ruhnet
/
kazoo-configs-kamailio
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 183 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
56 Commits
23 Branches
2.0 MiB
 
 
Tree: 0901e4cce6
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '0901e4cce6'
${ noResults }
kazoo-configs-kamailio/opensips/opensips.cfg

704 lines
24 KiB
Raw Blame History

######################################################################
## Core Parameters
######################################################################
# chroot=
# group="opensips"
# user="opensips"
# dbversion_table=
disable_core_dump=no
max_while_loops=100
maxbuffer=262144
memdump=3
memlog=2
# open_files_limit=2048
server_signature=no
server_header="Server: 2600hz"
user_agent_header="User-Agent: 2600hz"
######################################################################
## Core Fork Parameters
######################################################################
fork=yes
children=8
tcp_children=8
######################################################################
## Core Logging Parameters
######################################################################
debug=3
sip_warning=0
log_stderror=no
log_facility=LOG_LOCAL0
log_name="opensips"
######################################################################
## Aliases
######################################################################
auto_aliases=yes
alias=localhost
alias=localhost.localdomain
######################################################################
## Connectivity
######################################################################
listen=udp:eth0:5060
listen=udp:eth0:7000
listen=tcp:eth0:5060
listen=tcp:eth0:7000
# listen=udp:eth1:5060
tos=IPTOS_LOWDELAY
# advertised_address=174.129.131.38
# advertised_port=5060
mcast_loopback=no
mcast_ttl=1
mhomed=0
# tcp_accept_aliases
tcp_connect_timeout=3
tcp_connection_lifetime=120
tcp_max_connections=2048
# tcp_poll_method=select
######################################################################
## DNS
######################################################################
dns=no
dns_retr_time=1
dns_retr_no=3
# dns_servers_no=2
dns_try_ipv6=no
disable_dns_blacklist=yes
disable_dns_failover=no
dns_use_search_list=no
rev_dns=no
######################################################################
## SIP
######################################################################
check_via=0
#! disable_503_translation=no
disable_stateless_fwd=no
disable_tcp=no
# disable_tls=no
#! reply_to_via=1
######################################################################
## TLS
######################################################################
# disable_tls=no
# listen=tls:your_IP:5061
# tls_verify_server=1
# tls_verify_client=1
# tls_require_client_certificate=0
# tls_method=TLSv1
# tls_certificate="/usr/local/etc/opensips/tls/user/user-cert.pem"
# tls_private_key="/usr/local/etc/opensips/tls/user/user-privkey.pem"
# tls_ca_list="/usr/local/etc/opensips/tls/user/user-calist.pem"
######################################################################
## Destination Blacklist
######################################################################
# dst_blacklist=gw:{( tcp , 192.168.2.100 , 5060 , "" ),( any , 192.168.2.101 , 0 , "" )}
# dst_blacklist=net_filter2:{ !( any , 192.168.30.0/255.255.255.0 , 0 , "" )}
######################################################################
## Attribute Value Pairs
######################################################################
# avp_aliases="uuid=I:660;email=s:email_addr;fwd=i:753"
######################################################################
## Module Loading
######################################################################
mpath="/usr/lib64/opensips/modules/"
loadmodule "localcache.so"
loadmodule "signaling.so"
loadmodule "sl.so"
loadmodule "tm.so"
loadmodule "dialog.so"
loadmodule "maxfwd.so"
loadmodule "rr.so"
loadmodule "path.so"
loadmodule "uri.so"
loadmodule "textops.so"
loadmodule "usrloc.so"
loadmodule "nathelper.so"
loadmodule "nat_traversal.so"
loadmodule "dispatcher.so"
loadmodule "mi_fifo.so"
# loadmodule "mi_datagram.so"
# loadmodule "xlog.so"
######################################################################
## Localcache Module Parameters
######################################################################
modparam("localcache", "cache_table_size", 10)
modparam("localcache", "cache_clean_period", 120)
######################################################################
## Stateless UA Module Parameters
######################################################################
modparam("sl", "enable_stats", 1)
######################################################################
## SIP Transaction UA Module Parameters
######################################################################
modparam("tm", "fr_timer", 2)
