in pjsip.conf used to respond to outbound
|
|
|
+ ; authentication challenges.
|
|
|
+ ; Using the same auth section for inbound and
|
|
|
+ ; outbound authentication is not recommended. There
|
|
|
+ ; is a difference in meaning for an empty realm
|
|
|
+ ; setting between inbound and outbound authentication
|
|
|
+ ; uses. See the auth realm description for details.
|
|
|
+
|
|
|
+;outbound_proxy= ; SIP URI of the outbound proxy used to send
|
|
|
+ ; publishes
|
|
|
+
|
|
|
+;server_uri= ; SIP URI of the server and entity to publish to.
|
|
|
+ ; This is the URI at which to find the entity and
|
|
|
+ ; server to send the outbound PUBLISH to.
|
|
|
+ ; This URI is used as the request URI of the outbound
|
|
|
+ ; PUBLISH request from Asterisk.
|
|
|
+
|
|
|
+;from_uri= ; SIP URI to use in the From header.
|
|
|
+ ; This is the URI that will be placed into the From
|
|
|
+ ; header of outgoing PUBLISH messages. If no URI is
|
|
|
+ ; specified then the URI provided in server_uri will
|
|
|
+ ; be used.
|
|
|
+
|
|
|
+;to_uri= ; SIP URI to use in the To header.
|
|
|
+ ; This is the URI that will be placed into the To
|
|
|
+ ; header of outgoing PUBLISH messages. If no URI is
|
|
|
+ ; specified then the URI provided in server_uri will
|
|
|
+ ; be used.
|
|
|
+
|
|
|
+;event= ; Event type of the PUBLISH.
|
|
|
+
|
|
|
+;max_auth_attempts= ; Maximum number of authentication attempts before
|
|
|
+ ; stopping the pub.
|
|
|
+
|
|
|
+;transport= ; Transport used for outbound publish.
|
|
|
+ ; A transport configured in pjsip.conf. As with other
|
|
|
+ ; res_pjsip modules, this will use the first
|
|
|
+ ; available transport of the appropriate type if
|
|
|
+ ; unconfigured.
|
|
|
+
|
|
|
+;multi_user=no ; Enable multi-user support (Asterisk 14+ only)
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+; MODULE PROVIDING BELOW SECTION(S): res_pjsip_pubsub
|
|
|
+;=============================RESOURCE-LIST===================================
|
|
|
+; See https://wiki.asterisk.org/wiki/pages/viewpage.action?pageId=30278158
|
|
|
+; for more information.
|
|
|
+;[resource_list]
|
|
|
+;type=resource_list ; Must be of type 'resource_list'.
|
|
|
+
|
|
|
+;event= ; The SIP event package that the list resource.
|
|
|
+ ; belongs to. The SIP event package describes the
|
|
|
+ ; types of resources that Asterisk reports the state
|
|
|
+ ; of.
|
|
|
+
|
|
|
+;list_item= ; The name of a resource to report state on.
|
|
|
+ ; In general Asterisk looks up list items in the
|
|
|
+ ; following way:
|
|
|
+ ; 1. Check if the list item refers to another
|
|
|
+ ; configured resource list.
|
|
|
+ ; 2. Pass the name of the resource off to
|
|
|
+ ; event-package-specific handlers to find the
|
|
|
+ ; specified resource.
|
|
|
+ ; The second part means that the way the list item
|
|
|
+ ; is specified depends on what type of list this is.
|
|
|
+ ; For instance, if you have the event set to
|
|
|
+ ; presence, then list items should be in the form of
|
|
|
+ ; dialplan_extension@dialplan_context. For
|
|
|
+ ; message-summary, mailbox names should be listed.
|
|
|
+
|
|
|
+;full_state=no ; Indicates if the entire list's state should be
|
|
|
+ ; sent out.
|
|
|
+ ; If this option is enabled, and a resource changes
|
|
|
+ ; state, then Asterisk will construct a notification
|
|
|
+ ; that contains the state of all resources in the
|
|
|
+ ; list. If the option is disabled, Asterisk will
|
|
|
+ ; construct a notification that only contains the
|
|
|
+ ; states of resources that have changed.
|
|
|
+ ; NOTE: Even with this option disabled, there are
|
|
|
+ ; certain situations where Asterisk is forced to send
|
|
|
+ ; a notification with the states of all resources in
|
|
|
+ ; the list. When a subscriber renews or terminates
|
|
|
+ ; its subscription to the list, Asterisk MUST send
|
|
|
+ ; a full state notification.
|
|
|
+
|
|
|
+;notification_batch_interval=0
|
|
|
+ ; Time Asterisk should wait, in milliseconds,
|
|
|
+ ; before sending notifications.
|
|
|
+
|
|
|
+;==========================INBOUND_PUBLICATION================================
|
|
|
+; See https://wiki.asterisk.org/wiki/display/AST/Exchanging+Device+and+Mailbox+State+Using+PJSIP
|
|
|
+; for more information.
|
|
|
+;[inbound-publication]
|
|
|
+;type= ; Must be of type 'inbound-publication'.
|
|
|
+
|
|
|
+;endpoint= ; Optional name of an endpoint that is only allowed
|
|
|
+ ; to publish to this resource.
