# # $Id$ # # OpenSIPS residential configuration script # by OpenSIPS Solutions # # This script was generated via "make menuconfig", from # the "Residential" scenario. # You can enable / disable more features / functionalities by # re-generating the scenario with different options.# # # Please refer to the Core CookBook at: # http://www.opensips.org/Resources/DocsCookbooks # for a explanation of possible statements, functions and parameters. # ####### Global Parameters ######### debug=3 log_stderror=no log_facility=LOG_LOCAL0 fork=yes children=3 /* uncomment the following lines to enable debugging */ #debug=6 #fork=no #log_stderror=yes /* uncomment the next line to enable the auto temporary blacklisting of not available destinations (default disabled) */ #disable_dns_blacklist=no listen=udp:MY_IP:MY_PORT listen=tcp:MY_IP:MY_PORT # TODO: TLS listen=tls:MY_IP:MY_SECURE_PORT # TODO: WS listen=ws:MY_IP:MY_WEB_PORT ####### Modules Section ######## #set module path mpath="OSIPS_MPATH" #### SIGNALING module loadmodule "signaling.so" #### StateLess module loadmodule "sl.so" #### Transaction Module loadmodule "tm.so" modparam("tm", "fr_timeout", 5) modparam("tm", "fr_inv_timeout", 30) modparam("tm", "restart_fr_on_each_reply", 0) modparam("tm", "onreply_avp_mode", 1) #### Record Route Module loadmodule "rr.so" /* do not append from tag to the RR (no need for this script) */ modparam("rr", "append_fromtag", 0) #### MAX ForWarD module loadmodule "maxfwd.so" #### SIP MSG OPerationS module loadmodule "sipmsgops.so" #### FIFO Management Interface loadmodule "mi_fifo.so" modparam("mi_fifo", "fifo_name", "/tmp/opensips_fifo") modparam("mi_fifo", "fifo_mode", 0666) #### URI module loadmodule "uri.so" modparam("uri", "use_uri_table", 0) modparam("uri", "db_url", "mysql://DB_USER:DB_PASS@DB_HOST:DB_PORT/DB_NAME") #### MYSQL module loadmodule "db_mysql.so" #### USeR LOCation module loadmodule "usrloc.so" modparam("usrloc", "nat_bflag", "NAT") modparam("usrloc", "db_mode", 2) modparam("usrloc", "db_url", "mysql://DB_USER:DB_PASS@DB_HOST:DB_PORT/DB_NAME") #### REGISTRAR module loadmodule "registrar.so" modparam("registrar", "tcp_persistent_flag", "TCP_PERSISTENT") modparam("registrar", "received_avp", "$avp(received_nh)") /* uncomment the next line not to allow more than 10 contacts per AOR */ #modparam("registrar", "max_contacts", 10) #### AUTHentication modules loadmodule "auth.so" loadmodule "auth_db.so" modparam("auth_db", "calculate_ha1", yes) modparam("auth_db", "password_column", "password") modparam("auth_db", "db_url", "mysql://DB_USER:DB_PASS@DB_HOST:DB_PORT/DB_NAME") #### ALIAS module loadmodule "alias_db.so" modparam("alias_db", "db_url", "mysql://DB_USER:DB_PASS@DB_HOST:DB_PORT/DB_NAME") #### PRESENCE modules loadmodule "xcap.so" loadmodule "presence.so" loadmodule "presence_xml.so" modparam("xcap|presence", "db_url", "mysql://DB_USER:DB_PASS@DB_HOST:DB_PORT/DB_NAME") modparam("presence_xml", "force_active", 1) modparam("presence", "server_address", "sip:MY_IP:PRESENCE_PORT") #### DIALOG module loadmodule "dialog.so" modparam("dialog", "dlg_match_mode", 1) modparam("dialog", "default_timeout", 21600) # 6 hours timeout modparam("dialog", "db_mode", 2) modparam("dialog", "db_url", "mysql://DB_USER:DB_PASS@DB_HOST:DB_PORT/DB_NAME") modparam("dialog", "rr_param", "edge") #### TH module loadmodule "topology_hiding.so" modparam("topology_hiding", "force_dialog", 1) modparam("topology_hiding", "th_callid_prefix", "EDGE_") #### NAT modules loadmodule "nathelper.so" #modparam("nathelper", "natping_interval", 10) #modparam("nathelper", "ping_nated_only", 1) modparam("nathelper", "received_avp", "$avp(received_nh)") #modparam("nathelper", "sipping_from", "sip:pinger@MY_IP:MY_PORT") #### RTPENGINE module loadmodule "rtpengine.so" modparam("rtpengine", "rtpengine_sock", "udp:127.0.0.1:60000") #### PERMISSIONS module loadmodule "permissions.so" modparam("permissions", "db_url", "mysql://DB_USER:DB_PASS@DB_HOST:DB_PORT/DB_NAME") #### COMPRESSION module loadmodule "compression.so" #### SIPTRACE module loadmodule "siptrace.so" modparam("siptrace", "db_url", "mysql://DB_USER:DB_PASS@DB_HOST:DB_PORT/DB_NAME") modparam("siptrace", "trace_flag", "FLAG_TRACE") modparam("siptrace", "trace_on", 1) #### DOMAIN module loadmodule "domain.so" modparam("domain", "db_mode", 1) modparam("auth_db|usrloc|uri", "use_domain", 1) modparam("domain", "db_url", "mysql://DB_USER:DB_PASS@DB_HOST:DB_PORT/DB_NAME") #### PIKE module loadmodule "pike.so" modparam("pike", "check_route", "pike") #### DISPATCHER module loadmodule "dispatcher.so" modparam("dispatcher", "db_url", "mysql://DB_USER:DB_PASS@DB_HOST:DB_PORT/DB_NAME") #### Transport modules loadmodule "proto_udp.so" loadmodule "proto_tcp.so" # TLS params # TODO: TLS loadmodule "proto_tls.so" modparam("proto_tls", "verify_cert", "0") modparam("proto_tls", "require_cert", "0") modparam("proto_tls", "tls_method", "TLSv1") modparam("proto_tls", "certificate", "/usr/local/opensips_proxy/etc/opensips/tls/user/user-cert.pem") modparam("proto_tls", "private_key", "/usr/local/opensips_proxy/etc/opensips/tls/user/user-privkey.pem") modparam("proto_tls", "ca_list", "/usr/local/opensips_proxy/etc/opensips/tls/user/user-calist.pem") modparam("proto_tls", "tls_max_msg_chunks", 8) # TODO: WS loadmodule "proto_ws.so" ####### Routing Logic ######## # main request routing logic route{ force_rport(); if (nat_uac_test("23")) { if (is_method("REGISTER")) { fix_nated_register(); setbflag(NAT); } else { fix_nated_contact(); setflag(NAT); } } # TODO: WS if (proto == WS) setflag(SRC_WS); if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); exit; } if (has_totag()) { # sequential request withing a dialog should # take the path determined by record-routing if (loose_route() || match_dialog()) { topology_hiding_match(); # validate the sequential request against dialog if ( $DLG_status!=NULL && !validate_dialog() ) { xlog("In-Dialog $rm from $si (callid=$ci) is not valid according to dialog\n"); ## exit; } if (is_method("INVITE")) { # even if in most of the cases is useless, do RR for # re-INVITEs alos, as some buggy clients do change route set # during the dialog. record_route(); } if (check_route_param("nat=yes")) setflag(NAT); # route it out to whatever destination was set by loose_route() # in $du (destination URI). route(relay); } else { if (is_method("SUBSCRIBE") && $rd == "MY_IP") { # in-dialog subscribe requests route(handle_presence); exit; } if ( is_method("ACK") ) { if ( t_check_trans() ) { # non loose-route, but stateful ACK; must be an ACK after # a 487 or e.g. 404 from upstream server t_relay(); exit; } else { # ACK without matching transaction -> # ignore and discard exit; } } sl_send_reply("404","Not here"); } exit; } # CANCEL processing if (is_method("CANCEL")) { if (t_check_trans()) t_relay(); exit; } t_check_trans(); if (!(is_method("REGISTER"))) { if (check_source_address("0") || ds_is_in_list("$si", "$sp")) { xlog("From trusted IP address $si \n"); setflag(AUTH_DONE); } else if (is_from_local()) { # authenticate if from local subscriber # authenticate all initial non-REGISTER request that pretend to be # generated by local subscriber (domain from FROM URI is local) if (!proxy_authorize("", "subscriber")) { proxy_challenge("", "0"); exit; } if (!db_check_from()) { sl_send_reply("403","Forbidden auth ID"); exit; } consume_credentials(); # caller authenticated setflag(AUTH_DONE); } else { # if caller is not local, then called number must be local if (!is_uri_host_local()) { send_reply("403","Relay forbidden"); exit; } } } # preloaded route checking if (loose_route()) { xlog("L_ERR", "Attempt to route with preloaded Route's [$fu/$tu/$ru/$ci]"); if (!is_method("ACK")) sl_send_reply("403","Preload Route denied"); exit; } # record routing if (!is_method("REGISTER|MESSAGE")) record_route(); # account only INVITEs if (is_method("INVITE")) { # create dialog with timeout if (!create_dialog("B")) { send_reply("500","Internal Server Error"); exit; } if (!topology_hiding()) { send_reply("500","Internal Server Error"); exit; } trace_dialog(); } $avp(caller) = $fu; $avp(callee) = $ru; # requests for my domain if( is_method("PUBLISH|SUBSCRIBE")) route(handle_presence); if (is_method("REGISTER")) { if (!check_source_address("0")) { # authenticate the REGISTER requests if (!www_authorize("", "subscriber")) { www_challenge("", "0"); exit; } if (!db_check_to()) { sl_send_reply("403","Forbidden auth ID"); exit; } } if ( proto==TCP ) setflag(TCP_PERSISTENT); if (!save("location")) sl_reply_error(); exit; } if ($rU==NULL) { # request with no Username in RURI sl_send_reply("484","Address Incomplete"); exit; } # ended up here - route if (ds_is_in_list("$si", "$sp", "0")) { # coming from one of our Core Engines - send to client # do lookup with method filtering if (!lookup("location","m")) { if (!db_does_uri_exist()) { send_reply("420","Bad Extension"); exit; } # redirect to the VM system $du = "sip:MEDIA_IP:MEDIA_PORT"; route(relay); } t_on_failure("missed_call"); } else { if (!ds_select_dst("0", "4")) { send_reply("503","Service Error"); exit; } t_on_failure("gw_failure"); } # TODO: compression if (ds_is_in_list("$si", "$sp", "0")) { # for messages coming from the Core Engines, decompress the headers if (!mc_decompress()) { send_reply("503","Service Error"); exit; } } else { # for messages coming from the Core Engines, decompress the headers if (!mc_compress("1", "beh", "")) { send_reply("503","Service Error"); exit; } setflag(FROM_CLIENT); } if (isbflagset(NAT)) setflag(NAT); route(relay); } route[relay] { # for INVITEs enable some additional helper routes # TODO: WS if (is_method("INVITE")) { if (has_body("application/sdp") && isflagset(NAT)) { if (isflagset(SRC_WS) && isbflagset(DST_WS)) $var(rtpengine_flags) = "ICE=force-relay DTLS=passive"; else if (isflagset(SRC_WS) && !isbflagset(DST_WS)) $var(rtpengine_flags) = "RTP/AVP replace-session-connection replace-origin ICE=remove"; else if (!isflagset(SRC_WS) && isbflagset(DST_WS)) $var(rtpengine_flags) = "UDP/TLS/RTP/SAVPF ICE=force"; else if (!isflagset(SRC_WS) && !isbflagset(DST_WS)) $var(rtpengine_flags) = "RTP/AVP replace-session-connection replace-origin ICE=remove"; rtpengine_offer("$var(rtpengine_flags)"); } t_on_branch("per_branch_ops"); t_on_reply("handle_reply"); } else if (is_method("BYE|CANCEL")) { rtpengine_delete(); } if (isflagset(NAT)) add_rr_param(";nat=yes"); if (!t_relay()) { send_reply("500","Internal Error"); }; exit; } # Presence route route[handle_presence] { if (!t_newtran()) { sl_reply_error(); exit; } if(is_method("PUBLISH")) { handle_publish(); } else if( is_method("SUBSCRIBE")) { handle_subscribe(); } exit; } branch_route[per_branch_ops] { xlog("new branch at $ru\n"); } onreply_route[handle_reply] { if (nat_uac_test("1")) fix_nated_contact(); # TODO: compression route(reply_compression); # TODO: WS if (has_body("application/sdp") && isflagset(NAT)) { if (isflagset(SRC_WS) && isbflagset(DST_WS)) $var(rtpengine_flags) = "ICE=force-relay DTLS=passive"; else if (isflagset(SRC_WS) && !isbflagset(DST_WS)) $var(rtpengine_flags) = "UDP/TLS/RTP/SAVPF ICE=force"; else if (!isflagset(SRC_WS) && isbflagset(DST_WS)) $var(rtpengine_flags) = "RTP/AVP replace-session-connection replace-origin ICE=remove"; else if (!isflagset(SRC_WS) && !isbflagset(DST_WS)) $var(rtpengine_flags) = "RTP/AVP replace-session-connection replace-origin ICE=remove"; rtpengine_answer("$var(rtpengine_flags)"); } } route[reply_compression] { if (isflagset(FROM_CLIENT)) mc_decompress(); else mc_compress("1", "beh", ""); } failure_route[missed_call] { if (t_was_cancelled()) { exit; } # uncomment the following lines if you want to block client # redirect based on 3xx replies. ##if (t_check_status("3[0-9][0-9]")) { ##t_reply("404","Not found"); ## exit; ##} # redirect to the VM system if (t_check_status("486|408")) { # do not set the missed call flag again $ru = $avp(callee); $du = "sip:MEDIA_IP:MEDIA_PORT"; route(relay); } } failure_route[gw_failure] { if (t_was_cancelled()) { exit; } if ( t_check_status("(56)[0-9][0-9]") ) { if (!ds_next_dst()) { xlog ("next gateway $ru \n"); t_on_failure("gw_failure"); route(relay); exit; } else { send_reply("500","No other route found"); exit; } } } route[pike] { # don't verify trusted packages if (check_source_address("0") || ds_is_in_list("$si", "$sp") || $si =~ "^172.16.") drop; }