modparam("tm", "fr_inv_timer", 120)
# modparam("tm", "wt_timer", 5)
# modparam("tm", "delete_timer", 2)
# modparam("tm", "T1_timer", 500)
# modparam("tm", "T2_timer", 4000)
# modparam("tm", "ruri_matching", 1)
# modparam("tm", "via1_matching", 1)
# modparam("tm", "unix_tx_timeout", 2)
# modparam("tm", "restart_fr_on_each_reply", 1)
modparam("tm", "fr_timer_avp", "$avp(s:final_reply_timer)")
# modparam("tm", "fr_inv_timer_avp", "$avp(s:final_reply_prov)")
# modparam("tm", "tw_append",
# "test: ua=$hdr(User-Agent) ;avp=$avp(i:10);$rb;time=$Ts")
modparam("tm", "pass_provisional_replies", 1)
# modparam("tm", "syn_branch", 1)
# modparam("tm", "onreply_avp_mode", 0)
# modparam("tm", "disable_6xx_block", 0)
# modparam("tm", "enable_stats", 1)
# modparam("tm", "minor_branch_flag", 3)
######################################################################
## Max Forward Module Parameters
######################################################################
modparam("maxfwd", "max_limit", 30)
######################################################################
## Record Route Module Parameters
######################################################################
modparam("rr", "enable_full_lr", 1)
modparam("rr", "append_fromtag", 1)
modparam("rr", "enable_double_rr", 0)
modparam("rr", "add_username", 0)
######################################################################
## Path Module Parameters
######################################################################
modparam("path", "use_received", 1)
######################################################################
## URI Module Parameters
######################################################################
# modparam("uri", "aaa_url", "radius:/etc/radiusclient-ng/radiusclient.conf")
modparam("uri", "use_sip_uri_host", 0)
modparam("uri", "use_uri_table", 0)
modparam("uri", "service_type", 10)
modparam("uri", "use_domain", 1)
modparam("uri", "use_uri_table", 0)
# modparam("uri", "db_url", "mysql://username:password@localhost/opensips")
# modparam("uri", "db_table", "uri")
# modparam("uri", "user_column", "username")
# modparam("uri", "domain_column", "domain")
# modparam("uri", "uriuser_column", "uri_user")
######################################################################
## User Location Module Parameters
######################################################################
modparam("usrloc", "nat_bflag", 6)
modparam("usrloc", "use_domain", 1)
modparam("usrloc", "desc_time_order", 0)
modparam("usrloc", "timer_interval", 60)
modparam("usrloc", "matching_mode", 0)
modparam("usrloc", "cseq_delay", 20)
modparam("usrloc", "hash_size", 9)
modparam("usrloc", "db_mode", 0)
# modparam("usrloc", "db_url", "dbdriver://username:password@dbhost/dbname")
modparam("usrloc", "fetch_rows", 2000)
modparam("usrloc", "user_column", "username")
modparam("usrloc", "domain_column", "domain")
modparam("usrloc", "contact_column", "contact")
modparam("usrloc", "expires_column", "expires")
modparam("usrloc", "q_column", "q")
modparam("usrloc", "callid_column", "callid")
modparam("usrloc", "cseq_column", "cseq")
modparam("usrloc", "methods_column", "methods")
modparam("usrloc", "flags_column", "flags")
modparam("usrloc", "cflags_column", "cflags")
modparam("usrloc", "user_agent_column", "user_agent")
modparam("usrloc", "received_column", "received")
modparam("usrloc", "socket_column", "socket")
modparam("usrloc", "path_column", "path")
######################################################################
## Nathelper Module Parameters
######################################################################
# modparam("nathelper", "rtpproxy_sock", "udp:127.0.0.1:7890")
# modparam("nathelper", "natping_interval", 30)
# modparam("nathelper", "ping_nated_only", 1)
# modparam("nathelper", "natping_processes", 3)
# modparam("nathelper", "sipping_bflag", 7)
# modparam("nathelper", "sipping_from", "sip:sipcheck@184.106.157.174")
# modparam("nathelper", "sipping_method", "INFO")
######################################################################
## NAT Traversal Module Parameters
######################################################################
modparam("nat_traversal", "keepalive_interval", 60)
modparam("nat_traversal", "keepalive_method", "OPTIONS")
modparam("nat_traversal", "keepalive_from", "sip:keepalive@ping.sip.2600hz.com")
modparam("nat_traversal", "keepalive_state_file", "/tmp/opensips_keepalive_state")
######################################################################
## Dispatcher Module Parameters
######################################################################
modparam("dispatcher", "list_file", "/etc/opensips/dispatcher.list")
modparam("dispatcher", "flags", 2)
modparam("dispatcher", "use_default", 0)
modparam("dispatcher", "force_dst", 1)
modparam("dispatcher", "dst_avp", "$avp(i:271)")
