Hajiba Ifrah
2017-02-28 18:46:32 UTC
Hi,
I have deployed flexisip, I can register and send text message
successfully, *but we cannot send voice or video.*
Any suggestions ?
**************************My configuration file is ***********************
##
## Some global settings of the flexisip proxy.
##
[global]
debug=true
# Verbosity of logs to output. Possible values are debug, message,
# warning and error
# Default value: error
log-level=error
# Log (on a different log domain) user errors like authentication,
# registration, routing, etc...
# Default value: false
user-errors-logs=false
# Generate a corefile when crashing. Note that by default linux
# will generate coredumps in '/' which is not so convenient. The
# following shell command can be added to /etc/rc.local in order
# to write core dumps a in specific directory, for example /home/cores:
# echo "/home/cores/core.%e.%t.%p" >/proc/sys/kernel/core_pattern
# Default value: true
dump-corefiles=true
# Automatically respawn flexisip in case of abnormal termination
# (crashes)
# Default value: true
auto-respawn=true
# List of white space separated host names pointing to this machine.
# This is to prevent loops while routing SIP messages.
# Default value: localhost
aliases=149.202.194.24 localhost 192.168.1.25 192.168.1.1
# Servers started by default when no --server option is specified
# on command line. Possible values are 'proxy', 'presence', separated
# by whitespaces.
# Default value: proxy
default-servers=proxy
# List of white space separated SIP uris where the proxy must listen.
# Wildcard (*) can be used to mean 'all local ip addresses'. If
# 'transport' prameter is unspecified, it will listen to both udp
# and tcp. A local address to bind onto can be indicated in the
# 'maddr' parameter, while the domain part of the uris are used
# as public domain or ip address.
# The 'sips' transport definitions accept two optional parameters:
# - 'tls-certificates-dir' taking for value a path, with the same
# meaning as the 'tls-certificates-dir' property of this section
# and overriding it for this given transport.
# - 'tls-verify-incoming' taking for value '0' or '1', to indicate
# whether clients connecting are required to present a valid client
# certificate. Default value is 0.
# - 'tls-verify-outgoing' taking for value '0' or '1', whether
# flexisip should check the peer certificate when it make an outgoing
# TLS connection to another server. Default value is 1.
# - 'require-peer-certificate' (deprecated) same as
tls-verify-incoming
# Specifying a sip uri with transport=tls is not allowed: the 'sips'
# scheme must be used. As requested by SIP RFC, IPv6 address must
# be enclosed within brakets.
# Here are some examples to understand:
# - listen on all local interfaces for udp and tcp, on standard
# port:
# transports=sip:*
# - listen on all local interfaces for udp,tcp and tls, on standard
# ports:
# transports=sip:* sips:*
# - listen only a specific IPv6 interface, on standard ports, with
# udp, tcp and tls
# transports=sip:[2a01:e34:edc3:4d0:7dac:4a4f:22b6:2083]
sips:[2a01:e34:edc3:4d0:7dac:4a4f:22b6:2083]
# - listen on tls localhost with 2 different ports and SSL certificates:
# transports=sips:localhost:5061;tls-certificates-dir=path_a
sips:localhost:5062;tls-certificates-dir=path_b
# - listen on tls localhost with 2 peer certificate requirements:
# transports=sips:localhost:5061;tls-verify-incoming=0
sips:localhost:5062;tls-verify-incoming=1
# - listen on 192.168.0.29:6060 with tls, but public hostname is
# 'sip.linphone.org' used in SIP messages. Bind address won't appear
# in messages:
# transports=sips:sip.linphone.org:6060;maddr=192.168.0.29
# Default value: sip:*
transports=sip:* sips:*
# Path to the directory where TLS server certificate and private
# key can be found, concatenated inside an 'agent.pem' file. Any
# chain certificates must be put into a file named 'cafile.pem'.
# The setup of agent.pem, and eventually cafile.pem is required
# for TLS transport to work.
# Default value: /etc/flexisip/tls
tls-certificates-dir=/etc/flexisip/tls
# Time interval in seconds after which inactive connections are
# closed.
# Default value: 3600
idle-timeout=3600
# Require client certificate from peer (inbound connections only).
# Default value: false
require-peer-certificate=false
# SIP transaction timeout in milliseconds. It is T1*64 (32000 ms)
# by default.
# Default value: 32000
transaction-timeout=32000
# The UDP MTU. Flexisip will fallback to TCP when sending a message
# whose size exceeds the UDP MTU. Please read http://sofia-sip.sourceforge.
net/refdocs/nta/nta__tag_8h.html#a6f51c1ff713ed4b285e95235c4cc999a
# for more details. If sending large packets over UDP is not a problem,
# then set a big value such as 65535. Unlike the recommandation
# of the RFC, the default value of UDP MTU is 1460 in Flexisip (instead
# of 1300).
# Default value: 1460
udp-mtu=1460
# Enable SNMP.
# Default value: true
enable-snmp=true
# Unique ID used to identify that instance of Flexisip. It must
# be a randomly generated 16-sized hexadecimal number. If empty,
# it will be randomly generated at each start of Flexisip.
# Default value:
unique-id=
# Allow flexisip to use maddr in sips connections to verify the
# CN of the TLS certificate
# Default value: false
use-maddr=false
##
## Should the server be part of a cluster, this section enable to
## describe the topology of the cluster.
##
[module::Transcoder]
enabled=true
[cluster]
# Set to 'true' if that node is part of a cluster
# Default value: false
enabled=false
# List of IP addresses of all nodes present in the cluster
# Default value:
nodes=
##
## Flexisip monitor parameters
##
[monitor]
# Enable or disable the Flexisip monitor daemon
# Default value: false
enabled=false
# Time between two consecutive tests
# Default value: 30
test-interval=30
# Path to the log file
# Default value: /etc/flexisip/flexisip_monitor.log
logfile=/etc/flexisip/flexisip_monitor.log
# Port to open/close folowing the test succeed or not
# Default value: 12345
switch-port=12345
# Salt used to generate the passwords of each test account
# Default value:
password-salt=
##
## STUN server parameters.
##
[stun-server]
# Enable or disable stun server.
# Default value: true
enabled=true
# Local ip address where to bind the socket.
# Default value: 0.0.0.0
bind-address=0.0.0.0
# STUN server port number.
# Default value: 3478
port=3478
##
## Event logs contain per domain and user information about processed
## registrations, calls and messages.
##
[event-logs]
# Enable event logs.
# Default value: false
enabled=false
# Define logger for storing logs. It supports "filesystem" and "database".
# Default value: filesystem
logger=filesystem
# Directory where event logs are written as a filesystem (case when
# filesystem output is choosed).
# Default value: /var/log/flexisip
dir=/var/log/flexisip
# Choose the type of backend that Soci will use for the connection.
# Depending on your Soci package and the modules you installed,
# the supported databases are:`mysql` and `sqlite3`
# Default value: mysql
database-backend=mysql
# The configuration parameters of the backend.
# The basic format is "key=value key2=value2". For a mysql backend,
# this is a valid config: "db=mydb user=user password='pass' host=myhost.com
".
# Please refer to the Soci documentation of your backend, for instance:
# http://soci.sourceforge.net/doc/3.2/backends/mysql.
htmlhttp://soci.sourceforge.net/doc/3.2/backends/sqlite3.html
# Default value: db='mydb' user='myuser' password='mypass' host='myhost.com
'
database-connection-string=db='mydb' user='myuser' password='mypass' host='
myhost.com'
# Amount of queries that will be allowed to be queued before bailing
# password requests.
# This value should be chosen accordingly with 'database-nb-threads-max',
# so that you have a coherent behavior.
# This limit is here mainly as a safeguard against out-of-control
# growth of the queue in the event of a flood or big delays in the
# database backend.
# Default value: 100
database-max-queue-size=100
# Maximum number of threads for writing in database.
# If you get a `database is locked` error with sqlite3, you must
# set this variable to 1.
# Default value: 10
database-nb-threads-max=10
##
## This module bans user when they are sending too much packets within
## a given timeframe. To see the list of currently banned IPs/ports,
## use iptables -L.
##
[module::DoSProtection]
# Indicate whether the module is activated.
# Default value: true
enabled=true
# A request/response enters module if the boolean filter evaluates
# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
# && (user-agent == 'Linphone v2')
# Default value:
filter=
# Number of milliseconds to consider to compute the packet rate
# Default value: 3000
time-period=3000
# Maximum packet rate in packets/seconds, averaged over [time-period]
# millisecond(s) to consider it as a DoS attack.
# Default value: 20
packet-rate-limit=20
# Number of minutes to ban the ip/port using iptables
# Default value: 2
ban-time=2
# Name of the chain flexisip will create to store the banned IPs
# Default value: FLEXISIP
iptables-chain=FLEXISIP
##
## The SanitCheck module checks that required fields of a SIP message
## are present to avoid unecessary checking while processing message
## further. If the message doesn't meet these sanity check criterias,
## then it is stopped and bad request response is sent.
##
[module::SanityChecker]
# Indicate whether the module is activated.
# Default value: true
enabled=true
# A request/response enters module if the boolean filter evaluates
# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
# && (user-agent == 'Linphone v2')
# Default value:
filter=
##
## The ModuleGarbageIn module collects incoming garbage and prevent
## any further processing.
##
[module::GarbageIn]
# Indicate whether the module is activated.
# Default value: false
enabled=false
# A request/response enters module if the boolean filter evaluates
# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
# && (user-agent == 'Linphone v2')
# Default value: false
filter=false
##
## The NatHelper module executes small tasks to make SIP work smoothly
## despite firewalls.It corrects the Contact headers that contain
## obviously inconsistent addresses, and adds a Record-Route to ensure
## subsequent requests are routed also by the proxy, through the
## UDP or TCP channel each client opened to the proxy.
##
[module::NatHelper]
# Indicate whether the module is activated.
# Default value: true
enabled=true
# A request/response enters module if the boolean filter evaluates
# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
# && (user-agent == 'Linphone v2')
# Default value:
filter=
# Internal URI parameter added to response contact by first proxy
# and cleaned by last one.
# Default value: verified
contact-verified-param=verified
# Fix record-routes, to workaround proxies behind firewalls but
# not aware of it.
# Default value: false
fix-record-routes=false
# Policy to recognize nat'd record-route and fix them. There are
# two modes: 'safe' and 'always'
# Default value: safe
fix-record-routes-policy=safe
##
## The authentication module challenges and authenticates SIP requests
## using two possible methods:
## * if the request is received via a TLS transport and
'require-peer-certificate'
