A2DUPz5K

1##
2## This is the default Flexisip configuration file
3##
4
5
6
7
8##
9## Some global settings of the flexisip proxy.
10##
11[global]
12
13
14
15# Directory where to create log files.
16# WARNING: Flexisip has no embedded log rotation system but provides
17# a configuration file for logrotate. Please ensure that logrotate
18# is installed and running on your system if you want to have Flexisip's
19# logs rotated. Log rotation can be customized by editing /etc/logrotate.d/flexisip-logrotate.
20#  Default value: /home/osboxes/flexisip/OUTPUT/var/log/flexisip
21log-directory=/home/osboxes/flexisip/OUTPUT/var/log/flexisip
22
23# Verbosity of logs to output. Possible values are debug, message,
24# warning and error
25#  Default value: error
26log-level=error
27
28# Verbosity of logs to put in syslog. Possible values are debug,
29# message, warning and error
30#  Default value: error
31syslog-level=error
32
33# Log (on a different log domain) user errors like authentication,
34# registration, routing, etc...
35#  Default value: false
36user-errors-logs=false
37
38# A boolean expression applied to current SIP message being processed.
39# When matched, logs are output provided that there level is greater
40# than the value defined in contextual-log-level. The definition
41# of the SIP boolean expression is the same as for entry filters
42# of modules, which is documented here: https://wiki.linphone.org/xwiki/wiki/public/view/Flexisip/Configuration/Filter%20syntax/
43#  Default value: 
44contextual-log-filter=
45
46# Verbosity of contextual logs to output when the condition defined
47# in 'contextual-log-filter' is met.
48#  Default value: debug
49contextual-log-level=debug
50
51# Generate a corefile when crashing. Note that by default linux
52# will generate coredumps in '/' which is not so convenient. The
53# following shell command can be added to /etc/rc.local in order
54# to write core dumps a in specific directory, for example /home/cores:
55# 	echo "/home/cores/core.%e.%t.%p" >/proc/sys/kernel/core_pattern
56#  Default value: true
57dump-corefiles=true
58
59# Automatically respawn flexisip in case of abnormal termination
60# (crashes)
61#  Default value: true
62auto-respawn=true
63
64# List of white space separated host names pointing to this machine.
65# This is to prevent loops while routing SIP messages.
66#  Default value: localhost
67aliases=localhost
68
69# Servers started by default when no --server option is specified
70# on command line. Possible values are 'proxy', 'presence', separated
71# by whitespaces.
72#  Default value: proxy
73default-servers=proxy
74
75# List of white space separated SIP uris where the proxy must listen.
76# Wildcard (*) can be used to mean 'all local ip addresses'. If
77# 'transport' parameter is unspecified, it will listen to both udp
78# and tcp. A local address to bind onto can be indicated in the
79# 'maddr' parameter, while the domain part of the uris are used
80# as public domain or ip address.
81# The 'sips' transport definitions accept two optional parameters:
82# 	- 'tls-certificates-dir' taking for value a path, with the same
83# meaning as the 'tls-certificates-dir' property of this section
84# and overriding it for this given transport.
85# 	- 'tls-verify-incoming' taking for value '0' or '1', to indicate
86# whether clients connecting are required to present a valid client
87# certificate. Default value is 0.
88# 	- 'tls-verify-outgoing' taking for value '0' or '1', whether
89# flexisip should check the peer certificate when it make an outgoing
90# TLS connection to another server. Default value is 1.
91# 	- 'require-peer-certificate' (deprecated) same as tls-verify-incoming
92# It is HIGHLY RECOMMENDED to specify a canonical name for 'sips'
93# transport, so that the proxy can advertise this information in
94# Record-Route headers, which allows TLS cname check to be performed
95# by clients.
96# Specifying a sip uri with transport=tls is not allowed: the 'sips'
97# scheme must be used instead. As requested by SIP RFC, IPv6 address
98# must be enclosed within brakets.
99# Here are some examples to understand:
100# - listen on all local interfaces for udp and tcp, on standard
101# port:
102# 	transports=sip:*
103# - listen on all local interfaces for udp,tcp and tls, on standard
104# ports:
105# 	transports=sip:* sips:*
106# - listen only a specific IPv6 interface, on standard ports, with
107# udp, tcp and tls
108# 	transports=sip:[2a01:e34:edc3:4d0:7dac:4a4f:22b6:2083] sips:[2a01:e34:edc3:4d0:7dac:4a4f:22b6:2083]
109# - listen on tls localhost with 2 different ports and SSL certificates:
110# 	transports=sips:localhost:5061;tls-certificates-dir=path_a sips:localhost:5062;tls-certificates-dir=path_b
111# - listen on tls localhost with 2 peer certificate requirements:
112# 	transports=sips:localhost:5061;tls-verify-incoming=0 sips:localhost:5062;tls-verify-incoming=1
113# - listen on 192.168.0.29:6060 with tls, but public hostname is
114# 'sip.linphone.org' used in SIP messages. Bind address won't appear
115# in messages:
116# 	transports=sips:sip.linphone.org:6060;maddr=192.168.0.29
117#  Default value: sip:*
118transports=sip:*
119
120# Path to the directory where TLS server certificate and private
121# key can be found, concatenated inside an 'agent.pem' file. Any
122# chain certificates must be put into a file named 'cafile.pem'.
123# The setup of agent.pem, and eventually cafile.pem is required
124# for TLS transport to work.
125#  Default value: /etc/flexisip/tls/
126tls-certificates-dir=/etc/flexisip/tls/
127
128# Ciphers string to pass to OpenSSL in order to limit the cipher
129# suites to use while establishing TLS sessions. Please take a look
130# to ciphers(1) UNIX manual to get the list of keywords supported
131# by your current version of OpenSSL. You might visit https://www.openssl.org/docs/manmaster/man1/ciphers.html
132# too. The default value set by Flexisip should provide a high level
133# of security while keeping an acceptable level of interoperability
134# with currenttly deployed client on the marcket.
135#  Default value: HIGH:!SSLv2:!SSLv3:!TLSv1:!EXP:!ADH:!RC4:!3DES:!aNULL:!eNULL
136tls-ciphers=HIGH:!SSLv2:!SSLv3:!TLSv1:!EXP:!ADH:!RC4:!3DES:!aNULL:!eNULL
137
138# Time interval in seconds after which inactive connections are
139# closed.
140#  Default value: 3600
141idle-timeout=3600
142
143# Time interval in seconds for sending "\r\n\r\n" keepalives packets
144# on inbound and outbound connections. A value of zero stands for
145# no keepalive. The main purpose of sending keepalives is to keep
146# connection alive accross NATs, but it also helps in detecting
147# silently broken connections which can reduce the number socket
148# descriptors used by flexisip.
