File: siproxd.conf.example

package info (click to toggle)
siproxd 1%3A0.8.1-4.1
  • links: PTS, VCS
  • area: main
  • in suites: buster, stretch
  • size: 3,960 kB
  • ctags: 986
  • sloc: ansic: 11,067; sh: 9,267; makefile: 421
file content (429 lines) | stat: -rw-r--r-- 15,631 bytes parent folder | download | duplicates (3)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
#
# /etc/siproxd.conf - siproxd configuration file
#
# !! This is a sample file, adapt it to your needs before using it !!
#
# !! Strings may contain spaces (since 0.8.1)
#

######################################################################
# The interface names of INBOUND and OUTBOUND interface.
#
#    If siproxd is not running on the host doing the masquerading
#    but on a host within the private network segment, "in front" of
#    the masquerading router: define if_inbound and if_outbound to
#    point to the same interface (the inbound interface). In *addition*
#    define 'host_outbound' to hold your external (public) IP address
#    or a hostname that resolves to that address (use a dyndns address for
#    example).
#
if_inbound  = eth0
if_outbound = ppp0
# uncomment the following line ONLY IF YOU KNOW WHAT YOU ARE DOING!
# READ THE FAQ FIRST!
#host_outbound = 1.2.3.4

######################################################################
# Access control.
#    Access lists in the form: IP/mask (ex. 10.0.0.1/24)
#    Multiple entries may be separated by commas NO SPACES ARE ALLOWED!!
#    Empty list means 'does not apply' - no filtering is done then.
#    For *allow* lists this means: always allow, for *deny* lists that
#    this means never deny.
#
#    hosts_allow_reg: defines nets from which we accept registrations
#                     Registrations are *ONLY* allowed from INBOUND!
#    hosts_allow_sip: defines nets from which we accept SIP traffic
#    hosts_deny_sip:  defines nets from which we deny SIP traffic
#
#    - The deny list takes precedence over the allow lists.
#    - The allow_reg list also implies allowance for sip.
#
#    Example for usage:
#      local private net -> allow_reg list
#      external nets (from which we accept incoming calls) -> allow_sip
#
#    NOTE: Improper setting here will result in dropped SIP packets!
#          Usually you do NOT want to define hosts_allow_sip!
#
#hosts_allow_reg = 192.168.1.8/24
#hosts_allow_sip = 123.45.0.0/16,123.46.0.0/16
#hosts_deny_sip  = 10.0.0.0/8,11.0.0.0/8


######################################################################
# Port to listen for incoming SIP messages.
#    5060 is usually the correct choice - don't change this unless you
#    know what you're doing
#
sip_listen_port = 5060


######################################################################
# Shall we daemonize?
#
# Disabling this will break the debian init script
daemonize = 1

######################################################################
# What shall I log to syslog?
#   0 - DEBUGs, INFOs, WARNINGs and ERRORs
#   1 - INFOs, WARNINGs and ERRORs (this is the default)
#   2 - WARNINGs and ERRORs
#   3 - only ERRORs
#   4 - absolutely nothing (be careful - you will have no way to
#                           see what siproxd is doing - or NOT doing)
silence_log = 1

######################################################################
# Secure Enviroment settings:
#   user:	uid/gid to switch to after startup
#   chrootjail:	path to chroot to (chroot jail)
user = siproxd 
chrootjail = /var/lib/siproxd/

######################################################################
# Memory settings
#
# THREAD_STACK_SIZE IS AN EXPERIMENTAL FEATURE!
# It may be used to reduce the stack size allocated
# by pthreads. This may reduce the overall memory footprint
# of siproxd and could be helpful on embedded systems.
# If you don't know what I'm saying above, do not enable this setting!
# USE AT YOUR OWN RISK! 
# Too small stack size may lead to unexplainable crashes!
#thread_stack_size = 512

######################################################################
# Registration file:
#   Where to store the current registrations.
#   An empty value means we do not save registrations. Make sure that
#   the specified directory path does exist!
#   Note: If running in chroot jail, this path starts relative
#         to the jail.
registration_file = /var/lib/siproxd/siproxd_registrations

######################################################################
# Automatically save current registrations every 'n' seconds
#
autosave_registrations = 300

######################################################################
# PID file:
#   Where to create the PID file.
#   This file holds the PID of the main thread of siproxd.
#   Note: If running in chroot jail, this path starts relative
#         to the jail.
# Let Debian init handle this
#pid_file = /var/run/siproxd/siproxd.pid

######################################################################
# global switch to control the RTP proxy behaviour
#       0 - RTP proxy disabled
#       1 - RTP proxy (UDP relay of siproxd)
#
# Note: IPCHAINS and IPTABLES(netfilter) support is no longer present!
#    
# RECOMMENDED for users who are behind nats    
rtp_proxy_enable = 1

######################################################################
# Port range to allocate listen ports from for incoming RTP traffic
#    This should be a range that is not blocked by the firewall
#
rtp_port_low  = 7070
rtp_port_high = 7089