## is set in transport definition in [Global] section for this transport,
## then the From header of the request is matched with the CN claimed
## by the client certificate. The CN must contain sip:***@domain
## or alternate name with URI=sip:***@domain corresponding to the
## URI in the from header for the request to be accepted.
## * if no TLS client based authentication can be performed, or
## is failed, then a SIP digest authentication is performed. The
## password verification is made by querying a database or a password
## file on disk.
##
[module::Authentication]
# Indicate whether the module is activated.
# Default value: false
enabled=true
# A request/response enters module if the boolean filter evaluates
# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
# && (user-agent == 'Linphone v2')
# Default value:
filter=
# List of whitespace separated domain names to challenge. Others
# are denied.
# Default value: localhost
auth-domains=149.202.194.24 localhost
# List of whitespace separated IP which will not be challenged.
# Default value:
trusted-hosts=localhost 149.202.194.24
# Database backend implementation [odbc,soci,file,fixed].
# Default value: fixed
db-implementation=file
# Odbc connection string to use for connecting to database. ex1:
# DSN=myodbc3; where 'myodbc3' is the datasource name. ex2:
DRIVER={MySQL};SERVER=host;DATABASE=db;USER=user;PASSWORD=pass;OPTION=3;
# for a DSN-less connection. ex3: /etc/flexisip/passwd; for a file
# containing one '***@domain password' by line.
# Default value:
datasource=/etc/flexisip/users.db.txt
# Expiration time of nonces, in seconds.
# Default value: 3600
nonce-expires=3600
# Duration of the validity of the credentials added to the cache
# in seconds.
# Default value: 1800
cache-expire=1800
# True if retrieved passwords from the database are hashed. HA1=MD5(A1)
# = MD5(username:realm:pass).
# Default value: false
hashed-passwords=false
# Don't reply 403, but 401 or 407 even in case of wrong authentication.
# Default value: false
no-403=false
# List of whitespace separated username or ***@domain CN which
# will trusted. If no domain is given it is computed.
# Default value:
trusted-client-certificates=
# When receiving a proxy authenticate challenge, generate a new
# challenge for this proxy.
# Default value: false
new-auth-on-407=false
# Enable a feature useful for automatic tests, allowing a client
# to create a temporary account in the password database in memory.This
# MUST not be used for production as it is a real security hole.
# Default value: false
enable-test-accounts-creation=false
# Disable the QOP authentication method. Default is to use it, use
# this flag to disable it if needed.
# Default value: false
disable-qop-auth=false
# Odbc SQL request to execute to obtain the password
# . Named parameters are :id (the user found in the from header),
# :domain (the authorization realm) and :authid (the authorization
# username). The use of the :id parameter is mandatory.
# Default value: select password from accounts where id = :id and domain =
:domain and authid=:authid
request=select password from accounts where id = :id and domain = :domain
and authid=:authid
# Use pooling in ODBC (improves performances). This is not guaranteed
# to succeed, because if you are using unixODBC, it consults the
# /etc/odbcinst.inifile in section [ODBC] to check for Pooling=yes/no
# option. You should make sure that this flag is set before expecting
# this option to work.
# Default value: true
odbc-pooling=true
# Display timing statistics after this count of seconds
# Default value: 0
odbc-display-timings-interval=0
# Display timing statistics once the number of samples reach this
# number.
# Default value: 0
odbc-display-timings-after-count=0
# Soci SQL request to execute to obtain the password.
# Named parameters are:
# -':id' : the user found in the from header,
# -':domain' : the authorization realm, and
# -':authid' : the authorization username.
# The use of the :id parameter is mandatory.
# Default value: select password from accounts where id = :id and domain =
:domain and authid=:authid
soci-password-request=select password from accounts where id = :id and
domain = :domain and authid=:authid
# Soci SQL request to execute to obtain the username associated
# with a phone alias.
# Named parameters are:
# -':phone' : the phone number to search for.
# The use of the :phone parameter is mandatory.
# Default value: select login from accounts where phone = :phone
soci-user-with-phone-request=select login from accounts where phone = :phone
# Size of the pool of connections that Soci will use. We open a
# thread for each DB query, and this pool will allow each thread
# to get a connection.
# The threads are blocked until a connection is released back to
# the pool, so increasing the pool size will allow more connections
# to occur simultaneously.
# On the other hand, you should not keep too many open connections
# to your DB at the same time.
# Default value: 100
soci-poolsize=100
# Choose the type of backend that Soci will use for the connection.
# Depending on your Soci package and the modules you installed,
# this could be 'mysql', 'oracle', 'postgresql' or something else.
# Default value: mysql
soci-backend=mysql
# The configuration parameters of the Soci backend.
# The basic format is "key=value key2=value2". For a mysql backend,
# this is a valid config: "db=mydb user=user password='pass' host=myhost.com
".
# Please refer to the Soci documentation of your backend, for intance:
# http://soci.sourceforge.net/doc/3.2/backends/mysql.html
# Default value: db=mydb user=myuser password='mypass' host=myhost.com
soci-connection-string=db=mydb user=myuser password='mypass' host=myhost.com
# Amount of queries that will be allowed to be queued before bailing
# password requests.
# This value should be chosen accordingly with 'soci-poolsize',
# so that you have a coherent behavior.
# This limit is here mainly as a safeguard against out-of-control
# growth of the queue in the event of a flood or big delays in the
# database backend.
# Default value: 1000
soci-max-queue-size=1000
##
## This module redirect sip request with a 302 move temporarily.
##
[module::Redirect]
# Indicate whether the module is activated.
# Default value: false
enabled=false
# A request/response enters module if the boolean filter evaluates
# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
# && (user-agent == 'Linphone v2')
# Default value:
filter=
# A contact where to redirect requests. ex: <sip:127.0.0.1:5065>;expires=100
# Default value:
contact=
##
## The ModuleRegistrar module accepts REGISTERs for domains it manages,
## and store the address of record in order to allow routing requests
## destinated to the client who registered.
##
[module::Registrar]
# Indicate whether the module is activated.
# Default value: true
enabled=true
# A request/response enters module if the boolean filter evaluates
# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
# && (user-agent == 'Linphone v2')
# Default value:
filter=
# List of whitespace separated domain names to be managed by the
# registrar. It can eventually be the '*' (wildcard) in order to
# match any domain name.
# Default value: localhost
reg-domains=149.202.194.24 localhost
# Register users based on response obtained from a back-end server.
# This mode is for using flexisip as a front-end server to hold
# client connections but registeracceptance is deferred to backend
# server to which the REGISTER is routed.
# Default value: false
reg-on-response=false
# Maximum number of registered contacts of an address of record.
# Default value: 12
max-contacts-by-aor=12
# List of contact uri parameters that can be used to identify a
# user's device. The contact parameters are searched in the order
# of the list, the first matching parameter is used and the others
# ignored.
# Default value: +sip.instance pn-tok line
unique-id-parameters=+sip.instance pn-tok line
# Maximum expire time for a REGISTER, in seconds.
# Default value: 86400
max-expires=86400
# Minimum expire time for a REGISTER, in seconds.
# Default value: 60
min-expires=60
# Set a value that will override expire times given by REGISTER
# requests. A null or negative value disables that feature. If it
# is enabled, max-expires and min-expires will not have any effect.
# Default value: -1
force-expires=-1
# File containing the static records to add to database at startup.
# Format: one 'sip_uri contact_header' by line. Example:
# <sip:***@domain> <sip:127.0.0.1:5460>,<sip:192.168.0.1:5160>
# Default value:
static-records-file=
# Timeout in seconds after which the static records file is re-read
# and the contacts updated.
# Default value: 600
static-records-timeout=600
# Implementation used for storing address of records contact uris.
# [redis, internal]
# Default value: internal
db-implementation=internal
# Domain of the redis server.
# Default value: localhost
redis-server-domain=localhost
# Port of the redis server.
# Default value: 6379
redis-server-port=6379
# Authentication password for redis. Empty to disable.
# Default value:
redis-auth-password=
# Timeout in milliseconds of the redis connection.
# Default value: 1500
redis-server-timeout=1500
# Serialize contacts with: [C, protobuf, json, msgpack]
# Default value: protobuf
redis-record-serializer=protobuf
# When Redis is configured in master-slave, flexisip will periodically
# ask what are the slaves and the master.This is the period with
# which it will query the server.It will then determine whether
# is is connected to the master, and if not, let go of the connection
# and migrate to the master.Note: This requires that all redis instances
# have the same password. Otherwise the authentication will fail.
# Default value: 60
redis-slave-check-period=60
# Sequence of proxies (space-separated) where requests will be redirected
# through (RFC3608)
# Default value:
service-route=
# Maximum percentage of the REGISTER expire to randomly remove,
# 0 to disable
# Default value: 0
register-expire-randomizer-max=0
##
## The purpose of the StatisticsCollector module is to collect call
## statistics (RFC 6035) and store them on the server.
##
[module::StatisticsCollector]
# Indicate whether the module is activated.
# Default value: false
enabled=false
# A request/response enters module if the boolean filter evaluates
# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
# && (user-agent == 'Linphone v2')
# Default value:
filter=
# SIP URI of the statistics collector. Note that application/vq-rtcpxr
# messages for this address will be deleted by this module and thus
# not be delivered.
# Default value:
collector-address=
##
## The ModuleRouter module routes requests for domains it manages.
##
[module::Router]