149#  Default value: 1800
150keepalive-interval=1800
151
152# Time interval in seconds for sending "\r\n\r\n" keepalives packets
153# specifically for proxy to proxy connections. Indeed, while it
154# is undesirable to send frequent keepalives to mobile clients because
155# it drains their battery, sending frequent keepalives has proven
156# to be helpful to keep connections up between proxy nodes in a
157# very popular US virtualized datacenter. A value of zero stands
158# for no keepalive.
159#  Default value: 0
160proxy-to-proxy-keepalive-interval=0
161
162# Require client certificate from peer (inbound connections only).
163#  Default value: false
164require-peer-certificate=false
165
166# SIP transaction timeout in milliseconds. It is T1*64 (32000 ms)
167# by default.
168#  Default value: 32000
169transaction-timeout=32000
170
171# The UDP MTU. Flexisip will fallback to TCP when sending a message
172# whose size exceeds the UDP MTU. Please read http://sofia-sip.sourceforge.net/refdocs/nta/nta__tag_8h.html#a6f51c1ff713ed4b285e95235c4cc999a
173# for more details. If sending large packets over UDP is not a problem,
174# then set a big value such as 65535. Unlike the recommandation
175# of the RFC, the default value of UDP MTU is 1460 in Flexisip (instead
176# of 1300).
177#  Default value: 1460
178udp-mtu=1460
179
180# Enable SNMP.
181#  Default value: true
182enable-snmp=true
183
184# Unique ID used to identify that instance of Flexisip. It must
185# be a randomly generated 16-sized hexadecimal number. If empty,
186# it will be randomly generated at each start of Flexisip.
187#  Default value: 
188unique-id=
189
190# Path to the directory where plugins can be found.
191#  Default value: /home/osboxes/flexisip/OUTPUT/lib/flexisip/plugins
192plugins-dir=/home/osboxes/flexisip/OUTPUT/lib/flexisip/plugins
193
194# Plugins to use.
195#  Default value: 
196plugins=
197
198##
199## Should the server be part of a cluster, this section describes
200## the topology of the cluster.
201##
202[cluster]
203
204
205
206# Set to 'true' if that node is part of a cluster
207#  Default value: false
208enabled=false
209
210# Domain name that is to be used by external proxies to connect
211# on any node of the cluster randomly. The round-robin can be implemented
212# with SRV records or by declaring several A records for the that
213# domain
214#  Default value: 
215cluster-domain=
216
217# List of IP addresses of all nodes present in the cluster
218#  Default value: 
219nodes=
220
221# Internal transport used to communicate with other proxy
222#  Default value: sip:%auto:5059;transport=tcp
223internal-transport=sip:%auto:5059;transport=tcp
224
225##
226## Should the server be registered on a local domain, to be accessible
227## via multicast DNS.
228##
229[mdns-register]
230
231
232
233# Set to 'true' to enable multicast DNS register
234#  Default value: false
235enabled=false
236
237# Priority of this instance, lower value means more preferred.
238# 'n': priority of n (example 10)
239# 'n-m': random priority between n and m (example 10-50)
240#  Default value: 0
241mdns-priority=0
242
243# A relative weight for Flexisips with the same priority, higher
244# value means more preferred.
245# For example, if two Flexisips are registered on the same local
246# domain with one at 20 and the other at 80, then 20% of Flexisip
247# traffic will be redirected to the first Flexisip and 80% to the
248# other one.
249# The sum of all the weights of Flexisips on the same local domain
250# must be 100.
251#  Default value: 100
252mdns-weight=100
253
254# Time To Live of any mDNS query that will ask for this Flexisip
255# instance
256#  Default value: 3600
257mdns-ttl=3600
258
259##
260## Event logs contain per domain and user information about processed
261## registrations, calls and messages.
262## See: https://wiki.linphone.org/xwiki/wiki/public/view/Flexisip/Event%20logs%20and%20queries/
263## for architecture and queries.
264##
265[event-logs]
266
267
268
269# Enable event logs.
270#  Default value: false
271enabled=false
272
273# Define logger for storing logs. It supports "filesystem" and "database".
274#  Default value: filesystem
275logger=filesystem
276
277# Directory where event logs are written as a filesystem (case when
278# filesystem output is choosed).
279#  Default value: /var/log/flexisip
280dir=/var/log/flexisip
281
282# Choose the type of backend that Soci will use for the connection.
283# Depending on your Soci package and the modules you installed,
284# the supported databases are:`mysql`, `sqlite3` and `postgresql`
285#  Default value: mysql
286database-backend=sqlite3
287
288# The configuration parameters of the backend.
289# The basic format is "key=value key2=value2". For a mysql backend,
290# this is a valid config: "db=mydb user=user password='pass' host=myhost.com".
291# Please refer to the Soci documentation of your backend, for instance:
292# http://soci.sourceforge.net/doc/master/backends/#supported-backends-and-features
293#  Default value: db='mydb' user='myuser' password='mypass' host='myhost.com'
294database-connection-string=db=conference.db
295
296# Amount of queries that will be allowed to be queued before bailing
297# password requests.
298#  This value should be chosen accordingly with 'database-nb-threads-max',
299# so that you have a coherent behavior.
300#  This limit is here mainly as a safeguard against out-of-control
301# growth of the queue in the event of a flood or big delays in the
302# database backend.
303#  Default value: 100
304database-max-queue-size=100
305
306# Maximum number of threads for writing in database.
307# If you get a `database is locked` error with sqlite3, you must
308# set this variable to 1.
309#  Default value: 10
310database-nb-threads-max=10
311
312##
313## Flexisip monitor parameters
314##
315[monitor]
316
317
318
319# Enable or disable the Flexisip monitor daemon
320#  Default value: false
321enabled=false
322
323# Time between two consecutive tests
324#  Default value: 30
325test-interval=30
326
327# Path to the log file
328#  Default value: /etc/flexisip/flexisip_monitor.log
329logfile=/etc/flexisip/flexisip_monitor.log
330
331# Port to open/close folowing the test succeed or not
332#  Default value: 12345
333switch-port=12345
334
335# Salt used to generate the passwords of each test account
336#  Default value: 
337password-salt=
338
339##
340## STUN server parameters.
341##
342[stun-server]
343
344
345
346# Enable or disable stun server.
347#  Default value: true
348enabled=true
349
350# Local ip address where to bind the socket.
351#  Default value: 0.0.0.0
352bind-address=0.0.0.0
353
354# STUN server port number.
355#  Default value: 3478
356port=3478
357
358##
359## Flexisip presence server parameters.
360##
361[presence-server]
362
363
364
365# Enable presence server
366#  Default value: true
367enabled=true
368
369# List of white space separated SIP uris where the presence server
370# must listen. Must not be tls.