|
|
|
+
|
|
|
+
|
|
|
+; MODULE PROVIDING BELOW SECTION(S): res_pjsip_publish_asterisk
|
|
|
+;==========================ASTERISK_PUBLICATION===============================
|
|
|
+; See https://wiki.asterisk.org/wiki/display/AST/Exchanging+Device+and+Mailbox+State+Using+PJSIP
|
|
|
+; for more information.
|
|
|
+;[asterisk-publication]
|
|
|
+;type=asterisk-publication ; Must be of type 'asterisk-publication'.
|
|
|
+
|
|
|
+;devicestate_publish= ; Optional name of a publish item that can be used
|
|
|
+ ; to publish a req.
|
|
|
+
|
|
|
+;mailboxstate_publish= ; Optional name of a publish item that can be used
|
|
|
+ ; to publish a req.
|
|
|
+
|
|
|
+;device_state=no ; Whether we should permit incoming device state
|
|
|
+ ; events.
|
|
|
+
|
|
|
+;device_state_filter= ; Optional regular expression used to filter what
|
|
|
+ ; devices we accept events for.
|
|
|
+
|
|
|
+;mailbox_state=no ; Whether we should permit incoming mailbox state
|
|
|
+ ; events.
|
|
|
+
|
|
|
+;mailbox_state_filter= ; Optional regular expression used to filter what
|
|
|
+ ; mailboxes we accept events for.
|
|
|
+
|
|
|
+[transport-udp]
|
|
|
+type=transport
|
|
|
+protocol=udp
|
|
|
+bind=0.0.0.0
|
|
|
+
|
|
|
+
|
|
|
+; questa acl si applica a tutto
|
|
|
+[acl]
|
|
|
+type=acl
|
|
|
+deny=0.0.0.0/0.0.0.0
|
|
|
+permit=192.168.1.0/255.255.255.0
|
|
|
+
|
|
|
+[removeme]
|
|
|
+type=endpoint
|
|
|
+deny=0.0.0.0/0.0.0.0
|
|
|
+permit=192.168.1.0/255.255.255.0
|
|
|
+transport=transport-udp
|
|
|
+language=it
|
|
|
+aors=removeme
|
|
|
+auth=removeme
|
|
|
+
|
|
|
+[removeme]
|
|
|
+type=aors
|
|
|
+[removeme]
|
|
|
+type=auth
|
|
|
+username=removeme
|
|
|
+password=removeme
|
|
|
+
|
|
|
+[lan](!)
|
|
|
+type=endpoint
|
|
|
+deny=0.0.0.0/0.0.0.0
|
|
|
+permit=192.168.1.0/255.255.255.0
|
|
|
+transport=transport-udp
|
|
|
+language=it
|
|
|
+disallow=all
|
|
|
+; allow=ilbc
|
|
|
+; allow=g729
|
|
|
+; allow=gsm
|
|
|
+; allow=g723
|
|
|
+; allow=silk
|
|
|
+; allow=silk16
|
|
|
+; allow=silk24
|
|
|
+allow=ulaw
|
|
|
+allow=speex16
|
|
|
+; allow=speex32
|
|
|
+
|
|
|
+[interno](!,lan)
|
|
|
+context=from-interni
|
|
|
+
|
|
|
+[ext](!,lan)
|
|
|
+context=from-ext
|
|
|
+
|
|
|
+
|
|
|
+[baseauth](!)
|
|
|
+type=auth
|
|
|
+auth_type=userpass
|
|
|
+
|
|
|
+[baseaor](!)
|
|
|
+type=aor
|
|
|
+max_contacts=1
|
|
|
+
|
|
|
+[400](interno)
|
|
|
+context=from-mixer
|
|
|
+aors = 400
|
|
|
+auth = 400
|
|
|
+
|
|
|
+[400](baseaor)
|
|
|
+
|
|
|
+[400](baseauth)
|
|
|
+username=400
|
|
|
+password=mixerone
|
|
|
+
|
|
|
+[401](interno)
|
|
|
+context=from-regia
|
|
|
+aors = 401
|
|
|
+auth=401
|
|
|
+
|
|
|
+[401](baseaor)
|
|
|
+[401](baseauth)
|
|
|
+username=401
|
|
|
+password=pass401
|
|
|
+
|
|
|
+
|
|
|
+[402](ext)
|
|
|
+; XXX: togli questo commento e fallo tornare un (interno)
|
|
|
+; context=from-regia
|
|
|
+aors = 402
|
|
|
+auth=402
|
|
|
+
|
|
|
+[402](baseaor)
|
|
|
+[402](baseauth)
|
|
|
+username=402
|
|
|
+password=pass402
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+[403](interno)
|
|
|
+aors = 403
|
|
|
+auth=403
|
|
|
+
|
|
|
+[403](baseaor)
|
|
|
+[403](baseauth)
|
|
|
+username=403
|
|
|
+password=pass403
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+[404](interno)
|
|
|
+aors = 404
|
|
|
+auth=404
|
|
|
+
|
|
|
+[404](baseaor)
|
|
|
+[404](baseauth)
|
|
|
+username=404
|
|
|
+password=pass404
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+[020202](ext)
|
|
|
+aors = 020202
|
|
|
+auth=020202
|
|
|
+
|
|
|
+[020202](baseaor)
|
|
|
+[020202](baseauth)
|
|
|
+username=020202
|
|
|
+password=pass020202
|
boyska