# Indicate whether the module is activated.
# Default value: true
enabled=true
# A request/response enters module if the boolean filter evaluates
# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
# && (user-agent == 'Linphone v2')
# Default value:
filter=
# Store and retrieve contacts without using the domain.
# Default value: false
use-global-domain=false
# Fork messages to all registered devices
# Default value: true
fork=true
# Force forking and thus the creation of an outgoing transaction
# even when only one contact found
# Default value: true
stateful=true
# Fork invites to late registers
# Default value: false
fork-late=false
# All the forked have to decline in order to decline the caller
# invite
# Default value: false
fork-no-global-decline=false
# Treat 603 Declined answers as urgent. Only relevant if
fork-no-global-decline
# is set to true.
# Default value: false
treat-decline-as-urgent=false
# During a fork procedure, treat all failure response as urgent
# Default value: false
treat-all-as-urgent=false
# Maximum time for a call fork to try to reach a callee, in seconds.
# Default value: 90
call-fork-timeout=90
# Maximum time before delivering urgent responses during a call
# fork, in seconds. The typical fork process requires to wait the
# best response from all branches before transmitting it to the
# client. However some error responses are retryable immediately
# (like 415 unsupported media, 401, 407) thus it is painful for
# the client to need to wait the end of the transaction time (32
# seconds) for these error codes.
# Default value: 5
call-fork-urgent-timeout=5
# Optional timer to detect lack of push response, in seconds.
# Default value: 0
call-push-response-timeout=0
# Fork messages to client registering lately.
# Default value: true
message-fork-late=true
# Maximum duration for delivering a text message. This property
# applies only if message-fork-late if set to true, otherwise the
# duration can't exceed the normal transaction duration.
# Default value: 3600
message-delivery-timeout=3600
# Maximum duration for accepting a text message if no response is
# received from any recipients. This property is meaningful when
# message-fork-late is set to true.
# Default value: 15
message-accept-timeout=15
# During a call forking, allow several INVITEs going to the same
# next hop to be grouped into a single one. A proprietary custom
# header 'X-target-uris' is added to the INVITE to indicate the
# final targets of the INVITE.
# Default value: false
allow-target-factorization=false
# Generate a contact from the TO header and route it to the above
# destination. [sip:host:port]
# Default value:
generated-contact-route=
# Require presence of authorization header for specified realm.
# [Realm]
# Default value:
generated-contact-expected-realm=
# Generate a contact route even on filled AOR.
# Default value: false
generate-contact-even-on-filled-aor=false
# Remove to tag from 183, 180, and 101 responses to workaround buggy
# gateways
# Default value: false
remove-to-tag=false
# rewrite username with given value.
# Default value:
preroute=
##
## This module performs push notifications to mobile phone notification
## systems: apple, android, windows, as well as a generic http get/post
## to a custom server to which actual sending of the notification
## is delegated. The push notification is sent when an INVITE or
## MESSAGE request is not answered by the destination of the request
## within a certain period of time, configurable hereunder as 'timeout'
## parameter.
##
[module::PushNotification]
# Indicate whether the module is activated.
# Default value: false
enabled=false
# A request/response enters module if the boolean filter evaluates
# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
# && (user-agent == 'Linphone v2')
# Default value:
filter=
# Number of second to wait before sending a push notification to
# device(if <=0 then disabled)
# Default value: 5
timeout=5
# Maximum number of notifications queued for each client
# Default value: 100
max-queue-size=100
# Default time to live for the push notifications, in seconds. This
# parameter shall be set according to mDeliveryTimeout parameter
# in ForkContext.cc
# Default value: 2592000
time-to-live=2592000
# Enable push notification for apple devices
# Default value: true
apple=true
# Path to directory where to find Apple Push Notification service
# certificates. They should bear the appid of the application, suffixed
# by the release mode and .pem extension. For example: org.linphone.dev.pem
# org.linphone.prod.pem com.somephone.dev.pem etc... The files should
# be .pem format, and made of certificate followed by private key.
# This is also the path to the directory where to find Voice Over
# IP certificates (certicates to use PushKit).They should bear the
# appid of the application, suffixed by the release mode and .pem
# extension, and made of certificate followed by private key. For
# example: org.linphone.voip.dev.pem org.linphone.voip.prod.pem
# com.somephone.voip.dev.pem etc...
# Default value: /etc/flexisip/apn
apple-certificate-dir=/etc/flexisip/apn
# Enable push notification for android devices
# Default value: true
google=true
# List of couples projectId:ApiKey for each android project that
# supports push notifications
# Default value:
google-projects-api-keys=
# Enable push notification for windows phone 8 devices
# Default value: true
windowsphone=true
# Unique identifier for your Windows Store app. For example:
ms-app://s-1-15-2-2345030743-3098444494-743537440-5853975885-5950300305-
5348553438-505324794
# Default value:
windowsphone-package-sid=
# Client secret. For example: Jrp1UoVt4C6CYpVVJHUPdcXLB1pEdRoB
# Default value:
windowsphone-application-secret=
# Set the badge value to 0 for apple push
# Default value: false
no-badge=false
# Instead of having Flexisip sending the push notification directly
# to the Google/Apple/Microsoft push servers, send an http request
# to an http server with all required information encoded in URL,
# to which the actual sending of the push notification is delegated.
# The following arguments can be substitued in the http request
# uri, with the following values:
# - $type : apple, google, wp
# - $token : device token
# - $api-key : the api key to use (google only)
# - $app-id : application ID
# - $from-name : the display name in the from header
# - $from-uri : the sip uri of the from header
# - $from-tag : the tag of the from header
# - $to-uri : the sip uri of the to header
# - $call-id : the call-id of the INVITE or MESSAGE request
# - $event : call, message
# - $sound : the sound file to play with the notification
# - $msgid : the message id to put in the notification
# - $uid :
#
# The content of the text message is put in the body of the http
# request as text/plain, if any.
# Example: http://292.168.0.2/$type/$event?from-uri=$from-uri&tag=$
from-tag&callid=$callid&to=$to-uri
# Default value:
external-push-uri=
# Method for reaching external-push-uri, typically GET or POST
# Default value: GET
external-push-method=GET
##
## The MediaRelay module masquerades SDP message so that all RTP
## and RTCP streams go through the proxy. The RTP and RTCP streams
## are then routed so that each client receives the stream of the
## other. MediaRelay makes sure that RTP is ALWAYS established, even
## with uncooperative firewalls.
##
[module::MediaRelay]
# Indicate whether the module is activated.
# Default value: true
enabled=true
# A request/response enters module if the boolean filter evaluates
# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
# && (user-agent == 'Linphone v2')
# Default value:
filter=
# SDP attribute set by the first proxy to forbid subsequent proxies
# to provide relay. Use 'disable' to disable.
# Default value: nortpproxy
nortpproxy=nortpproxy
# The minimal value of SDP port range
# Default value: 1024
sdp-port-range-min=10000
# The maximal value of SDP port range
# Default value: 65535
sdp-port-range-max=20000
# Sends a ACK and BYE to 200Ok for INVITEs not belonging to any
# established call.
# Default value: false
bye-orphan-dialogs=false
# Maximum concurrent calls processed by the media-relay. Calls arriving
# when the limit is exceed will be rejected. A value of 0 means
# no limit.
# Default value: 0
max-calls=0
# When true, the 'c=' line and port number are set to the relay
# ip/port even if ICE candidates are present in the request. This
# is allow non-ice clients to have their streams relayed.
# Default value: true
force-relay-for-non-ice-targets=true
# Prevent media-relay ports to loop between them, which can cause
# 100% cpu on the media relay thread.You need to set this property
# to false if you are running test calls from clients running on
# the same IP address as the flexisip server
# Default value: true
prevent-loops=true
# In case multiples 183 Early media responses are received for a
# call, only the first one will have RTP streams forwarded back
# to caller. This feature prevents the caller to receive 'mixed'
# streams, but it breaks scenarios where multiple servers play early
# media announcement in sequence.
# Default value: true
early-media-relay-single=true
# Maximum number of relayed early media streams per call. This is
# useful to limit the cpu usage due to early media relaying on embedded
# systems. A value of 0 stands for unlimited.
# Default value: 0
max-early-media-per-call=0
# Period of time in seconds, after which a relayed call without
# any activity is considered as no longer running. Activity counts
# RTP/RTCP packets exchanged through the relay and SIP messages.
# Default value: 3600
inactivity-period=3600
##
## This module executes the basic routing task of SIP requests and
## pass them to the transport layer. It must always be enabled.
##
[module::Forward]
# Indicate whether the module is activated.
# Default value: true
enabled=true
# A request/response enters module if the boolean filter evaluates
# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
# && (user-agent == 'Linphone v2')
# Default value:
filter=
# A sip uri representing a default where to send all requests not
# already resolved. This is the typical way to setup a Flexisip
# proxy server acting as a front-end for backend SIP server.
# Default value:
route=
# Add a path header of this proxy
# Default value: true
add-path=true
# Rewrite request-uri's host and port according to above route
# Default value: false
rewrite-req-uri=false
# List of URL and contact params to remove
# Default value: pn-tok pn-type app-id pn-msg-str pn-call-str pn-call-snd
pn-msg-snd pn-timeout
params-to-remove=pn-tok pn-type app-id pn-msg-str pn-call-str pn-call-snd
pn-msg-snd pn-timeout
##
## Inter domain connections is a set of feature allowing to dynamically
## connect several flexisip servers together in order to manage SIP
## routing at local and global scope. Let's suppose you have two
## SIP network a.example.net and b.example.net run privately and
## independently (no one from a.example.net needs to call someone
## at b.example.net). However, when people from a and b are outside
## of their network, they register to a worldwide available flexisip
## instance running on 'global.example.net'. It is then possible
## to:
## * have calls made within a.example.net routed locally and sent
## to global.example.net in order to reach users inside and outside
## of a's network. Example: ***@a.example.net calls ***@a.example.net.
## If 2 is registered on a.example.net then the call is routed locally.
## On the contrary if 2 is absent and registered, the call is then
## sent to global.example.net and then routed by the global proxy.
## * when global.example.net receives a call from a user not within
## its native network (ex: ***@a.example.net calls ***@a.example.net),
## it can route this call to the proxy that is responsible for managing
## the local domain (a.example.net).
## This system is dynamic, that is the physical IP address of a and
## b network can change (dynamic ip address)
## .This scenario is achieved with two key features:
## * a.example.net sends a REGISTER to global.example.net to indicate
## that it is the responsible for the entire domain a.example.net.
## The global.example.net authenticates this REGISTER thanks to TLS
## client certificate presented by a.example.net.
## * global.example.net is configured to accept this domain registration
## and route all calls it receives directly and estinated to a.example.net
## domain through the connection established by a.example.net during
## the domain registration.
##
[inter-domain-connections]