######################################################################
# Timeout for RTP streams
#    after this number of seconds, an RTP stream is considered dead
#    and proxying for it will be stopped.
#    Be aware that this timeout also applies to streams that are
#    in HOLD.
#
rtp_timeout = 300

######################################################################
# DSCP value for sent RTP packets
#    The Differentiated Service Code Point is a selector for
#    router's per-hop behaviours.
#    RFC2598 defined a "expedited forwarding" service. This service
#    is designed to allow ISPs to offer a service with attributes
#    similar to a "leased line". This service offers the ULTIMATE IN LOW
#    LOSS, LOW LATENCY AND LOW JITTER by ensuring that there is always
#    sufficent room in output queues for the contracted expedited forwarding
#    traffic.
#    The Expedited Forwarding service has a DSCP of 46.
#    Putting a 0 here means that siproxd does NOT set the DSCP field.
#    Siproxd must be started as root for this to work.
#
rtp_dscp = 46

######################################################################
# DSCP value for sent SIP packets
#    Same as above but for SIP signalling.
#
sip_dscp = 0

######################################################################
# Dejitter value
#    Artificial delay to be used to de-jitter RTP data streams.
#    This time is in microseconds.
#    0 - completely disable dejitter (default)
#
rtp_input_dejitter  = 0
rtp_output_dejitter = 0

######################################################################
# TCP SIP settings:
# TCP inactivity timeout:
#    For TCP SIP signalling, this indicates the inactivity timeout
#    (seconds) after that an idling TCP connection is disconnected.
#    Note that making this too short may cause multiple parallell
#    registrations for the same phone. This timeout must be set larger
#    than the used registration interval.
#
tcp_timeout = 600
#
# Timeout for connection attempts in msec:
#    How many msecs shall siproxd wait for an successful connect
#    when establishing an outgoing SIP signalling connection. This
#    should be kept as short as possible as waiting for an TCP
#    connection to establish is a BLOCKING operation - while waiting
#    for a connect to succeed not SIP messages are processed (RTP is
#    not affected).
#
tcp_connect_timeout = 500
#
# TCP keepalive period
#    For TCP SIP signalling, if > 0 empty SIP packets will be sent
#    every 'n' seconds to keep the connection alive. Default is off.
#
tcp_keepalive = 20

######################################################################
# Proxy authentication
#    If proxy_auth_realm is defined (a string), clients will be forced
#    to authenticate themselfes at the proxy (for registration only).
#    To disable Authentication, simply comment out this line.
#    Note: The proxy_auth_pwfile is independent of the chroot jail.
#
#proxy_auth_realm = Authentication_Realm
#
# the (global) password to use (will be the same for all local clients)
#
#proxy_auth_passwd = password
#
# OR use individual per user passwords stored in a file
#
#proxy_auth_pwfile = /etc/siproxd_passwd.cfg
#
# 'proxy_auth_pwfile' has precedence over 'proxy_auth_passwd'

######################################################################
# Debug level... (setting to -1 will enable everything)
#
#  DBCLASS_BABBLE  0x00000001	   // babble (like entering/leaving func)
#  DBCLASS_NET     0x00000002	   // network
#  DBCLASS_SIP     0x00000004	   // SIP manipulations
#  DBCLASS_REG     0x00000008	   // Client registration
#  DBCLASS_NOSPEC  0x00000010	   // non specified class
#  DBCLASS_PROXY   0x00000020	   // proxy
#  DBCLASS_DNS     0x00000040	   // DNS stuff
#  DBCLASS_NETTRAF 0x00000080	   // network traffic
#  DBCLASS_CONFIG  0x00000100	   // configuration
#  DBCLASS_RTP     0x00000200	   // RTP proxy
#  DBCLASS_ACCESS  0x00000400	   // Access list evaluation
#  DBCLASS_AUTH    0x00000800	   // Authentication
#  DBCLASS_PLUGIN  0x00001000	   // Plugins
#  DCLASS_RTPBABL  0x00002000	   // RTP babble
#
debug_level =      0x00000000

######################################################################
# TCP debug port
#
# You may connect to this port from a remote machine and
# receive the debug output. This allows bettwer creation of
# odebug output on embedded systems that do not have enough
# memory for large disk files.
# Port number 0 means this feature is disabled.
#
debug_port = 0

######################################################################
# Mask feature (experimental)
#
# Some UAs will always use the host/ip they register with as
# host part in the registration record (which will be the inbound
# ip address / hostname of the proxy) and can not be told to use a
# different host part in the registration record (like sipphone, FWD,
# iptel, ...)
# This Mask feature allows to force such a UA to be masqueraded to
# use different host.
# -> Siemens SIP Phones seem to need this feature.
#
# Unles you really KNOW that you need this, don't enable it.
#
# mask_host=<inbound_ip/hostname>
# masked_host=<hostname_to_be_masqueraded_as>
#
# mask_host=10.0.1.1			-- inbound IP address of proxy
# masked_host=my.public.host		-- outbound hostname proxy