371#  Default value: sip:127.0.0.1:5065;transport=tcp
372transports=sip:127.0.0.1:5065;transport=tcp
373
374# Publish default expires in second.  by default.
375#  Default value: 600
376expires=600
377
378# Max number of presentity sent in a single NOTIFY.  by default.
379#  Default value: 200
380notify-limit=200
381
382# Enable belle-sip leak detector
383#  Default value: false
384leak-detector=false
385
386# Enable long-term presence notifies
387#  Default value: true
388long-term-enabled=true
389
390# If user agent contains it, can bypass extended notifiy verification.
391#  Default value: false
392bypass-condition=false
393
394# Soci SQL request to execute to obtain the list of users corresponding
395# to an external subscription.
396# Named parameters are:
397# -':from' : the uri of the sender of the SUBSCRIBE.
398# -':to' : the uri of the users list the sender want to subscribe
399# to.
400# The use of the :from & :to parameters are mandatory.
401# 
402#  Default value: 
403external-list-subscription-request=
404
405# Connection string to SOCI.
406#  Default value: 
407soci-connection-string=
408
409# Max number threads.
410#  Default value: 50
411max-thread=50
412
413# Max legnth of threads queue.
414#  Default value: 50
415max-thread-queue-size=50
416
417##
418## Flexisip conference server parameters. The flexisip conference
419## server is a user-agent that handles session-based chat (yes, text
420## only at this time). It requires a mysql database in order to persisently
421## store chatroom state (participants and their devices). It will
422## use the Registrar backend (see section module::Registrar) to discover
423## devices (or client instances) of each participant.
424##
425[conference-server]
426
427
428
429# Enable conference server
430#  Default value: true
431enabled=true
432
433# uri where the conference server must listen.
434#  Default value: sip:127.0.0.1:6064;transport=tcp
435transport=sip:127.0.0.1:6064;transport=tcp
436
437# uri where the client must ask to create a conference. For example:
438# 'sip:conference-factory@sip.linphone.org'.
439#  Default value: 
440conference-factory-uri=
441
442# Whether one-to-one chat room creation is allowed or not.
443#  Default value: true
444enable-one-to-one-chat-room=true
445
446# 
447#  Default value: sip:127.0.0.1:5060;transport=tcp
448outbound-proxy=sip:127.0.0.1:5060;transport=tcp
449
450# Choose the type of backend that linphone will use for the connection.
451# Depending on your Soci package and the modules you installed,
452# the supported databases are:`mysql`, `sqlite3`
453#  Default value: mysql
454database-backend=sqlite3
455
456# The configuration parameters of the backend.
457# The basic format is "key=value key2=value2". For a mysql backend,
458# this is a valid config: "db=mydb user=user password='pass' host=myhost.com".
459# Please refer to the Soci documentation of your backend, for instance:
460# http://soci.sourceforge.net/doc/3.2/backends/mysql.htmlhttp://soci.sourceforge.net/doc/3.2/backends/sqlite3.html
461#  Default value: db='mydb' user='myuser' password='mypass' host='myhost.com'
462database-connection-string=db=conf2.db
463
464# Whether the conference server shall check device capabilities
465# before inviting them to a session.
466# The capability check is currently limited to Linphone client that
467# put a +org.linphone.specs contact parameter in order to indicate
468# whether they support group chat and secured group chat.
469#  Default value: true
470check-capabilities=true
471
472##
473## This module bans user when they are sending too much packets within
474## a given timeframe. To see the list of currently banned IPs/ports,
475## use iptables -L. 
476##
477[module::DoSProtection]
478
479
480
481# Indicate whether the module is activated.
482#  Default value: true
483enabled=true
484
485# A request/response enters module if the boolean filter evaluates
486# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
487# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
488# && (user-agent == 'Linphone v2')
489#  Default value: 
490filter=
491
492# Number of milliseconds to consider to compute the packet rate
493#  Default value: 3000
494time-period=3000
495
496# Maximum packet rate in packets/seconds,  averaged over [time-period]
497# millisecond(s) to consider it as a DoS attack.
498#  Default value: 20
499packet-rate-limit=20
500
501# Number of minutes to ban the ip/port using iptables
502#  Default value: 2
503ban-time=2
504
505# Name of the chain flexisip will create to store the banned IPs
506#  Default value: FLEXISIP
507iptables-chain=FLEXISIP
508
509##
510## The SanitCheck module checks that required fields of a SIP message
511## are present to avoid unecessary checking while processing message
512## further. If the message doesn't meet these sanity check criterias,
513## then it is stopped and bad request response is sent.
514##
515[module::SanityChecker]
516
517
518
519# Indicate whether the module is activated.
520#  Default value: true
521enabled=true
522
523# A request/response enters module if the boolean filter evaluates
524# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
525# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
526# && (user-agent == 'Linphone v2')
527#  Default value: 
528filter=
529
530##
531## The ModuleGarbageIn module collects incoming garbage and prevent
532## any further processing.
533##
534[module::GarbageIn]
535
536
537
538# Indicate whether the module is activated.
539#  Default value: false
540enabled=false
541
542# A request/response enters module if the boolean filter evaluates
543# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
544# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
545# && (user-agent == 'Linphone v2')
546#  Default value: false
547filter=false
548
549##
550## The NatHelper module executes small tasks to make SIP work smoothly
551## despite firewalls.It corrects the Contact headers that contain
552## obviously inconsistent addresses, and adds a Record-Route to ensure
553## subsequent requests are routed also by the proxy, through the
554## UDP or TCP channel each client opened to the proxy.
555##
556[module::NatHelper]
557
558
559
560# Indicate whether the module is activated.
561#  Default value: true
562enabled=true
563
564# A request/response enters module if the boolean filter evaluates
565# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
566# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
567# && (user-agent == 'Linphone v2')
568#  Default value: 
569filter=
570
571# Internal URI parameter added to response contact by first proxy
572# and cleaned by last one.
573#  Default value: verified
574contact-verified-param=verified
575
576# Fix record-routes, to workaround proxies behind firewalls but
577# not aware of it.
578#  Default value: false
579fix-record-routes=false
580
581# Policy to recognize nat'd record-route and fix them. There are
582# two modes: 'safe' and 'always'
583#  Default value: safe
584fix-record-routes-policy=safe
585
586##
587## The authentication module challenges and authenticates SIP requests
588## using two possible methods:
589##  * if the request is received via a TLS transport and 'require-peer-certificate'
590## is set in transport definition in [Global] section for this transport,
591## then the From header of the request is matched with the CN claimed
592## by the client certificate. The CN must contain sip:user@domain
593## or alternate name with URI=sip:user@domain corresponding to the
594## URI in the from header for the request to be accepted. Optionnaly,
595## the property tls-client-certificate-required-subject may contain
596## a regular expression for additional checks to execute on certificate
597## subjects.