# Whether flexisip shall accept registrations for entire domains
# Default value: false
accept-domain-registrations=false
# Whether flexisip shall assume that there is a unique server per
# registered domain, which allows to clean old registrations and
# simplifies the routing logic.
# Default value: false
assume-unique-domains=false
# Path to a text file describing the domain registrations to make.
# This file must contains lines like:
# <local domain name> <SIP URI of proxy/registrar where to send
# the domain REGISTER>
# where:
# <local domain name> is a domain name managed locally by this
# proxy
# <SIP URI of proxy/registrar> is the SIP URI where the domain
# registration will be sent. The special uri parameter 'tls-certificate-dir'
# is understood in order to specify a TLS client certificate to
# present to the remote proxy.
# If the file is absent or empty, no registrations are done.
# Default value: /etc/flexisip/domain-registrations.conf
domain-registrations=/etc/flexisip/domain-registrations.conf
# When submitting a domain registration to a server over TLS, verify
# the certificate presented by the server. Disabling this option
# is only for test, because it is a security flaw
# Default value: true
verify-server-certs=true
# Interval in seconds for sending \r\n\r\n keepalives throug the
# outgoing domain registration connection.A value of zero disables
# keepalives.
# Default value: 30
keepalive-interval=30
*****************************My log**************************
2017-02-28 12:53:45:656 flexisip-debug-Invoking onRequest() on module
DoSProtection
2017-02-28 12:53:45:656 flexisip-debug-Invoking onRequest() on module
SanityChecker
2017-02-28 12:53:45:656 flexisip-debug-Skipping onRequest() on module
GarbageIn
2017-02-28 12:53:45:656 flexisip-debug-Invoking onRequest() on module
NatHelper
2017-02-28 12:53:45:656 flexisip-debug-Invoking onRequest() on module
Authentication
2017-02-28 12:53:45:656 flexisip-debug-New IncomingTransaction 0x1b3da30
2017-02-28 12:53:45:656 flexisip-debug-nta_incoming_create: created
incoming transaction 0x1b48140
2017-02-28 12:53:45:656 flexisip-debug-Searching for auth digest response
for this proxy
2017-02-28 12:53:45:656 flexisip-debug-auth_digest_response_get: 12
2017-02-28 12:53:45:656 flexisip-debug-Examining auth digest response titi
149.202.194.24
2017-02-28 12:53:45:656 flexisip-debug-Expected realm found : 149.202.194.24
2017-02-28 12:53:45:656 flexisip-debug-auth_digest_response_get: 12
2017-02-28 12:53:45:656 flexisip-debug-Using auth digest response for realm
149.202.194.24
2017-02-28 12:53:45:657 flexisip-error-Bad nonce count -1 -> 4 for
8t5f3AAAAABHat48AAA2YDv4T58AAAAA
2017-02-28 12:53:45:657 flexisip-debug-New nonce
SeNf3AAAAADaRpQoAAAuQ81yzyYAAAAA
2017-02-28 12:53:45:657 flexisip-debug-Replying Request SIP message: 401
Unauthorized
2017-02-28 12:53:45:657 flexisip-debug-tport_tsend(0x1b08db0) tpn = UDP/
192.168.1.1:5060
2017-02-28 12:53:45:657 flexisip-debug-tport_resolve addrinfo =
192.168.1.1:5060
2017-02-28 12:53:45:657 flexisip-debug-tport_by_addrinfo(0x1b08db0): not
found by name UDP/192.168.1.1:5060
2017-02-28 12:53:45:657 flexisip-debug-tport_vsend returned 459
2017-02-28 12:53:45:657 flexisip-debug-nta: sent 401 Unauthorized for
REGISTER (24)
2017-02-28 12:53:45:657 flexisip-debug-nta: timer set to 32000 ms
2017-02-28 12:53:45:657 flexisip-debug-nta_incoming_destroy: 0x1b48140
2017-02-28 12:53:45:657 flexisip-debug-Terminate SipEvent 0x1b3d7e0
2017-02-28 12:53:45:657 flexisip-debug-Delete IncomingTransaction 0x1b3da30
2017-02-28 12:53:47:308 flexisip-debug-Call id 1670685479
2017-02-28 12:53:47:308 flexisip-debug-There are 1 calls active in the
MediaRelay call list.
2017-02-28 12:53:47:843 flexisip-debug-tport_wakeup_pri(0x1b08db0): events
IN
2017-02-28 12:53:47:843 flexisip-debug-tport_recv_event(0x1b08db0)
2017-02-28 12:53:47:843 flexisip-debug-tport_recv_iovec(0x1b08db0) msg
0x1b3f510 from (udp/192.168.1.25:5060) has 966 bytes, veclen = 1
2017-02-28 12:53:47:844 flexisip-debug-tport_deliver(0x1b08db0): msg
0x1b3f510 (966 bytes) from udp/192.168.1.1:5060 next=(nil)
2017-02-28 12:53:47:844 flexisip-debug-nta: received REGISTER
sip:149.202.194.24 SIP/2.0 (CSeq 25)
2017-02-28 12:53:47:844 flexisip-debug-nta: Via check: received=192.168.1.1
2017-02-28 12:53:47:844 flexisip-debug-nta: REGISTER (25) to message
callback
2017-02-28 12:53:47:844 flexisip-debug-New SipEvent 0x1b48cb0 - msg
0x1b3f510
2017-02-28 12:53:47:844 flexisip-debug-Receiving new Request SIP message
REGISTER from sip:***@149.202.194.24 :
REGISTER sip:149.202.194.24 SIP/2.0
Via: SIP/2.0/UDP 192.168.0.100:5060;branch=z9hG4bK.Jx2ol3wXh;rport=5060;
received=192.168.1.1
From: <sip:***@149.202.194.24>;tag=r65I5IfL6
To: sip:***@149.202.194.24
CSeq: 25 REGISTER
Call-ID: 7bQz-qDINY
Max-Forwards: 70
Supported: replaces, outbound
Accept: application/sdp, text/plain, application/vnd.gsma.rcs-ft-http+xml
Contact: <sip:***@192.168.1.1;app-id=622464153529;pn-type=google;pn-tok=
APA91bHQg81VyKQChjf6g1TQx6Tt1_lr_e5YVDSZJ5E7YefdXW2F30cp53JME5U
DnXOu9rapiwvVb1G_pUIvY2fg7Dd7eeIcplL75jRLTzVrzg
g64DQ0AfA;transport=udp>;+sip.instance="<urn:uuid:5a3189a4-
a97b-44fa-bc1a-cecf3ea94858>"
Expires: 3600
User-Agent: LinphoneAndroid/3.2.4 (belle-sip/1.5.0)
Authorization: Digest realm="149.202.194.24", nonce="
SeNf3AAAAADaRpQoAAAuQ81yzyYAAAAA", algorithm=MD5, opaque="+GNywA==",
username="titi", uri="sip:149.202.194.24", response="
9be3cf4fecf9f228093c4577948c094f", cnonce="3ldOsqEax3-cxdpZ", nc=00000001,
qop=auth
2017-02-28 12:53:47:844 flexisip-debug-Invoking onRequest() on module
DoSProtection
2017-02-28 12:53:47:844 flexisip-debug-Invoking onRequest() on module
SanityChecker
2017-02-28 12:53:47:844 flexisip-debug-Skipping onRequest() on module
GarbageIn
2017-02-28 12:53:47:844 flexisip-debug-Invoking onRequest() on module
NatHelper
2017-02-28 12:53:47:844 flexisip-debug-Invoking onRequest() on module
Authentication
2017-02-28 12:53:47:844 flexisip-debug-New IncomingTransaction 0x1b3c7b0
2017-02-28 12:53:47:844 flexisip-debug-nta_incoming_create: created
incoming transaction 0x1b3c830
2017-02-28 12:53:47:844 flexisip-debug-Searching for auth digest response
for this proxy
2017-02-28 12:53:47:844 flexisip-debug-auth_digest_response_get: 12
2017-02-28 12:53:47:844 flexisip-debug-Examining auth digest response titi
149.202.194.24
2017-02-28 12:53:47:844 flexisip-debug-Expected realm found : 149.202.194.24
2017-02-28 12:53:47:844 flexisip-debug-auth_digest_response_get: 12
2017-02-28 12:53:47:844 flexisip-debug-Using auth digest response for realm
149.202.194.24
2017-02-28 12:53:47:844 flexisip-debug-Updating nonce
SeNf3AAAAADaRpQoAAAuQ81yzyYAAAAA with nc=1
2017-02-28 12:53:47:844 flexisip-debug-Suspend SipEvent 0x1b48cb0
2017-02-28 12:53:47:844 flexisip-debug-auth_digest_ha1() has A1 =
MD5(titi:149.202.194.24:*******) = 3f3ad2e2c804699118337a357e786581
2017-02-28 12:53:47:844 flexisip-debug-A2 = MD5(REGISTER:sip:149.202.194.24)
2017-02-28 12:53:47:844 flexisip-debug-auth_response:
9be3cf4fecf9f228093c4577948c094f = MD5(3f3ad2e2c804699118337a357e786581:
SeNf3AAAAADaRpQoAAAuQ81yzyYAAAAA:00000001:3ldOsqEax3-cxdpZ:auth:
6ca8086c675777156e3e08327869527e) (qop=auth)
2017-02-28 12:53:47:844 flexisip-debug-auth_method_digest: successful
authentication
2017-02-28 12:53:47:844 flexisip-debug-auth_digest_response_get: 12
2017-02-28 12:53:47:844 flexisip-debug-Examining auth digest response titi
149.202.194.24
2017-02-28 12:53:47:844 flexisip-debug-Expected realm found : 149.202.194.24
2017-02-28 12:53:47:844 flexisip-debug-Inject Request SIP message:
REGISTER sip:149.202.194.24 SIP/2.0
Via: SIP/2.0/UDP 192.168.0.100:5060;branch=z9hG4bK.Jx2ol3wXh;rport=5060;
received=192.168.1.1
From: <sip:***@149.202.194.24>;tag=r65I5IfL6
To: sip:***@149.202.194.24
CSeq: 25 REGISTER
Call-ID: 7bQz-qDINY
Max-Forwards: 70
Supported: replaces, outbound
Accept: application/sdp, text/plain, application/vnd.gsma.rcs-ft-http+xml
Contact: <sip:***@192.168.1.1;app-id=622464153529;pn-type=google;pn-tok=
APA91bHQg81VyKQChjf6g1TQx6Tt1_lr_e5YVDSZJ5E7YefdXW2F30cp53JME5U
DnXOu9rapiwvVb1G_pUIvY2fg7Dd7eeIcplL75jRLTzVrzgg64DQ0AfA>;+sip.instance="<
urn:uuid:5a3189a4-a97b-44fa-bc1a-cecf3ea94858>"
Expires: 3600
User-Agent: LinphoneAndroid/3.2.4 (belle-sip/1.5.0)
2017-02-28 12:53:47:844 flexisip-debug-Restart SipEvent 0x1b48cb0
2017-02-28 12:53:47:844 flexisip-debug-Injecting request event after
Authentication
2017-02-28 12:53:47:844 flexisip-debug-Skipping onRequest() on module
Redirect
2017-02-28 12:53:47:844 flexisip-debug-Skipping onRequest() on module
GatewayAdapter
2017-02-28 12:53:47:844 flexisip-debug-Skipping onRequest() on module
Presence
2017-02-28 12:53:47:844 flexisip-debug-Invoking onRequest() on module
Registrar
2017-02-28 12:53:47:844 flexisip-debug-Path added to: sip:192.168.1.25:5060
;lr
2017-02-28 12:53:47:844 flexisip-debug-Suspend SipEvent 0x1b48cb0
2017-02-28 12:53:47:844 flexisip-debug-Updating binding
2017-02-28 12:53:47:844 flexisip-debug-AOR ***@149.202.194.24 found
2017-02-28 12:53:47:844 flexisip-debug-Record contains 1 contacts
sip:***@192.168.1.1:54763;app-id=622464153529;pn-type=
google;pn-tok=APA91bGMjB-dnVeh1JFEqivz6PBTnDMYYoF0q9Ovxt_
4IT9axVVNahm4MaQ7bw99wGtwvpOEGaTerZBcyw7S3ASVuIRZstwzc_
hCJMbceySSmOvQa9Ty3LU;transport=tcp
path="sip:192.168.1.25:5060;transport=tcp;lr"
alias=no uid="<urn:uuid:60ee6a03-1be9-4484-9557-39ffb81b05a5>" expire=3305
s (Tue Feb 28 13:48:52 2017)
==========================
2017-02-28 12:53:47:844 flexisip-debug-Record contains 2 contacts
sip:***@192.168.1.1:54763;app-id=622464153529;pn-type=
google;pn-tok=APA91bGMjB-dnVeh1JFEqivz6PBTnDMYYoF0q9Ovxt_
4IT9axVVNahm4MaQ7bw99wGtwvpOEGaTerZBcyw7S3ASVuIRZstwzc_
hCJMbceySSmOvQa9Ty3LU;transport=tcp
path="sip:192.168.1.25:5060;transport=tcp;lr"
alias=no uid="<urn:uuid:60ee6a03-1be9-4484-9557-39ffb81b05a5>" expire=3305
s (Tue Feb 28 13:48:52 2017)
sip:***@192.168.1.1;app-id=622464153529;pn-type=google;pn-tok=
APA91bHQg81VyKQChjf6g1TQx6Tt1_lr_e5YVDSZJ5E7YefdXW2F30cp53JME5U
DnXOu9rapiwvVb1G_pUIvY2fg7Dd7eeIcplL75jRLTzVrzgg64DQ0AfA path="sip:
192.168.1.25:5060;lr" alias=no
uid="<urn:uuid:5a3189a4-a97b-44fa-bc1a-cecf3ea94858>"
expire=3600 s (Tue Feb 28 13:53:47 2017)
==========================
2017-02-28 12:53:47:844 flexisip-debug-Replying Request SIP message: 200
Registration successful
2017-02-28 12:53:47:844 flexisip-debug-tport_tsend(0x1b08db0) tpn = UDP/
192.168.1.1:5060
2017-02-28 12:53:47:844 flexisip-debug-tport_resolve addrinfo =
192.168.1.1:5060
2017-02-28 12:53:47:844 flexisip-debug-tport_by_addrinfo(0x1b08db0): not
found by name UDP/192.168.1.1:5060
2017-02-28 12:53:47:844 flexisip-debug-tport_vsend returned 798
2017-02-28 12:53:47:844 flexisip-debug-nta: sent 200 Registration
successful for REGISTER (25)
2017-02-28 12:53:47:844 flexisip-debug-nta_incoming_destroy: 0x1b3c830
2017-02-28 12:53:47:844 flexisip-debug-Terminate SipEvent 0x1b48cb0
I have deployed flexisip, I can register and send text message
successfully, *but we cannot send voice or video.*
Any suggestions ?