######################################################################
# User Agent Masquerading
#
# Siproxd can masquerade the User Agent string of your local UAs.
# Useful for Providers that do not work with some specific UAs
# (e.g. sipcall.ch - it does not work if your outgoing SIP
# traffic contains an Asterisk UA string...)
# Default is to do no replacement.
#
#ua_string = Siproxd-UA

######################################################################
# Use ;rport in via header
#
# may be required in some cases where you have a NAT router that
# remaps the source port 5060 to something different and the
# registrar sends back the responses to port 5060.
# Default is disabled
#   0 - do not add ;rport to via header
#   1 - do add ;rport to INCOMING via header only
#   2 - do add ;rport to OUTGOING via header only
#   3 - do add ;rport to OUTGOING and INCOMING via headers
#
# use_rport = 0

######################################################################
# Outbound proxy
#
# Siproxd itself can be told to send all traffic to another
# outbound proxy.
# You can use this feature to 'chain' multiple siproxd proxies
# if you have several masquerading firewalls to cross.
#
# outbound_proxy_host = my.outboundproxy.org
# outbound_proxy_port = 5060

######################################################################
# Outbound proxy (Provider specific)
#
# Outbound proxies can be specified on a per-domain base.
# This allows to use an outbound proxy needed for ProviderA
# and none (or another) for ProviderB.
#
#outbound_domain_name = freenet.de
#outbound_domain_host = proxy.for.domain.freende.de
#outbound_domain_port = 5060


######################################################################
# Loadable Plug-ins
#
# The plugins are loaded in the order they appear here. Also
# the processing order is given by the load order.
#
# plugin_dir: MUST be terminated with '/'
plugindir=/usr/lib/siproxd/
#
# List of plugins to load. MUST use the .la file extension!
# Debian changes to use the .so extensions
# see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=633224

#load_plugin=plugin_demo.so
#load_plugin=plugin_shortdial.so
load_plugin=plugin_logcall.so
#load_plugin=plugin_defaulttarget.so
#load_plugin=plugin_fix_bogus_via.so
#load_plugin=plugin_stun.so
#load_plugin=plugin_prefix.so
#load_plugin=plugin_regex.so


######################################################################
# Plugin_demo
#
plugin_demo_string = This_is_a_string_passed_to_the_demo_plugin


######################################################################
# Plugin_shortdial
#
# Quick Dial (Short Dial)
# ability to define quick dial numbers that can be accessed by
# dialing "*00" from a local phone. '00' corresponds to the entry number
# (pi_shortdial_entry) below. The '*' character can be chosen freely
# (pi_shortdial_akey).
# Note: If this module is enabled, there does NOT exist a way to dial
#       a "real" number like *01, siproxd will try to replace it by it's
#       quick dial entry.
#
# The first character is the "key", the following characters give
# the length of the number string. E.g. "*00" allows speed dials
# from *01 to *99. (the number "*100" will be passed through unprocessed)
plugin_shortdial_akey = *00
#
# *01 sipphone echo test
plugin_shortdial_entry = 17474743246
# *02 sipphone welcome message
plugin_shortdial_entry = 17474745000

######################################################################
# Plugin_defaulttarget
#
# Log redirects to syslog
plugin_defaulttarget_log = 1
# target must be a full SIP URI with the syntax
# sip:user@host[:port]
plugin_defaulttarget_target = sip:internal@dddd:port

######################################################################
# Plugin_fix_bogus_via
#
# Incoming (from public network) SIP messages are checked for broken
# SIP Via headers. If the IP address in the latest Via Header is
# part of the list below, it will be replaced by the IP where the
# SIP message has been received from.
plugin_fix_bogus_via_networks = 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16

######################################################################
# Plugin_stun
#
# Uses an external STUN server to determine the public IP
# address of siproxd. Useful for "in-front-of-NAT-router"
# scenarios.
plugin_stun_server = stun.xten.com
plugin_stun_port = 3478
# period in seconds to request IP info from STUN server
plugin_stun_period = 300

######################################################################
# Plugin_prefix
#
# unconditionally prefixes all outgoing calls with the
# "akey" prefix specified below.
plugin_prefix_akey = 0

######################################################################
# Plugin_regex
#
# Applies an extended regular expression to the 'To' URI. A typical
# SIP URI looks like (port number is optional):
# sip:12345@some.provider.net
# sips:12345@some.provider.net:5061
#
# Backreferences \1 .. \9 are supported. 
#
plugin_regex_desc    = Test Regex 1
plugin_regex_pattern = ^sip:00
plugin_regex_replace = +

plugin_regex_desc    = Test Regex 2
plugin_regex_pattern = ^sip:01
plugin_regex_replace = +a

plugin_regex_desc    = Test Regex 3
plugin_regex_pattern = ^(sips?):01
plugin_regex_replace = \1:001