598##  * if no TLS client based authentication can be performed, or
599## is failed, then a SIP digest authentication is performed. The
600## password verification is made by querying a database or a password
601## file on disk.
602##
603[module::Authentication]
604
605
606
607# Indicate whether the module is activated.
608#  Default value: false
609enabled=false
610
611# A request/response enters module if the boolean filter evaluates
612# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
613# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
614# && (user-agent == 'Linphone v2')
615#  Default value: 
616filter=
617
618# List of whitespace separated domain names to challenge. Others
619# are denied.
620#  Default value: localhost
621auth-domains=localhost
622
623# List of algorithms, separated by whitespaces (valid values are
624# MD5 and SHA-256).
625# This feature allows to force the use of wanted algorithm(s).
626# If the value is empty, then it will authorize all implemented
627# algorithms.
628#  Default value: MD5
629available-algorithms=MD5
630
631# Disable the QOP authentication method. Default is to use it, use
632# this flag to disable it if needed.
633#  Default value: false
634disable-qop-auth=false
635
636# Don't reply 403, but 401 or 407 even in case of wrong authentication.
637#  Default value: false
638no-403=false
639
640# Expiration time of nonces, in seconds.
641#  Default value: 3600
642nonce-expires=3600
643
644# Extraction regex applied on the URI of the from header (or P-Prefered-Identity
645# header if present) in order to extract the realm. The realm is
646# found out by getting the first slice of the URI that matches the
647# regular expression. If it has one or more capturing parentheses,
648# then the content of the first one is used as realm.
649# If no regex is specified, then the realm will be the domain part
650# of the URI.
651# 
652# For instance, given auth-domains=sip.example.com, you might use
653# 'sip:.*@sip\.(.*)\.com' in order to use 'example' as realm.
654#  Default value: 
655realm-regex=
656
657# List of whitespace separated IP which will not be challenged.
658#  Default value: 
659trusted-hosts=
660
661# Database backend implementation for digest authentication [odbc,soci,file].
662#  Default value: file
663db-implementation=file
664
665# Odbc connection string to use for connecting to database. ex1:
666# DSN=myodbc3; where 'myodbc3' is the datasource name. ex2: DRIVER={MySQL};SERVER=host;DATABASE=db;USER=user;PASSWORD=pass;OPTION=3;
667# for a DSN-less connection. ex3: /etc/flexisip/passwd; for a file
668# containing user credentials in clear-text, md5 or sha256. The
669# file must start with 'version:1' as the first line, and then contains
670# lines in the form of:
671# user@domain clrtxt:clear-text-password md5:md5-password sha256:sha256-password
672# ;
673# For example: 
674# bellesip@sip.linphone.org clrtxt:secret ;
675# bellesip@sip.linphone.org md5:97ffb1c6af18e5687bf26cdf35e45d30
676# ;
677# bellesip@sip.linphone.org clrtxt:secret md5:97ffb1c6af18e5687bf26cdf35e45d30
678# sha256:d7580069de562f5c7fd932cc986472669122da91a0f72f30ef1b20ad6e4f61a3
679# ;
680#  Default value: 
681datasource=
682
683# Duration of the validity of the credentials added to the cache
684# in seconds.
685#  Default value: 1800
686cache-expire=1800
687
688# If set to true, the module will simply reject with 403 forbidden
689# any request coming from client who presented a bad TLS certificate
690# (regardless of reason: improper signature, unmatched subjects).
691# Otherwise, the module will fallback to a digest authentication.
692# This policy applies only for transports configured with 'required-peer-certificate=1'
693# parameter; indeed no certificate is requested to the client otherwise.
694#  Default value: false
695reject-wrong-client-certificates=false
696
697# An optional regular expression matched against subjects of presented
698# client certificates. If this regular expression evaluates to false,
699# the request is rejected. The matched subjects are, in order: subjectAltNames.DNS,
700# subjectAltNames.URI, subjectAltNames.IP and CN.
701#  Default value: 
702tls-client-certificate-required-subject=
703
704# When receiving a proxy authenticate challenge, generate a new
705# challenge for this proxy.
706#  Default value: false
707new-auth-on-407=false
708
709# Enable a feature useful for automatic tests, allowing a client
710# to create a temporary account in the password database in memory.This
711# MUST not be used for production as it is a real security hole.
712#  Default value: false
713enable-test-accounts-creation=false
714
715# If enabled, all requests which have their request URI containing
716# a trusted domain will be accepted.
717#  Default value: false
718trust-domain-certificates=false
719
720# Soci SQL request to execute to obtain the password and algorithm.
721# Named parameters are:
722#  -':id' : the user found in the from header,
723#  -':domain' : the authorization realm, and
724#  -':authid' : the authorization username.
725# The use of the :id parameter is mandatory.
726# The output of this request MUST contain two columns in this order:
727# 	- the password column
728# 	- the algorithm associated column: it can be a column in the
729# database or an explicitly specified value among these ('CLRTXT',
730# 'MD5', 'SHA-256')
731# Examples: 
732#  - the password and algorithm are both available in the database
733# 	select password, algorithm from accounts where login = :id and
734# domain = :domain
735#  - all the passwords from the database are MD5
736# 	 select password, 'MD5' from accounts where login = :id and domain
737# = :domain
738#  Default value: select password, 'MD5' from accounts where login = :id and domain = :domain
739soci-password-request=select password, 'MD5' from accounts where login = :id and domain = :domain
740
741# Soci SQL request to execute to obtain the username associated
742# with a phone alias.
743# Named parameters are:
744#  -':phone' : the phone number to search for.
745# The use of the :phone parameter is mandatory.
746# Example : select login from accounts where phone = :phone 
747#  Default value: 
748soci-user-with-phone-request=
749
750# Soci SQL request to execute to obtain the usernames associated
751# with phones aliases.
752# Named parameters are:
753#  -':phones' : the phones to search for.
754# The use of the :phones parameter is mandatory.
755# If you use phone number linked accounts you'll need to select
756# login, domain, phone in your request for flexisip to work.Example
757# : select login, domain, phone from accounts where phone in (:phones)
758#  Default value: 
759soci-users-with-phones-request=
760
761# Size of the pool of connections that Soci will use. We open a
762# thread for each DB query, and this pool will allow each thread
763# to get a connection.
764# The threads are blocked until a connection is released back to
765# the pool, so increasing the pool size will allow more connections
766# to occur simultaneously.
767# On the other hand, you should not keep too many open connections
768# to your DB at the same time.
769#  Default value: 100
770soci-poolsize=100
771
772# Choose the type of backend that Soci will use for the connection.