**************************My configuration file is ***********************
##
## Some global settings of the flexisip proxy.
##
[global]
debug=true
# Verbosity of logs to output. Possible values are debug, message,
# warning and error
# Default value: error
log-level=error
# Log (on a different log domain) user errors like authentication,
# registration, routing, etc...
# Default value: false
user-errors-logs=false
# Generate a corefile when crashing. Note that by default linux
# will generate coredumps in '/' which is not so convenient. The
# following shell command can be added to /etc/rc.local in order
# to write core dumps a in specific directory, for example /home/cores:
# echo "/home/cores/core.%e.%t.%p" >/proc/sys/kernel/core_pattern
# Default value: true
dump-corefiles=true
# Automatically respawn flexisip in case of abnormal termination
# (crashes)
# Default value: true
auto-respawn=true
# List of white space separated host names pointing to this machine.
# This is to prevent loops while routing SIP messages.
# Default value: localhost
aliases=149.202.194.24 localhost 192.168.1.25 192.168.1.1
# Servers started by default when no --server option is specified
# on command line. Possible values are 'proxy', 'presence', separated
# by whitespaces.
# Default value: proxy
default-servers=proxy
# List of white space separated SIP uris where the proxy must listen.
# Wildcard (*) can be used to mean 'all local ip addresses'. If
# 'transport' prameter is unspecified, it will listen to both udp
# and tcp. A local address to bind onto can be indicated in the
# 'maddr' parameter, while the domain part of the uris are used
# as public domain or ip address.
# The 'sips' transport definitions accept two optional parameters:
# - 'tls-certificates-dir' taking for value a path, with the same
# meaning as the 'tls-certificates-dir' property of this section
# and overriding it for this given transport.
# - 'tls-verify-incoming' taking for value '0' or '1', to indicate
# whether clients connecting are required to present a valid client
# certificate. Default value is 0.
# - 'tls-verify-outgoing' taking for value '0' or '1', whether
# flexisip should check the peer certificate when it make an outgoing
# TLS connection to another server. Default value is 1.
# - 'require-peer-certificate' (deprecated) same as
tls-verify-incoming
# Specifying a sip uri with transport=tls is not allowed: the 'sips'
# scheme must be used. As requested by SIP RFC, IPv6 address must
# be enclosed within brakets.
# Here are some examples to understand:
# - listen on all local interfaces for udp and tcp, on standard
# port:
# transports=sip:*
# - listen on all local interfaces for udp,tcp and tls, on standard
# ports:
# transports=sip:* sips:*
# - listen only a specific IPv6 interface, on standard ports, with
# udp, tcp and tls
# transports=sip:[2a01:e34:edc3:4d0:7dac:4a4f:22b6:2083]
sips:[2a01:e34:edc3:4d0:7dac:4a4f:22b6:2083]
# - listen on tls localhost with 2 different ports and SSL certificates:
# transports=sips:localhost:5061;tls-certificates-dir=path_a
sips:localhost:5062;tls-certificates-dir=path_b
# - listen on tls localhost with 2 peer certificate requirements:
# transports=sips:localhost:5061;tls-verify-incoming=0
sips:localhost:5062;tls-verify-incoming=1
# - listen on 192.168.0.29:6060 with tls, but public hostname is
# 'sip.linphone.org' used in SIP messages. Bind address won't appear
# in messages:
# transports=sips:sip.linphone.org:6060;maddr=192.168.0.29
# Default value: sip:*
transports=sip:* sips:*
# Path to the directory where TLS server certificate and private
# key can be found, concatenated inside an 'agent.pem' file. Any
# chain certificates must be put into a file named 'cafile.pem'.
# The setup of agent.pem, and eventually cafile.pem is required
# for TLS transport to work.
# Default value: /etc/flexisip/tls
tls-certificates-dir=/etc/flexisip/tls
# Time interval in seconds after which inactive connections are
# closed.
# Default value: 3600
idle-timeout=3600
# Require client certificate from peer (inbound connections only).
# Default value: false
require-peer-certificate=false
# SIP transaction timeout in milliseconds. It is T1*64 (32000 ms)
# by default.
# Default value: 32000
transaction-timeout=32000
# The UDP MTU. Flexisip will fallback to TCP when sending a message
# whose size exceeds the UDP MTU. Please read http://sofia-sip.sourceforge.
net/refdocs/nta/nta__tag_8h.html#a6f51c1ff713ed4b285e95235c4cc999a
# for more details. If sending large packets over UDP is not a problem,
# then set a big value such as 65535. Unlike the recommandation
# of the RFC, the default value of UDP MTU is 1460 in Flexisip (instead
# of 1300).
# Default value: 1460
udp-mtu=1460
# Enable SNMP.
# Default value: true
enable-snmp=true
# Unique ID used to identify that instance of Flexisip. It must
# be a randomly generated 16-sized hexadecimal number. If empty,
# it will be randomly generated at each start of Flexisip.
# Default value:
unique-id=
# Allow flexisip to use maddr in sips connections to verify the
# CN of the TLS certificate
# Default value: false
use-maddr=false
##
## Should the server be part of a cluster, this section enable to
## describe the topology of the cluster.
##
[module::Transcoder]
enabled=true
[cluster]
# Set to 'true' if that node is part of a cluster
# Default value: false
enabled=false
# List of IP addresses of all nodes present in the cluster
# Default value:
nodes=
##
## Flexisip monitor parameters
##
[monitor]
# Enable or disable the Flexisip monitor daemon
# Default value: false
enabled=false
# Time between two consecutive tests
# Default value: 30
test-interval=30
# Path to the log file
# Default value: /etc/flexisip/flexisip_monitor.log
logfile=/etc/flexisip/flexisip_monitor.log
# Port to open/close folowing the test succeed or not
# Default value: 12345
switch-port=12345
# Salt used to generate the passwords of each test account
# Default value:
password-salt=
##
## STUN server parameters.
##
[stun-server]
# Enable or disable stun server.
# Default value: true
enabled=true
# Local ip address where to bind the socket.
# Default value: 0.0.0.0
bind-address=0.0.0.0
# STUN server port number.
# Default value: 3478
port=3478
##
## Event logs contain per domain and user information about processed
## registrations, calls and messages.
##
[event-logs]
# Enable event logs.
# Default value: false
enabled=false
# Define logger for storing logs. It supports "filesystem" and "database".
# Default value: filesystem
logger=filesystem
# Directory where event logs are written as a filesystem (case when
# filesystem output is choosed).
# Default value: /var/log/flexisip
dir=/var/log/flexisip
# Choose the type of backend that Soci will use for the connection.
# Depending on your Soci package and the modules you installed,
# the supported databases are:`mysql` and `sqlite3`
# Default value: mysql
database-backend=mysql
# The configuration parameters of the backend.
# The basic format is "key=value key2=value2". For a mysql backend,
# this is a valid config: "db=mydb user=user password='pass' host=myhost.com
".