modparam("dispatcher", "attrs_avp", "$avp(i:272)")
modparam("dispatcher", "grp_avp", "$avp(i:273)")
modparam("dispatcher", "cnt_avp", "$avp(i:274)")
modparam("dispatcher", "hash_pvar", "$avp(i:273)")
# modparam("dispatcher", "setid_pvar", "$var(setid)")
modparam("dispatcher", "ds_ping_method", "OPTIONS")
modparam("dispatcher", "ds_ping_from", "sip:sipcheck@184.106.157.174:5060")
modparam("dispatcher", "ds_ping_interval", 10)
# modparam("dispatcher", "ds_ping_sock", "udp:10.80.25.168:5080")
modparam("dispatcher", "ds_probing_threshhold", 3)
modparam("dispatcher", "ds_probing_mode", 0)
modparam("dispatcher", "options_reply_codes", "501, 403, 404, 400")
######################################################################
## MI-FIFO Module Parameters
######################################################################
modparam("mi_fifo", "fifo_name", "/tmp/opensips_fifo")
######################################################################
## MI-Datagram Module Parameters
######################################################################
# modparam("mi_datagram", "socket_name", "udp:127.0.0.1:8889")
# modparam("mi_datagram", "children_count", 1)
# modparam("mi_datagram", "unix_socket_mode", 0600)
# modparam("mi_datagram", "unix_socket_group", "root")
# modparam("mi_datagram", "unix_socket_user", "root")
# modparam("mi_datagram", "socket_timeout", 2000)
# modparam("mi_datagram", "reply_indent", "\t")
######################################################################
## XLog Module Parameters
######################################################################
# modparam("xlog", "buf_size", 4096)
# modparam("xlog", "force_color", 0)
######################################################################
## Multiple Module Parameters
######################################################################
######################################################################
## Main Request Routing
######################################################################
route
{
# log the basic info regarding this call
xlog("L_INFO", "$ci|start|recieved $oP request $rm $ou");
xlog("L_INFO", "$ci|log|source $si:$sp");
xlog("L_INFO", "$ci|log|from $fu");
xlog("L_INFO", "$ci|log|to $tu");
# check that hop cound for this request and make sure it is under 10
# to prevent endless loops
if (!mf_process_maxfwd_header("10"))
{
xlog("L_WARN", "$ci|end|to many hops");
sl_send_reply("483", "We refuse to process this endless imbroglio");
exit;
}
# this check detemines if the opensips has routed the request to itself,
# this happens because the server is the destination of the request but
# we mangle it to send it else where. When that mangeling fails and we
# still relay it then it just comes right back to us...
if (src_ip==myself)
{
xlog("L_WARN", "$ci|end|sourced from this server");
exit;
}
# currently we dont support subscribe in whistle so to keep the noise down
# just end the request here. For options just end the request here as well.
if (is_method("OPTIONS|SUBSCRIBE"))
{
xlog("L_NOTICE", "$ci|end|unsupported method");
sl_send_reply("503", "Rawr!!");
exit;
}
# if the source IP/port are in one of the server dispatch lists
# then this request originated from one of our media servers, mark it
# as such by setting flag 26
if (ds_is_in_list("$si", "$sp", "1") || ds_is_in_list("$si", "$sp", "2"))
{
xlog("L_INFO", "$ci|log|inception on-net");
# Flag 26 marks the source as a on-net server
setflag(26);
}
# if the request source IP/port was not in any dispatcher lists
# this this originated outside our equipment (carrier, client, ect)
else
{
xlog("L_INFO", "$ci|log|inception off-net");
}
# if the to header has a tag attached then it implies this request
# has been processed by us before (IE: a media server has added
# its tag on the to header in prior messages)
if (has_totag())
{
# sequential request within a dialog should
# take the path determined by record-routing
if (loose_route())
{
append_hf("P-hint: rr-enforced\r\n");
# if the request is an ACK from our media servers with a IP in the from domain
# then bump the association
if ($(fd{ip.isip}) && isflagset(26) && is_method("ACK"))
{
xlog("L_INFO", "$ci|log|maintaining contact association to media server $fd");
cache_store("local", "$tU", "$fd", 3600);
}
xlog("L_INFO", "$ci|log|forwarding based on the route set");
route(1);
}
else if ( is_method("ACK") )
{
if ( t_check_trans() )
{
# non loose-route, but stateful ACK; must be an ACK after
# a 487 or e.g. 404 from upstream server
xlog("L_INFO", "$ci|log|in dialog request belongs to a known transaction");
route(1);
}
else
{
# ACK without matching transaction ->
# ignore and discard
xlog("L_NOTICE", "$ci|end|no matching transaction");
exit;
}
}
# request with a to tag that cant be routed loosly and is not an ACK
# ignor eand discard
xlog("L_WARN", "$ci|end|could not route in dialog");