773# Depending on your Soci package and the modules you installed,
774# this could be 'mysql', 'oracle', 'postgresql' or something else.
775#  Default value: mysql
776soci-backend=mysql
777
778# The configuration parameters of the Soci backend.
779# The basic format is "key=value key2=value2". For a mysql backend,
780# this is a valid config: "db=mydb user=user password='pass' host=myhost.com".
781# Please refer to the Soci documentation of your backend, for intance:
782# http://soci.sourceforge.net/doc/3.2/backends/mysql.html
783#  Default value: db=mydb user=myuser password='mypass' host=myhost.com
784soci-connection-string=db=mydb user=myuser password='mypass' host=myhost.com
785
786# Amount of queries that will be allowed to be queued before bailing
787# password requests.
788#  This value should be chosen accordingly with 'soci-poolsize',
789# so that you have a coherent behavior.
790#  This limit is here mainly as a safeguard against out-of-control
791# growth of the queue in the event of a flood or big delays in the
792# database backend.
793#  Default value: 1000
794soci-max-queue-size=1000
795
796##
797## This module redirect sip request with a 302 move temporarily.
798##
799[module::Redirect]
800
801
802
803# Indicate whether the module is activated.
804#  Default value: false
805enabled=false
806
807# A request/response enters module if the boolean filter evaluates
808# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
809# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
810# && (user-agent == 'Linphone v2')
811#  Default value: 
812filter=
813
814# A contact where to redirect requests. ex: <sip:127.0.0.1:5065>;expires=100
815#  Default value: 
816contact=
817
818##
819## This module transfert sip presence messages, like subscribe/notify/publish
820## to a presence server.
821##
822[module::Presence]
823
824
825
826# Indicate whether the module is activated.
827#  Default value: false
828enabled=false
829
830# A request/response enters module if the boolean filter evaluates
831# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
832# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
833# && (user-agent == 'Linphone v2')
834#  Default value: is_request && (request.method-name == 'PUBLISH' || request.method-name == 'NOTIFY' || request.method-name == 'SUBSCRIBE')
835filter=is_request && (request.method-name == 'PUBLISH' || request.method-name == 'NOTIFY' || request.method-name == 'SUBSCRIBE')
836
837# A sip uri where to send all presence related requests.
838#  Default value: sip:127.0.0.1:5065;transport=tcp
839presence-server=sip:127.0.0.1:5065;transport=tcp
840
841# If true, only manage list subscription.
842#  Default value: false
843only-list-subscription=false
844
845# When getting the list of users with phones, if this setting is
846# enabled, it will limit the results to the ones that have the same
847# domain
848#  Default value: false
849check-domain-in-presence-results=false
850
851##
852## The ModuleRegistrar module accepts REGISTERs for domains it manages,
853## and store the address of record in order to allow routing requests
854## destinated to the client who registered.
855##
856[module::Registrar]
857
858
859
860# Indicate whether the module is activated.
861#  Default value: true
862enabled=true
863
864# A request/response enters module if the boolean filter evaluates
865# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
866# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
867# && (user-agent == 'Linphone v2')
868#  Default value: 
869filter=
870
871# List of whitespace separated domain names to be managed by the
872# registrar. It can eventually be the '*' (wildcard) in order to
873# match any domain name.
874#  Default value: localhost
875reg-domains=localhost
876
877# Register users based on response obtained from a back-end server.
878# This mode is for using flexisip as a front-end server to hold
879# client connections but registeracceptance is deferred to backend
880# server to which the REGISTER is routed.
881#  Default value: false
882reg-on-response=false
883
884# Maximum number of registered contacts of an address of record.
885#  Default value: 12
886max-contacts-by-aor=12
887
888# List of contact uri parameters that can be used to identify a
889# user's device. The contact parameters are searched in the order
890# of the list, the first matching parameter is used and the others
891# ignored.
892#  Default value: +sip.instance pn-tok line
893unique-id-parameters=+sip.instance pn-tok line
894
895# Maximum expire time for a REGISTER, in seconds.
896#  Default value: 86400
897max-expires=86400
898
899# Minimum expire time for a REGISTER, in seconds.
900#  Default value: 60
901min-expires=60
902
903# Set a value that will override expire times given by REGISTER
904# requests. A null or negative value disables that feature. If it
905# is enabled, max-expires and min-expires will not have any effect.
906#  Default value: -1
907force-expires=-1
908
909# File containing the static records to add to database at startup.
910# Format: one 'sip_uri contact_header' by line. Example:
911# <sip:contact@domain> <sip:127.0.0.1:5460>,<sip:192.168.0.1:5160>
912#  Default value: 
913static-records-file=
914
915# Timeout in seconds after which the static records file is re-read
916# and the contacts updated.
917#  Default value: 600
918static-records-timeout=600
919
920# Implementation used for storing address of records contact uris.
921# Two backends are available:
922# - redis : contacts are stored in a redis database, which allows
923# persistent and shared storage accross multiple flexisip nodes
924# - internal : contacts are stored in RAM. Of course, if flexisip
925# is restarted, all contacts are lost until client update their
926# registration.
927# The redis backend is recommended, the internal being more adapted
928# to very small deployments.
929#  Default value: internal
930db-implementation=internal
931
932# Domain of the redis server. 
933#  Default value: localhost
934redis-server-domain=localhost
935
936# Port of the redis server.
937#  Default value: 6379
938redis-server-port=6379
939
940# Authentication password for redis. Empty to disable.
941#  Default value: 
942redis-auth-password=
943
944# Timeout in milliseconds of the redis connection.
945#  Default value: 1500
946redis-server-timeout=1500
947
948# Serialize contacts with: [C, protobuf, json, msgpack]
949#  Default value: protobuf
950redis-record-serializer=protobuf
951
952# When Redis is configured in master-slave, flexisip will periodically
953# ask what are the slaves and the master.This is the period with
954# which it will query the server.It will then determine whether
955# is is connected to the master, and if not, let go of the connection
956# and migrate to the master.Note: This requires that all redis instances
957# have the same password. Otherwise the authentication will fail.
958#  Default value: 60
959redis-slave-check-period=60
960
961# Sequence of proxies (space-separated) where requests will be redirected
962# through (RFC3608)
963#  Default value: 
964service-route=
965
966# The name used for the expire time of forking message
967#  Default value: message-expires
968name-message-expires=message-expires
969
970# Maximum percentage of the REGISTER expire to randomly remove,
971# 0 to disable
972#  Default value: 0
973register-expire-randomizer-max=0
974
975##
976## The purpose of the StatisticsCollector module is to collect call
977## statistics (RFC 6035) and store them on the server.
978##
979[module::StatisticsCollector]
980
981
982
983# Indicate whether the module is activated.