# Please refer to the Soci documentation of your backend, for instance:
# http://soci.sourceforge.net/doc/3.2/backends/mysql.
htmlhttp://soci.sourceforge.net/doc/3.2/backends/sqlite3.html
# Default value: db='mydb' user='myuser' password='mypass' host='myhost.com
'
database-connection-string=db='mydb' user='myuser' password='mypass' host='
myhost.com'
# Amount of queries that will be allowed to be queued before bailing
# password requests.
# This value should be chosen accordingly with 'database-nb-threads-max',
# so that you have a coherent behavior.
# This limit is here mainly as a safeguard against out-of-control
# growth of the queue in the event of a flood or big delays in the
# database backend.
# Default value: 100
database-max-queue-size=100
# Maximum number of threads for writing in database.
# If you get a `database is locked` error with sqlite3, you must
# set this variable to 1.
# Default value: 10
database-nb-threads-max=10
##
## This module bans user when they are sending too much packets within
## a given timeframe. To see the list of currently banned IPs/ports,
## use iptables -L.
##
[module::DoSProtection]
# Indicate whether the module is activated.
# Default value: true
enabled=true
# A request/response enters module if the boolean filter evaluates
# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
# && (user-agent == 'Linphone v2')
# Default value:
filter=
# Number of milliseconds to consider to compute the packet rate
# Default value: 3000
time-period=3000
# Maximum packet rate in packets/seconds, averaged over [time-period]
# millisecond(s) to consider it as a DoS attack.
# Default value: 20
packet-rate-limit=20
# Number of minutes to ban the ip/port using iptables
# Default value: 2
ban-time=2
# Name of the chain flexisip will create to store the banned IPs
# Default value: FLEXISIP
iptables-chain=FLEXISIP
##
## The SanitCheck module checks that required fields of a SIP message
## are present to avoid unecessary checking while processing message
## further. If the message doesn't meet these sanity check criterias,
## then it is stopped and bad request response is sent.
##
[module::SanityChecker]
# Indicate whether the module is activated.
# Default value: true
enabled=true
# A request/response enters module if the boolean filter evaluates
# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
# && (user-agent == 'Linphone v2')
# Default value:
filter=
##
## The ModuleGarbageIn module collects incoming garbage and prevent
## any further processing.
##
[module::GarbageIn]
# Indicate whether the module is activated.
# Default value: false
enabled=false
# A request/response enters module if the boolean filter evaluates
# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
# && (user-agent == 'Linphone v2')
# Default value: false
filter=false
##
## The NatHelper module executes small tasks to make SIP work smoothly
## despite firewalls.It corrects the Contact headers that contain
## obviously inconsistent addresses, and adds a Record-Route to ensure
## subsequent requests are routed also by the proxy, through the
## UDP or TCP channel each client opened to the proxy.
##
[module::NatHelper]
# Indicate whether the module is activated.
# Default value: true
enabled=true
# A request/response enters module if the boolean filter evaluates
# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
# && (user-agent == 'Linphone v2')
# Default value:
filter=
# Internal URI parameter added to response contact by first proxy
# and cleaned by last one.
# Default value: verified
contact-verified-param=verified
# Fix record-routes, to workaround proxies behind firewalls but
# not aware of it.
# Default value: false
fix-record-routes=false
# Policy to recognize nat'd record-route and fix them. There are
# two modes: 'safe' and 'always'
# Default value: safe
fix-record-routes-policy=safe
##
## The authentication module challenges and authenticates SIP requests
## using two possible methods:
## * if the request is received via a TLS transport and
'require-peer-certificate'
## is set in transport definition in [Global] section for this transport,
## then the From header of the request is matched with the CN claimed
## by the client certificate. The CN must contain sip:***@domain
## or alternate name with URI=sip:***@domain corresponding to the
## URI in the from header for the request to be accepted.
## * if no TLS client based authentication can be performed, or
## is failed, then a SIP digest authentication is performed. The
## password verification is made by querying a database or a password
## file on disk.
##
[module::Authentication]
# Indicate whether the module is activated.
# Default value: false
enabled=true
# A request/response enters module if the boolean filter evaluates
# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
# && (user-agent == 'Linphone v2')
# Default value:
filter=
# List of whitespace separated domain names to challenge. Others
# are denied.
# Default value: localhost
auth-domains=149.202.194.24 localhost
# List of whitespace separated IP which will not be challenged.
# Default value:
trusted-hosts=localhost 149.202.194.24
# Database backend implementation [odbc,soci,file,fixed].
# Default value: fixed
db-implementation=file
# Odbc connection string to use for connecting to database. ex1:
# DSN=myodbc3; where 'myodbc3' is the datasource name. ex2:
DRIVER={MySQL};SERVER=host;DATABASE=db;USER=user;PASSWORD=pass;OPTION=3;
# for a DSN-less connection. ex3: /etc/flexisip/passwd; for a file
# containing one '***@domain password' by line.
# Default value:
datasource=/etc/flexisip/users.db.txt
# Expiration time of nonces, in seconds.
# Default value: 3600
nonce-expires=3600
# Duration of the validity of the credentials added to the cache
# in seconds.
# Default value: 1800
cache-expire=1800
# True if retrieved passwords from the database are hashed. HA1=MD5(A1)
# = MD5(username:realm:pass).
# Default value: false
hashed-passwords=false
# Don't reply 403, but 401 or 407 even in case of wrong authentication.
# Default value: false
no-403=false
# List of whitespace separated username or ***@domain CN which
# will trusted. If no domain is given it is computed.
# Default value:
trusted-client-certificates=
# When receiving a proxy authenticate challenge, generate a new
# challenge for this proxy.
# Default value: false
new-auth-on-407=false
# Enable a feature useful for automatic tests, allowing a client
# to create a temporary account in the password database in memory.This
# MUST not be used for production as it is a real security hole.
# Default value: false
enable-test-accounts-creation=false
# Disable the QOP authentication method. Default is to use it, use
# this flag to disable it if needed.
# Default value: false
disable-qop-auth=false
# Odbc SQL request to execute to obtain the password
# . Named parameters are :id (the user found in the from header),
# :domain (the authorization realm) and :authid (the authorization
# username). The use of the :id parameter is mandatory.
# Default value: select password from accounts where id = :id and domain =
:domain and authid=:authid
request=select password from accounts where id = :id and domain = :domain
and authid=:authid
# Use pooling in ODBC (improves performances). This is not guaranteed
# to succeed, because if you are using unixODBC, it consults the
# /etc/odbcinst.inifile in section [ODBC] to check for Pooling=yes/no
# option. You should make sure that this flag is set before expecting
# this option to work.
# Default value: true
odbc-pooling=true
# Display timing statistics after this count of seconds
# Default value: 0
odbc-display-timings-interval=0
# Display timing statistics once the number of samples reach this
# number.
# Default value: 0
odbc-display-timings-after-count=0
# Soci SQL request to execute to obtain the password.
# Named parameters are:
# -':id' : the user found in the from header,
# -':domain' : the authorization realm, and
# -':authid' : the authorization username.
# The use of the :id parameter is mandatory.
# Default value: select password from accounts where id = :id and domain =
:domain and authid=:authid
soci-password-request=select password from accounts where id = :id and
domain = :domain and authid=:authid
# Soci SQL request to execute to obtain the username associated
# with a phone alias.
# Named parameters are:
# -':phone' : the phone number to search for.
# The use of the :phone parameter is mandatory.
# Default value: select login from accounts where phone = :phone
soci-user-with-phone-request=select login from accounts where phone = :phone
# Size of the pool of connections that Soci will use. We open a
# thread for each DB query, and this pool will allow each thread
# to get a connection.
# The threads are blocked until a connection is released back to
# the pool, so increasing the pool size will allow more connections
# to occur simultaneously.
# On the other hand, you should not keep too many open connections
# to your DB at the same time.
# Default value: 100
soci-poolsize=100
# Choose the type of backend that Soci will use for the connection.
# Depending on your Soci package and the modules you installed,
# this could be 'mysql', 'oracle', 'postgresql' or something else.
# Default value: mysql
soci-backend=mysql
# The configuration parameters of the Soci backend.
# The basic format is "key=value key2=value2". For a mysql backend,
# this is a valid config: "db=mydb user=user password='pass' host=myhost.com
".
# Please refer to the Soci documentation of your backend, for intance:
# http://soci.sourceforge.net/doc/3.2/backends/mysql.html
# Default value: db=mydb user=myuser password='mypass' host=myhost.com
soci-connection-string=db=mydb user=myuser password='mypass' host=myhost.com
# Amount of queries that will be allowed to be queued before bailing
# password requests.
# This value should be chosen accordingly with 'soci-poolsize',
# so that you have a coherent behavior.
# This limit is here mainly as a safeguard against out-of-control
# growth of the queue in the event of a flood or big delays in the
# database backend.
# Default value: 1000
soci-max-queue-size=1000
##
## This module redirect sip request with a 302 move temporarily.
##
[module::Redirect]
# Indicate whether the module is activated.
# Default value: false
enabled=false
# A request/response enters module if the boolean filter evaluates
# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
# && (user-agent == 'Linphone v2')
# Default value:
filter=
# A contact where to redirect requests. ex: <sip:127.0.0.1:5065>;expires=100
# Default value:
contact=
##
## The ModuleRegistrar module accepts REGISTERs for domains it manages,
## and store the address of record in order to allow routing requests
## destinated to the client who registered.
##
[module::Registrar]