sl_send_reply("486", "PC Load Letter");
exit;
}
# if the request is to cancel a transaction process it now
if (is_method("CANCEL"))
{
# If this cancel is part of a transaction
# then pass it along to concerned parties
if (t_check_trans())
{
xlog("L_INFO", "$ci|log|request belogs to a known transaction");
route(1);
}
# if the cancel does not belong to a known transaction or a
# request that has not progressed outside this server dont relay it
else
{
xlog("L_NOTICE", "$ci|end|no matching transaction");
}
exit;
}
# If this is a retransmission it will break/stop the script
# and do standard processing of the message
t_check_trans();
# Except for an ACK no request should have a route set with no to tag, this would
# indicate that the intial request has the Route headers and is likely someone trying
# to get us to send the request were they want
if (loose_route())
{
if (!is_method("ACK"))
{
xlog("L_WARN", "$ci|end|initial request contained a preloaded route set");
sl_send_reply("403", "Please leave the routing up to us");
exit;
}
}
# If the request is a register we will pass it along but we need
# to add the path header (along with the received IP/port info)
if (is_method("REGISTER"))
{
# if we fail to add the path header then dont let it
# register because it will cause issues later...
if (!add_path_received())
{
xlog("L_ERR", "$ci|end|unable to add path");
sl_send_reply("503", "Internal path befuddlement");
exit;
}
xlog("L_INFO", "$ci|log|added path");
}
# if the request is from on of our media servers then dont change the routing
if (isflagset(26))
{
xlog("L_INFO", "$ci|log|originated from internal source");
}
# if the request is not from our media severs but has a contact uri in localcache
# then change the routing to go to the server previously associated with it.
else if ($ct.fields(uri) && cache_fetch("local", "$(ct.fields(uri){uri.user})", $avp(i:55)))
{
$rd = $avp(i:55);
xlog("L_INFO", "$ci|log|contact $(ct.fields(uri){uri.user}) is associated with media server $rd");
}
# if the request is not from our media severs but has a call-id in localcache
# then change the routing to go to the server previously associated with it.
else if (cache_fetch("local", "$ci", $avp(i:55)))
{
$rd = $avp(i:55);
xlog("L_INFO", "$ci|log|call-id is associated with media server $rd");
if ($ct.fields(uri) && is_method("INVITE"))
{
xlog("L_INFO", "$ci|log|associated contact $(ct.fields(uri){uri.user}) with media server $rd");
cache_store("local", "$(ct.fields(uri){uri.user})", "$rd", 3600);
}
}
# if the request is not from our media servers and no associations in localcache
# then try to distribute to a media server
else if (ds_select_domain("1", "4"))
{
xlog("L_INFO", "$ci|log|routing call to arbitrary media server $rd");
}
# if no media server could be set with ds_select_domain and there is no existing
# association then we have no way to route this call, terminate
else
{
xlog("L_ERR", "$ci|end|no servers avaliable");
sl_send_reply("486", "All servers busy");
exit;
}
# for all initial request (not having been processed above in the has_totag)
# that are not a register or message add this sever to the route set on the
# request so subsequent messages come through this server
if (!is_method("REGISTER|MESSAGE"))
{
# Record the route that this request has taken
# so we remain in the signaling path
record_route();
xlog("L_INFO", "$ci|log|added this server to the route set");
}
route(1);
}
route[1]
{
route("nat_test_and_correct");
# if the request domain is an IP and it exists in the list of our media servers (irregardless of the port)
# then...
# 1. remove any X-AUTH-IP headers so we will be the only one to set it
# 2. set the X-AUTH-IP header for freeswitch ACLs
# 3. set the final reply timer to two seconds, so we failover faster
# 4. arm a logging branch for replies
# 5. arm a failure branch that will try another one of our media servers when possible
if ($(rd{ip.isip}) && (ds_is_in_list("$rd", "", "1") || ds_is_in_list("$rd", "", "2")))
{
remove_hf("X-AUTH-IP");
xlog("L_INFO", "$ci|log|X-AUTH-IP: $si");
append_hf("X-AUTH-IP: $si\r\n");
xlog("L_INFO", "$ci|log|provisional reply required in 2 seconds");
$avp(s:final_reply_timer) = 2;
t_on_reply("on_net_reply");
t_on_failure("on_net_fault");
}
# if the request domain is not an IP or in our list of media servers then
# assume it is going somewhere outside our control and give that equipment
# longer to respond. Also arm a branch to log the replies
else
{
xlog("L_INFO", "$ci|log|provisional reply required in 6 seconds");
$avp(s:final_reply_timer) = 6;
t_on_reply("off_net_reply");
}
# try to send the request on its way, if it fails send back a
# stateless error to the requestor
if (t_relay())
{
xlog("L_INFO", "$ci|pass|$rd");
}
else
{
xlog("L_ERR", "$ci|end|unable to relay message");
sl_reply_error();
}
exit;
}
route[nat_test_and_correct]