984#  Default value: false
985enabled=false
986
987# A request/response enters module if the boolean filter evaluates
988# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
989# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
990# && (user-agent == 'Linphone v2')
991#  Default value: is_request && request.method-name == 'PUBLISH'
992filter=is_request && request.method-name == 'PUBLISH'
993
994# SIP URI of the statistics collector. Note that application/vq-rtcpxr
995# messages for this address will be deleted by this module and thus
996# not be delivered.
997#  Default value: 
998collector-address=
999
1000##
1001## The ModuleRouter module routes requests for domains it manages.
1002##
1003[module::Router]
1004
1005
1006
1007# Indicate whether the module is activated.
1008#  Default value: true
1009enabled=true
1010
1011# A request/response enters module if the boolean filter evaluates
1012# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
1013# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
1014# && (user-agent == 'Linphone v2')
1015#  Default value: 
1016filter=
1017
1018# Store and retrieve contacts without using the domain.
1019#  Default value: false
1020use-global-domain=false
1021
1022# Fork messages to all registered devices
1023#  Default value: true
1024fork=true
1025
1026# Force forking and thus the creation of an outgoing transaction
1027# even when only one contact found
1028#  Default value: true
1029stateful=true
1030
1031# Fork invites to late registers
1032#  Default value: false
1033fork-late=false
1034
1035# All the forked have to decline in order to decline the caller
1036# invite
1037#  Default value: false
1038fork-no-global-decline=false
1039
1040# Treat 603 Declined answers as urgent. Only relevant if fork-no-global-decline
1041# is set to true.
1042#  Default value: false
1043treat-decline-as-urgent=false
1044
1045# During a fork procedure, treat all failure response as urgent
1046#  Default value: false
1047treat-all-as-urgent=false
1048
1049# Maximum time for a call fork to try to reach a callee, in seconds.
1050#  Default value: 90
1051call-fork-timeout=90
1052
1053# Maximum time before delivering urgent responses during a call
1054# fork, in seconds. The typical fork process requires to wait the
1055# best response from all branches before transmitting it to the
1056# client. However some error responses are retryable immediately
1057# (like 415 unsupported media, 401, 407) thus it is painful for
1058# the client to need to wait the end of the transaction time (32
1059# seconds) for these error codes.
1060#  Default value: 5
1061call-fork-urgent-timeout=5
1062
1063# Maximum time in seconds before trying the next branches with lower
1064# priorities
1065#  Default value: 10
1066call-fork-current-branches-timeout=10
1067
1068# Optional timer to detect lack of push response, in seconds.
1069#  Default value: 0
1070call-push-response-timeout=0
1071
1072# Fork messages to client registering lately. 
1073#  Default value: true
1074message-fork-late=true
1075
1076# Maximum duration for delivering a text message. This property
1077# applies only if message-fork-late if set to true, otherwise the
1078# duration can't exceed the normal transaction duration.
1079#  Default value: 3600
1080message-delivery-timeout=3600
1081
1082# Maximum duration for accepting a text message if no response is
1083# received from any recipients. This property is meaningful when
1084# message-fork-late is set to true.
1085#  Default value: 15
1086message-accept-timeout=15
1087
1088# Default route to apply when the recipient is unreachable, given
1089# as a SIP URI, for example: sip:example.org;transport=tcp (without
1090# surrounding brakets)
1091#  Default value: 
1092fallback-route=
1093
1094# During a call forking, allow several INVITEs going to the same
1095# next hop to be grouped into a single one. A proprietary custom
1096# header 'X-target-uris' is added to the INVITE to indicate the
1097# final targets of the INVITE.
1098#  Default value: false
1099allow-target-factorization=false
1100
1101# Whether the proxy is allowed to generate and send provisional
1102# responses during a call forking process. A typical example for
1103# this is the '110 Push sent' emitted by the proxy when at least
1104# one push notification has been sent to a target UA while routing
1105# an INVITE. Some old versions of Linphone (below linphone-sdk 4.2)
1106# suffer from an issue when receiving such kind of provisional responses
1107# that don't come from a remote client. This setting is mainly intended
1108# to temporarily workaround this situation.
1109#  Default value: true
1110permit-self-generated-provisional-response=true
1111
1112# Generate a contact from the TO header and route it to the above
1113# destination. [sip:host:port]
1114#  Default value: 
1115generated-contact-route=
1116
1117# Require presence of authorization header for specified realm.
1118# [Realm]
1119#  Default value: 
1120generated-contact-expected-realm=
1121
1122# Generate a contact route even on filled AOR.
1123#  Default value: false
1124generate-contact-even-on-filled-aor=false
1125
1126# Rewrite username with given value.
1127#  Default value: 
1128preroute=
1129
1130# Whether or not to resolve next hope in route header against registrar
1131# database. This is an extension to RFC3261, and should not be used
1132# unless in some specific deployment cases. A next hope in route
1133# header is otherwise resolved through standard DNS procedure by
1134# the Forward module.
1135#  Default value: false
1136resolve-routes=false
1137
1138# Whether or not to fallback to the parent domain if there is no
1139# fallback route set and the recipient is unreachable
1140#  Default value: false
1141parent-domain-fallback=false
1142
1143##
1144## This module performs push notifications to mobile phone notification
1145## systems: apple, android, windows, as well as a generic http get/post
1146## to a custom server to which actual sending of the notification
1147## is delegated. The push notification is sent when an INVITE or
1148## MESSAGE request is not answered by the destination of the request
1149## within a certain period of time, configurable hereunder as 'timeout'
1150## parameter.
1151##
1152[module::PushNotification]
1153
1154
1155
1156# Indicate whether the module is activated.
1157#  Default value: false
1158enabled=false
1159
1160# A request/response enters module if the boolean filter evaluates
1161# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
1162# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
1163# && (user-agent == 'Linphone v2')
1164#  Default value: 
1165filter=
1166
1167# Number of seconds to wait before sending a push notification to
1168# device. A value lesser or equal to zero will make the push notification
1169# to be sent immediately.
1170#  Default value: 5
1171timeout=5
1172
1173# Maximum number of notifications queued for each client
1174#  Default value: 100
1175max-queue-size=100
1176
1177# Default time to live for the push notifications, in seconds. This
1178# parameter shall be set according to mDeliveryTimeout parameter
1179# in ForkContext.cc
1180#  Default value: 2592000
1181time-to-live=2592000
1182
1183# Number of push notification request retransmissions sent to a
1184# client for a same event (call or message). Retransmissions cease
1185# when a response is received from the client. Setting a value of
1186# zero disables retransmissions.
1187#  Default value: 0
1188retransmission-count=0
1189
1190# Retransmission interval in seconds for push notification requests,
1191# when a retransmission-count has been specified above.