# Indicate whether the module is activated.
# Default value: true
enabled=true
# A request/response enters module if the boolean filter evaluates
# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
# && (user-agent == 'Linphone v2')
# Default value:
filter=
# List of whitespace separated domain names to be managed by the
# registrar. It can eventually be the '*' (wildcard) in order to
# match any domain name.
# Default value: localhost
reg-domains=149.202.194.24 localhost
# Register users based on response obtained from a back-end server.
# This mode is for using flexisip as a front-end server to hold
# client connections but registeracceptance is deferred to backend
# server to which the REGISTER is routed.
# Default value: false
reg-on-response=false
# Maximum number of registered contacts of an address of record.
# Default value: 12
max-contacts-by-aor=12
# List of contact uri parameters that can be used to identify a
# user's device. The contact parameters are searched in the order
# of the list, the first matching parameter is used and the others
# ignored.
# Default value: +sip.instance pn-tok line
unique-id-parameters=+sip.instance pn-tok line
# Maximum expire time for a REGISTER, in seconds.
# Default value: 86400
max-expires=86400
# Minimum expire time for a REGISTER, in seconds.
# Default value: 60
min-expires=60
# Set a value that will override expire times given by REGISTER
# requests. A null or negative value disables that feature. If it
# is enabled, max-expires and min-expires will not have any effect.
# Default value: -1
force-expires=-1
# File containing the static records to add to database at startup.
# Format: one 'sip_uri contact_header' by line. Example:
# <sip:***@domain> <sip:127.0.0.1:5460>,<sip:192.168.0.1:5160>
# Default value:
static-records-file=
# Timeout in seconds after which the static records file is re-read
# and the contacts updated.
# Default value: 600
static-records-timeout=600
# Implementation used for storing address of records contact uris.
# [redis, internal]
# Default value: internal
db-implementation=internal
# Domain of the redis server.
# Default value: localhost
redis-server-domain=localhost
# Port of the redis server.
# Default value: 6379
redis-server-port=6379
# Authentication password for redis. Empty to disable.
# Default value:
redis-auth-password=
# Timeout in milliseconds of the redis connection.
# Default value: 1500
redis-server-timeout=1500
# Serialize contacts with: [C, protobuf, json, msgpack]
# Default value: protobuf
redis-record-serializer=protobuf
# When Redis is configured in master-slave, flexisip will periodically
# ask what are the slaves and the master.This is the period with
# which it will query the server.It will then determine whether
# is is connected to the master, and if not, let go of the connection
# and migrate to the master.Note: This requires that all redis instances
# have the same password. Otherwise the authentication will fail.
# Default value: 60
redis-slave-check-period=60
# Sequence of proxies (space-separated) where requests will be redirected
# through (RFC3608)
# Default value:
service-route=
# Maximum percentage of the REGISTER expire to randomly remove,
# 0 to disable
# Default value: 0
register-expire-randomizer-max=0
##
## The purpose of the StatisticsCollector module is to collect call
## statistics (RFC 6035) and store them on the server.
##
[module::StatisticsCollector]
# Indicate whether the module is activated.
# Default value: false
enabled=false
# A request/response enters module if the boolean filter evaluates
# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
# && (user-agent == 'Linphone v2')
# Default value:
filter=
# SIP URI of the statistics collector. Note that application/vq-rtcpxr
# messages for this address will be deleted by this module and thus
# not be delivered.
# Default value:
collector-address=
##
## The ModuleRouter module routes requests for domains it manages.
##
[module::Router]
# Indicate whether the module is activated.
# Default value: true
enabled=true
# A request/response enters module if the boolean filter evaluates
# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
# && (user-agent == 'Linphone v2')
# Default value:
filter=
# Store and retrieve contacts without using the domain.
# Default value: false
use-global-domain=false
# Fork messages to all registered devices
# Default value: true
fork=true
# Force forking and thus the creation of an outgoing transaction
# even when only one contact found
# Default value: true
stateful=true
# Fork invites to late registers
# Default value: false
fork-late=false
# All the forked have to decline in order to decline the caller
# invite
# Default value: false
fork-no-global-decline=false
# Treat 603 Declined answers as urgent. Only relevant if
fork-no-global-decline
# is set to true.
# Default value: false
treat-decline-as-urgent=false
# During a fork procedure, treat all failure response as urgent
# Default value: false
treat-all-as-urgent=false
# Maximum time for a call fork to try to reach a callee, in seconds.
# Default value: 90
call-fork-timeout=90
# Maximum time before delivering urgent responses during a call
# fork, in seconds. The typical fork process requires to wait the
# best response from all branches before transmitting it to the
# client. However some error responses are retryable immediately
# (like 415 unsupported media, 401, 407) thus it is painful for
# the client to need to wait the end of the transaction time (32
# seconds) for these error codes.
# Default value: 5
call-fork-urgent-timeout=5
# Optional timer to detect lack of push response, in seconds.
# Default value: 0
call-push-response-timeout=0
# Fork messages to client registering lately.
# Default value: true
message-fork-late=true
# Maximum duration for delivering a text message. This property
# applies only if message-fork-late if set to true, otherwise the
# duration can't exceed the normal transaction duration.
# Default value: 3600
message-delivery-timeout=3600
# Maximum duration for accepting a text message if no response is
# received from any recipients. This property is meaningful when
# message-fork-late is set to true.
# Default value: 15
message-accept-timeout=15
# During a call forking, allow several INVITEs going to the same
# next hop to be grouped into a single one. A proprietary custom
# header 'X-target-uris' is added to the INVITE to indicate the
# final targets of the INVITE.
# Default value: false
allow-target-factorization=false
# Generate a contact from the TO header and route it to the above
# destination. [sip:host:port]
# Default value:
generated-contact-route=
# Require presence of authorization header for specified realm.
# [Realm]
# Default value:
generated-contact-expected-realm=
# Generate a contact route even on filled AOR.
# Default value: false
generate-contact-even-on-filled-aor=false
# Remove to tag from 183, 180, and 101 responses to workaround buggy
# gateways
# Default value: false
remove-to-tag=false
# rewrite username with given value.
# Default value:
preroute=
##
## This module performs push notifications to mobile phone notification
## systems: apple, android, windows, as well as a generic http get/post
## to a custom server to which actual sending of the notification
## is delegated. The push notification is sent when an INVITE or
## MESSAGE request is not answered by the destination of the request
## within a certain period of time, configurable hereunder as 'timeout'
## parameter.
##
[module::PushNotification]
# Indicate whether the module is activated.
# Default value: false
enabled=false
# A request/response enters module if the boolean filter evaluates
# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
# && (user-agent == 'Linphone v2')
# Default value:
filter=
# Number of second to wait before sending a push notification to
# device(if <=0 then disabled)
# Default value: 5
timeout=5
# Maximum number of notifications queued for each client
# Default value: 100
max-queue-size=100
# Default time to live for the push notifications, in seconds. This
# parameter shall be set according to mDeliveryTimeout parameter
# in ForkContext.cc
# Default value: 2592000
time-to-live=2592000
# Enable push notification for apple devices
# Default value: true
apple=true
# Path to directory where to find Apple Push Notification service
# certificates. They should bear the appid of the application, suffixed
# by the release mode and .pem extension. For example: org.linphone.dev.pem
# org.linphone.prod.pem com.somephone.dev.pem etc... The files should
# be .pem format, and made of certificate followed by private key.
# This is also the path to the directory where to find Voice Over
# IP certificates (certicates to use PushKit).They should bear the
# appid of the application, suffixed by the release mode and .pem
# extension, and made of certificate followed by private key. For
# example: org.linphone.voip.dev.pem org.linphone.voip.prod.pem
# com.somephone.voip.dev.pem etc...
# Default value: /etc/flexisip/apn
apple-certificate-dir=/etc/flexisip/apn
# Enable push notification for android devices
# Default value: true
google=true
# List of couples projectId:ApiKey for each android project that
# supports push notifications
# Default value:
google-projects-api-keys=
# Enable push notification for windows phone 8 devices
# Default value: true
windowsphone=true
# Unique identifier for your Windows Store app. For example:
ms-app://s-1-15-2-2345030743-3098444494-743537440-5853975885-5950300305-
5348553438-505324794
# Default value:
windowsphone-package-sid=
# Client secret. For example: Jrp1UoVt4C6CYpVVJHUPdcXLB1pEdRoB
# Default value:
windowsphone-application-secret=
# Set the badge value to 0 for apple push
# Default value: false
no-badge=false
# Instead of having Flexisip sending the push notification directly
# to the Google/Apple/Microsoft push servers, send an http request
# to an http server with all required information encoded in URL,
# to which the actual sending of the push notification is delegated.
# The following arguments can be substitued in the http request
# uri, with the following values:
# - $type : apple, google, wp
# - $token : device token
# - $api-key : the api key to use (google only)
# - $app-id : application ID
# - $from-name : the display name in the from header
# - $from-uri : the sip uri of the from header
# - $from-tag : the tag of the from header
# - $to-uri : the sip uri of the to header
# - $call-id : the call-id of the INVITE or MESSAGE request
# - $event : call, message
# - $sound : the sound file to play with the notification
# - $msgid : the message id to put in the notification
# - $uid :
#
# The content of the text message is put in the body of the http
# request as text/plain, if any.
# Example: http://292.168.0.2/$type/$event?from-uri=$from-uri&tag=$
from-tag&callid=$callid&to=$to-uri
# Default value:
external-push-uri=
# Method for reaching external-push-uri, typically GET or POST
# Default value: GET
external-push-method=GET
##
## The MediaRelay module masquerades SDP message so that all RTP
## and RTCP streams go through the proxy. The RTP and RTCP streams
## are then routed so that each client receives the stream of the
## other. MediaRelay makes sure that RTP is ALWAYS established, even
## with uncooperative firewalls.
##
[module::MediaRelay]
# Indicate whether the module is activated.
# Default value: true
enabled=true
# A request/response enters module if the boolean filter evaluates
# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
# && (user-agent == 'Linphone v2')
# Default value:
filter=
# SDP attribute set by the first proxy to forbid subsequent proxies
# to provide relay. Use 'disable' to disable.
# Default value: nortpproxy
nortpproxy=nortpproxy
# The minimal value of SDP port range
# Default value: 1024
sdp-port-range-min=10000
# The maximal value of SDP port range
# Default value: 65535
sdp-port-range-max=20000
# Sends a ACK and BYE to 200Ok for INVITEs not belonging to any
# established call.
# Default value: false
bye-orphan-dialogs=false
# Maximum concurrent calls processed by the media-relay. Calls arriving
# when the limit is exceed will be rejected. A value of 0 means
# no limit.
# Default value: 0
max-calls=0
# When true, the 'c=' line and port number are set to the relay
# ip/port even if ICE candidates are present in the request. This
# is allow non-ice clients to have their streams relayed.
# Default value: true
force-relay-for-non-ice-targets=true
# Prevent media-relay ports to loop between them, which can cause
# 100% cpu on the media relay thread.You need to set this property
# to false if you are running test calls from clients running on
# the same IP address as the flexisip server
# Default value: true
prevent-loops=true
# In case multiples 183 Early media responses are received for a
# call, only the first one will have RTP streams forwarded back
# to caller. This feature prevents the caller to receive 'mixed'
# streams, but it breaks scenarios where multiple servers play early
# media announcement in sequence.
# Default value: true
early-media-relay-single=true
# Maximum number of relayed early media streams per call. This is
# useful to limit the cpu usage due to early media relaying on embedded
# systems. A value of 0 stands for unlimited.
# Default value: 0
max-early-media-per-call=0
# Period of time in seconds, after which a relayed call without
# any activity is considered as no longer running. Activity counts
# RTP/RTCP packets exchanged through the relay and SIP messages.
# Default value: 3600
inactivity-period=3600
##
## This module executes the basic routing task of SIP requests and
## pass them to the transport layer. It must always be enabled.
##
[module::Forward]