{
# check if the request is from a client behind NAT, and fix if so...
# this check looks at:
# 1. if client has a private IP address (as defined by RFC1918) in the Contact field of the SIP message
# 2. if client has contacted OpenSIPS from an address that is different from the one in the Via field
if (client_nat_test("3"))
{
xlog("L_INFO", "$ci|log|via address differs from source or RFC1918 address in contact");
# adds the rport parameter to the first Via header
force_rport();
# will replace the IP and port in the Contact header with the IP and port
# the SIP message was received from
fix_contact();
}
# if the request has a body see if it needs NAT corrections as well,
# this check looks at:
# 8. SDP is searched for occurrence of RFC1918 addresses
if (has_body("application/sdp") && nat_uac_test("8"))
{
xlog("L_INFO", "$ci|log|SDP contains a RFC1918 address");
# alters the SDP information in order to facilitate NAT traversal.
# 2. rewrite media IP address (c=) with source IP
# 8. rewrite IP from origin description (o=) with source IP
fix_nated_sdp("10");
}
}
onreply_route[off_net_reply]
{
# this branch handles replies that are comming from equipment
# outside our control, just logging and NAT corrections
xlog("L_INFO", "$ci|start|recieved off-net reply $rs $rr");
xlog("L_INFO", "$ci|log|source $si:$sp");
route("nat_test_and_correct");
xlog("L_INFO", "$ci|pass|$(<request>si)");
}
onreply_route[on_net_reply]
{
# this branch handles replies that are comming from our
# media server, just logging and NAT corrections
xlog("L_INFO", "$ci|start|recieved on-net reply $rs $rr");
xlog("L_INFO", "$ci|log|source $si:$sp");
route("nat_test_and_correct");
# if one of our media servers has replied with a 407 or 401 associate
# this call-id with that media server so the next "initial" requests
# go to it (IE: the reply to the challenge)
if (t_check_status("(407)|(401)"))
{
cache_store("local", "$ci", "$si", 60);
xlog("L_INFO", "$ci|log|associated call-id with media server $si");
}
xlog("L_INFO", "$ci|pass|$(<request>si)");
}
failure_route[on_net_fault]
{
# if the failure cause was due to the transaction being
# cancelled then we are complete
if (t_was_cancelled())
{
xlog("L_INFO", "$ci|end|transaction was cancelled");
exit;
}
# if the failure case was soemthing that we should recover
# from then try to find a new media server
if (t_check_status("(408)|(5[0-9][0-9])"))
{
xlog("L_INFO", "$ci|start|recieved or generated negative reply");
xlog("L_INFO", "$ci|log|source $si:$sp");
xlog("L_ERR", "$ci|log|moving media server $rd to probing mode");
# flag the media server that failed and start sending SIP pings
# when it begins responding put it back in the lsit
ds_mark_dst("p");
# keep track of the original request domain so we can detemine
# if ds_select_domain chooses the same domain...
$avp(s:old_rd)=$rd;
# try to find a new media server to send the calls to, this is
# taking advantage of a bug since ds_select_domain is not supposed
# to be using in the failover branch (but it is necessary in our
# configuration).
if(ds_select_domain("1", "4") && $avp(s:old_rd) != $rd)
{
xlog("L_INFO", "$ci|log|routing call to arbitrary media server $rd");
# if the request has a contact and is an INVITE then store the new
# association
if ($ct.fields(uri) && is_method("INVITE"))
{
xlog("L_INFO", "$ci|log|associated contact $(ct.fields(uri){uri.user}) with media server $rd");
cache_store("local", "$(ct.fields(uri){uri.user})", "$rd", 3600);
}
xlog("L_INFO", "$ci|pass|$rd");
# reset the final reply timer
$avp(s:final_reply_timer) = 2;
# relay the request to the new media server
t_relay();
exit;
}
xlog("L_ERR", "$ci|end|no other media servers avaliable");
}
}