1192#  Default value: 5
1193retransmission-interval=5
1194
1195# Enable push notification for apple devices
1196#  Default value: true
1197apple=true
1198
1199# Path to directory where to find Apple Push Notification service
1200# certificates. They should bear the appid of the application, suffixed
1201# by the release mode and .pem extension. For example: org.linphone.dev.pem
1202# org.linphone.prod.pem com.somephone.dev.pem etc... The files should
1203# be .pem format, and made of certificate followed by private key.
1204# This is also the path to the directory where to find Voice Over
1205# IP certificates (certicates to use PushKit).They should bear the
1206# appid of the application, suffixed by the release mode and .pem
1207# extension, and made of certificate followed by private key. For
1208# example: org.linphone.voip.dev.pem org.linphone.voip.prod.pem
1209# com.somephone.voip.dev.pem etc...
1210#  Default value: /etc/flexisip/apn
1211apple-certificate-dir=/etc/flexisip/apn
1212
1213# Enable push notification for android devices (for compatibility
1214# only)
1215#  Default value: true
1216google=true
1217
1218# List of couples projectId:ApiKey for each android project that
1219# supports push notifications (for compatibility only)
1220#  Default value: 
1221google-projects-api-keys=
1222
1223# Enable push notification for android devices (new method for android)
1224#  Default value: true
1225firebase=true
1226
1227# List of couples projectId:ApiKey for each android project that
1228# supports push notifications (new method for android)
1229#  Default value: 
1230firebase-projects-api-keys=
1231
1232# Enable push notification for windows phone 8 devices
1233#  Default value: true
1234windowsphone=true
1235
1236# Unique identifier for your Windows Store app. For example: ms-app://s-1-15-2-2345030743-3098444494-743537440-5853975885-5950300305-5348553438-505324794
1237#  Default value: 
1238windowsphone-package-sid=
1239
1240# Client secret. For example: Jrp1UoVt4C6CYpVVJHUPdcXLB1pEdRoB
1241#  Default value: 
1242windowsphone-application-secret=
1243
1244# Set the badge value to 0 for apple push
1245#  Default value: false
1246no-badge=false
1247
1248# Instead of having Flexisip sending the push notification directly
1249# to the Google/Apple/Microsoft push servers, send an http request
1250# to an http server with all required information encoded in URL,
1251# to which the actual sending of the push notification is delegated.
1252# The following arguments can be substitued in the http request
1253# uri, with the following values:
1254#  - $type      : apple, google, wp, firebase
1255#  - $token     : device token
1256#  - $api-key   : the api key to use (google and firebase only)
1257#  - $app-id    : application ID
1258#  - $from-name : the display name in the from header
1259#  - $from-uri  : the sip uri of the from header
1260#  - $from-tag  : the tag of the from header 
1261#  - $to-uri    : the sip uri of the to header
1262#  - $call-id   : the call-id of the INVITE or MESSAGE request
1263#  - $event     : call, message
1264#  - $sound     : the sound file to play with the notification
1265#  - $msgid     : the message id to put in the notification
1266#  - $uid       : 
1267#  
1268# The content of the text message is put in the body of the http
1269# request as text/plain, if any.
1270# Example: http://292.168.0.2/$type/$event?from-uri=$from-uri&tag=$from-tag&callid=$callid&to=$to-uri
1271#  Default value: 
1272external-push-uri=
1273
1274# Method for reaching external-push-uri, typically GET or POST
1275#  Default value: GET
1276external-push-method=GET
1277
1278##
1279## The MediaRelay module masquerades SDP message so that all RTP
1280## and RTCP streams go through the proxy. The RTP and RTCP streams
1281## are then routed so that each client receives the stream of the
1282## other. MediaRelay makes sure that RTP is ALWAYS established, even
1283## with uncooperative firewalls.
1284##
1285[module::MediaRelay]
1286
1287
1288
1289# Indicate whether the module is activated.
1290#  Default value: true
1291enabled=true
1292
1293# A request/response enters module if the boolean filter evaluates
1294# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
1295# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
1296# && (user-agent == 'Linphone v2')
1297#  Default value: 
1298filter=
1299
1300# SDP attribute set by the first proxy to forbid subsequent proxies
1301# to provide relay. Use 'disable' to disable.
1302#  Default value: nortpproxy
1303nortpproxy=nortpproxy
1304
1305# The minimal value of SDP port range
1306#  Default value: 1024
1307sdp-port-range-min=1024
1308
1309# The maximal value of SDP port range
1310#  Default value: 65535
1311sdp-port-range-max=65535
1312
1313# Sends a ACK and BYE to 200Ok for INVITEs not belonging to any
1314# established call.
1315#  Default value: false
1316bye-orphan-dialogs=false
1317
1318# Maximum concurrent calls processed by the media-relay. Calls arriving
1319# when the limit is exceed will be rejected. A value of 0 means
1320# no limit.
1321#  Default value: 0
1322max-calls=0
1323
1324# When true, the 'c=' line and port number are set to the relay
1325# ip/port even if ICE candidates are present in the request. This
1326# is allow non-ice clients to have their streams relayed.
1327#  Default value: true
1328force-relay-for-non-ice-targets=true
1329
1330# Prevent media-relay ports to loop between them, which can cause
1331# 100% cpu on the media relay thread.You need to set this property
1332# to false if you are running test calls from clients running on
1333# the same IP address as the flexisip server
1334#  Default value: true
1335prevent-loops=true
1336
1337# In case multiples 183 Early media responses are received for a
1338# call, only the first one will have RTP streams forwarded back
1339# to caller. This feature prevents the caller to receive 'mixed'
1340# streams, but it breaks scenarios where multiple servers play early
1341# media announcement in sequence.
1342#  Default value: true
1343early-media-relay-single=true
1344
1345# Maximum number of relayed early media streams per call. This is
1346# useful to limit the cpu usage due to early media relaying on embedded
1347# systems. A value of 0 stands for unlimited.
1348#  Default value: 0
1349max-early-media-per-call=0
1350
1351# Period of time in seconds, after which a relayed call without
1352# any activity is considered as no longer running. Activity counts
1353# RTP/RTCP packets exchanged through the relay and SIP messages.
1354#  Default value: 3600
1355inactivity-period=3600
1356
1357# Force the media relay to use the public address of Flexisip to
1358# relay calls. It not enabled, Flexisip will deduce a suitable IP
1359# address by basing on data from SIP messages, which could fail
1360# in tricky situations e.g. when Flexisip is behind a TCP proxy.
1361#  Default value: false
1362force-public-ip-for-sdp-masquerading=false
1363
1364##
1365## The purpose of the Transcoder module is to transparently transcode
1366## from one audio codec to another to make the communication possible
1367## between clients that do not share the same set of supported codecs.
1368## Concretely it adds all missing codecs into the INVITEs it receives,
1369## and adds codecs matching the original INVITE into the 200Ok. Rtp
1370## ports and addresses are masqueraded so that the streams can be
1371## processed by the proxy. The transcoding job is done in the background
1372## by the mediastreamer2 library, as consequence the set of supported
1373## codecs is exactly the the same as the codec set supported by mediastreamer2,
1374## including the possible plugins you may installed to extend mediastreamer2.
1375## WARNING: this module can conflict with the MediaRelay module as
1376## both are changin the SDP. Make sure to configure them with different
1377## to-domains or from-domains filter if you want to enable both of
1378## them.
1379##
1380[module::Transcoder]
1381
1382
1383
1384# Indicate whether the module is activated.
1385#  Default value: false
1386enabled=false
1387
1388# A request/response enters module if the boolean filter evaluates
1389# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
1390# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
1391# && (user-agent == 'Linphone v2')
1392#  Default value: 
1393filter=
1394
1395# Nominal size of RTP jitter buffer, in milliseconds. A value of
1396# 0 means no jitter buffer (packet processing).
1397#  Default value: 0
1398jb-nom-size=0
1399
1400# Whitespace separated list of user-agent strings for which audio
1401# rate control is performed.
1402#  Default value: 
1403rc-user-agents=
1404
1405# Whitespace seprated list of audio codecs, in order of preference.
1406# The telephone-event codec is necessary for inband DTMF processing.
1407#  Default value: speex/8000 amr/8000 iLBC/8000 gsm/8000 pcmu/8000 pcma/8000 telephone-event/8000
1408audio-codecs=speex/8000 amr/8000 iLBC/8000 gsm/8000 pcmu/8000 pcma/8000 telephone-event/8000
1409
1410# Remove the bandwidth limitations from SDP offers and answers
1411#  Default value: false
1412remove-bw-limits=false
1413
1414# If true, retransmissions of INVITEs will be blocked. The purpose
1415# of this option is to limit bandwidth usage and server load on
1416# reliable networks.
1417#  Default value: false
1418block-retransmissions=false
1419
1420##
1421## This module executes the basic routing task of SIP requests and
1422## pass them to the transport layer. It must always be enabled.
1423##
1424[module::Forward]
1425
1426
1427
1428# Indicate whether the module is activated.
1429#  Default value: true
1430enabled=true
1431
1432# A request/response enters module if the boolean filter evaluates
1433# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
1434# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
1435# && (user-agent == 'Linphone v2')
1436#  Default value: 
1437filter=
1438
1439# A sip uri representing a default where to send all requests not
1440# already resolved. This is the typical way to setup a Flexisip
1441# proxy server acting as a front-end for backend SIP server.
1442#  Default value: 
1443route=
1444
1445# Add a path header of this proxy
1446#  Default value: true
1447add-path=true
1448
1449# Rewrite request-uri's host and port according to above route
1450#  Default value: false
1451rewrite-req-uri=false
1452
1453# For sip uris, in asbsence of transport parameter, assume the given
1454# transport is to be is to be used. Possible values are udp, tcp
1455# or tls.
1456#  Default value: udp
1457default-transport=udp
1458
1459# List of URL and contact params to remove
1460#  Default value: pn-tok pn-type app-id pn-msg-str pn-call-str pn-call-snd pn-msg-snd pn-timeout pn-silent
1461params-to-remove=pn-tok pn-type app-id pn-msg-str pn-call-str pn-call-snd pn-msg-snd pn-timeout pn-silent
1462
1463##
1464## Inter domain connections is a set of feature allowing to dynamically
1465## connect several flexisip servers together in order to manage SIP
1466## routing at local and global scope. Let's suppose you have two
1467## SIP network a.example.net and b.example.net run privately and
1468## independently (no one from a.example.net needs to call someone
1469## at b.example.net). However, when people from a and b are outside
1470## of their network, they register to a worldwide available flexisip
1471## instance running on 'global.example.net'. It is then possible
1472## to:
1473## * have calls made within a.example.net routed locally and sent
1474## to global.example.net in order to reach users inside and outside
1475## of a's network. Example: 1@a.example.net calls 2@a.example.net.
1476## If 2 is registered on a.example.net then the call is routed locally.
1477## On the contrary if 2 is absent and registered, the call is then
1478## sent to global.example.net and then routed by the global proxy.
1479## * when global.example.net receives a call from a user not within
1480## its native network (ex: 1@a.example.net calls 2@a.example.net),
1481## it can route this call to the proxy that is responsible for managing
1482## the local domain (a.example.net).
1483## This system is dynamic, that is the physical IP address of a and
1484## b network can change (dynamic ip address)
1485## .This scenario is achieved with two key features:
1486## * a.example.net sends a REGISTER to global.example.net to indicate
1487## that it is the responsible for the entire domain a.example.net.
1488## The global.example.net authenticates this REGISTER thanks to TLS
1489## client certificate presented by a.example.net.
1490## * global.example.net is configured to accept this domain registration
1491## and route all calls it receives directly and estinated to a.example.net
1492## domain through the connection established by a.example.net during
1493## the domain registration.
1494##
1495[inter-domain-connections]
1496
1497
1498
1499# Whether flexisip shall accept registrations for entire domains
1500#  Default value: false
1501accept-domain-registrations=false
1502
1503# Whether flexisip shall assume that there is a unique server per
1504# registered domain, which allows to clean old registrations and
1505# simplifies the routing logic.
1506#  Default value: false
1507assume-unique-domains=false
1508
1509# Path to a text file describing the domain registrations to make.
1510# This file must contains lines like:
1511#  <local domain name> <SIP URI of proxy/registrar where to send
1512# the domain REGISTER>
1513#  where:
1514#  <local domain name> is a domain name managed locally by this
1515# proxy
1516#  <SIP URI of proxy/registrar> is the SIP URI where the domain
1517# registration will be sent. The special uri parameter 'tls-certificates-dir'
1518# is understood in order to specify a TLS client certificate to
1519# present to the remote proxy.
1520#  If the file is absent or empty, no registrations are done.
1521#  Default value: /etc/flexisip/domain-registrations.conf
1522domain-registrations=/etc/flexisip/domain-registrations.conf
1523
1524# When submitting a domain registration to a server over TLS, verify
1525# the certificate presented by the server. Disabling this option
1526# is only for test, because it is a security flaw
1527#  Default value: true
1528verify-server-certs=true
1529
1530# Interval in seconds for sending \r\n\r\n keepalives throug the
1531# outgoing domain registration connection.A value of zero disables
1532# keepalives.
1533#  Default value: 30
1534keepalive-interval=30
1535
1536# Whether Flexisip shall only send a domain registration when a
1537# device is registered
1538#  Default value: false
1539reg-when-needed=false