# Indicate whether the module is activated.
# Default value: true
enabled=true
# A request/response enters module if the boolean filter evaluates
# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
# && (user-agent == 'Linphone v2')
# Default value:
filter=
# A sip uri representing a default where to send all requests not
# already resolved. This is the typical way to setup a Flexisip
# proxy server acting as a front-end for backend SIP server.
# Default value:
route=
# Add a path header of this proxy
# Default value: true
add-path=true
# Rewrite request-uri's host and port according to above route
# Default value: false
rewrite-req-uri=false
# List of URL and contact params to remove
# Default value: pn-tok pn-type app-id pn-msg-str pn-call-str pn-call-snd
pn-msg-snd pn-timeout
params-to-remove=pn-tok pn-type app-id pn-msg-str pn-call-str pn-call-snd
pn-msg-snd pn-timeout
##
## Inter domain connections is a set of feature allowing to dynamically
## connect several flexisip servers together in order to manage SIP
## routing at local and global scope. Let's suppose you have two
## SIP network a.example.net and b.example.net run privately and
## independently (no one from a.example.net needs to call someone
## at b.example.net). However, when people from a and b are outside
## of their network, they register to a worldwide available flexisip
## instance running on 'global.example.net'. It is then possible
## to:
## * have calls made within a.example.net routed locally and sent
## to global.example.net in order to reach users inside and outside
## of a's network. Example: ***@a.example.net calls ***@a.example.net.
## If 2 is registered on a.example.net then the call is routed locally.
## On the contrary if 2 is absent and registered, the call is then
## sent to global.example.net and then routed by the global proxy.
## * when global.example.net receives a call from a user not within
## its native network (ex: ***@a.example.net calls ***@a.example.net),
## it can route this call to the proxy that is responsible for managing
## the local domain (a.example.net).
## This system is dynamic, that is the physical IP address of a and
## b network can change (dynamic ip address)
## .This scenario is achieved with two key features:
## * a.example.net sends a REGISTER to global.example.net to indicate
## that it is the responsible for the entire domain a.example.net.
## The global.example.net authenticates this REGISTER thanks to TLS
## client certificate presented by a.example.net.
## * global.example.net is configured to accept this domain registration
## and route all calls it receives directly and estinated to a.example.net
## domain through the connection established by a.example.net during
## the domain registration.
##
[inter-domain-connections]
# Whether flexisip shall accept registrations for entire domains
# Default value: false
accept-domain-registrations=false
# Whether flexisip shall assume that there is a unique server per
# registered domain, which allows to clean old registrations and
# simplifies the routing logic.
# Default value: false
assume-unique-domains=false
# Path to a text file describing the domain registrations to make.
# This file must contains lines like:
# <local domain name> <SIP URI of proxy/registrar where to send
# the domain REGISTER>
# where:
# <local domain name> is a domain name managed locally by this
# proxy
# <SIP URI of proxy/registrar> is the SIP URI where the domain
# registration will be sent. The special uri parameter 'tls-certificate-dir'
# is understood in order to specify a TLS client certificate to
# present to the remote proxy.
# If the file is absent or empty, no registrations are done.
# Default value: /etc/flexisip/domain-registrations.conf
domain-registrations=/etc/flexisip/domain-registrations.conf
# When submitting a domain registration to a server over TLS, verify
# the certificate presented by the server. Disabling this option
# is only for test, because it is a security flaw
# Default value: true
verify-server-certs=true
# Interval in seconds for sending \r\n\r\n keepalives throug the
# outgoing domain registration connection.A value of zero disables
# keepalives.
# Default value: 30
keepalive-interval=30
*****************************My log**************************
2017-02-28 12:53:45:656 flexisip-debug-Invoking onRequest() on module
DoSProtection
2017-02-28 12:53:45:656 flexisip-debug-Invoking onRequest() on module
SanityChecker
2017-02-28 12:53:45:656 flexisip-debug-Skipping onRequest() on module
GarbageIn
2017-02-28 12:53:45:656 flexisip-debug-Invoking onRequest() on module
NatHelper
2017-02-28 12:53:45:656 flexisip-debug-Invoking onRequest() on module
Authentication
2017-02-28 12:53:45:656 flexisip-debug-New IncomingTransaction 0x1b3da30
2017-02-28 12:53:45:656 flexisip-debug-nta_incoming_create: created
incoming transaction 0x1b48140
2017-02-28 12:53:45:656 flexisip-debug-Searching for auth digest response
for this proxy
2017-02-28 12:53:45:656 flexisip-debug-auth_digest_response_get: 12
2017-02-28 12:53:45:656 flexisip-debug-Examining auth digest response titi
149.202.194.24
2017-02-28 12:53:45:656 flexisip-debug-Expected realm found : 149.202.194.24
2017-02-28 12:53:45:656 flexisip-debug-auth_digest_response_get: 12
2017-02-28 12:53:45:656 flexisip-debug-Using auth digest response for realm
149.202.194.24
2017-02-28 12:53:45:657 flexisip-error-Bad nonce count -1 -> 4 for
8t5f3AAAAABHat48AAA2YDv4T58AAAAA
2017-02-28 12:53:45:657 flexisip-debug-New nonce
SeNf3AAAAADaRpQoAAAuQ81yzyYAAAAA
2017-02-28 12:53:45:657 flexisip-debug-Replying Request SIP message: 401
Unauthorized
2017-02-28 12:53:45:657 flexisip-debug-tport_tsend(0x1b08db0) tpn = UDP/
192.168.1.1:5060
2017-02-28 12:53:45:657 flexisip-debug-tport_resolve addrinfo =
192.168.1.1:5060
2017-02-28 12:53:45:657 flexisip-debug-tport_by_addrinfo(0x1b08db0): not
found by name UDP/192.168.1.1:5060
2017-02-28 12:53:45:657 flexisip-debug-tport_vsend returned 459
2017-02-28 12:53:45:657 flexisip-debug-nta: sent 401 Unauthorized for
REGISTER (24)
2017-02-28 12:53:45:657 flexisip-debug-nta: timer set to 32000 ms
2017-02-28 12:53:45:657 flexisip-debug-nta_incoming_destroy: 0x1b48140
2017-02-28 12:53:45:657 flexisip-debug-Terminate SipEvent 0x1b3d7e0
2017-02-28 12:53:45:657 flexisip-debug-Delete IncomingTransaction 0x1b3da30
2017-02-28 12:53:47:308 flexisip-debug-Call id 1670685479
2017-02-28 12:53:47:308 flexisip-debug-There are 1 calls active in the
MediaRelay call list.
2017-02-28 12:53:47:843 flexisip-debug-tport_wakeup_pri(0x1b08db0): events
IN
2017-02-28 12:53:47:843 flexisip-debug-tport_recv_event(0x1b08db0)
2017-02-28 12:53:47:843 flexisip-debug-tport_recv_iovec(0x1b08db0) msg
0x1b3f510 from (udp/192.168.1.25:5060) has 966 bytes, veclen = 1
2017-02-28 12:53:47:844 flexisip-debug-tport_deliver(0x1b08db0): msg
0x1b3f510 (966 bytes) from udp/192.168.1.1:5060 next=(nil)
2017-02-28 12:53:47:844 flexisip-debug-nta: received REGISTER
sip:149.202.194.24 SIP/2.0 (CSeq 25)
2017-02-28 12:53:47:844 flexisip-debug-nta: Via check: received=192.168.1.1
2017-02-28 12:53:47:844 flexisip-debug-nta: REGISTER (25) to message
callback
2017-02-28 12:53:47:844 flexisip-debug-New SipEvent 0x1b48cb0 - msg
0x1b3f510
2017-02-28 12:53:47:844 flexisip-debug-Receiving new Request SIP message
REGISTER from sip:***@149.202.194.24 :
REGISTER sip:149.202.194.24 SIP/2.0
Via: SIP/2.0/UDP 192.168.0.100:5060;branch=z9hG4bK.Jx2ol3wXh;rport=5060;
received=192.168.1.1
From: <sip:***@149.202.194.24>;tag=r65I5IfL6
To: sip:***@149.202.194.24
CSeq: 25 REGISTER
Call-ID: 7bQz-qDINY
Max-Forwards: 70
Supported: replaces, outbound
Accept: application/sdp, text/plain, application/vnd.gsma.rcs-ft-http+xml
Contact: <sip:***@192.168.1.1;app-id=622464153529;pn-type=google;pn-tok=
APA91bHQg81VyKQChjf6g1TQx6Tt1_lr_e5YVDSZJ5E7YefdXW2F30cp53JME5U
DnXOu9rapiwvVb1G_pUIvY2fg7Dd7eeIcplL75jRLTzVrzg
g64DQ0AfA;transport=udp>;+sip.instance="<urn:uuid:5a3189a4-
a97b-44fa-bc1a-cecf3ea94858>"
Expires: 3600
User-Agent: LinphoneAndroid/3.2.4 (belle-sip/1.5.0)
Authorization: Digest realm="149.202.194.24", nonce="
SeNf3AAAAADaRpQoAAAuQ81yzyYAAAAA", algorithm=MD5, opaque="+GNywA==",
username="titi", uri="sip:149.202.194.24", response="
9be3cf4fecf9f228093c4577948c094f", cnonce="3ldOsqEax3-cxdpZ", nc=00000001,
qop=auth
2017-02-28 12:53:47:844 flexisip-debug-Invoking onRequest() on module
DoSProtection
2017-02-28 12:53:47:844 flexisip-debug-Invoking onRequest() on module
SanityChecker
2017-02-28 12:53:47:844 flexisip-debug-Skipping onRequest() on module
GarbageIn
2017-02-28 12:53:47:844 flexisip-debug-Invoking onRequest() on module
NatHelper
2017-02-28 12:53:47:844 flexisip-debug-Invoking onRequest() on module
Authentication
2017-02-28 12:53:47:844 flexisip-debug-New IncomingTransaction 0x1b3c7b0
2017-02-28 12:53:47:844 flexisip-debug-nta_incoming_create: created
incoming transaction 0x1b3c830
2017-02-28 12:53:47:844 flexisip-debug-Searching for auth digest response
for this proxy
2017-02-28 12:53:47:844 flexisip-debug-auth_digest_response_get: 12
2017-02-28 12:53:47:844 flexisip-debug-Examining auth digest response titi
149.202.194.24
2017-02-28 12:53:47:844 flexisip-debug-Expected realm found : 149.202.194.24
2017-02-28 12:53:47:844 flexisip-debug-auth_digest_response_get: 12
2017-02-28 12:53:47:844 flexisip-debug-Using auth digest response for realm
149.202.194.24
2017-02-28 12:53:47:844 flexisip-debug-Updating nonce
SeNf3AAAAADaRpQoAAAuQ81yzyYAAAAA with nc=1
2017-02-28 12:53:47:844 flexisip-debug-Suspend SipEvent 0x1b48cb0
2017-02-28 12:53:47:844 flexisip-debug-auth_digest_ha1() has A1 =
MD5(titi:149.202.194.24:*******) = 3f3ad2e2c804699118337a357e786581
2017-02-28 12:53:47:844 flexisip-debug-A2 = MD5(REGISTER:sip:149.202.194.24)
2017-02-28 12:53:47:844 flexisip-debug-auth_response:
9be3cf4fecf9f228093c4577948c094f = MD5(3f3ad2e2c804699118337a357e786581:
SeNf3AAAAADaRpQoAAAuQ81yzyYAAAAA:00000001:3ldOsqEax3-cxdpZ:auth:
6ca8086c675777156e3e08327869527e) (qop=auth)
2017-02-28 12:53:47:844 flexisip-debug-auth_method_digest: successful
authentication
2017-02-28 12:53:47:844 flexisip-debug-auth_digest_response_get: 12
2017-02-28 12:53:47:844 flexisip-debug-Examining auth digest response titi
149.202.194.24
2017-02-28 12:53:47:844 flexisip-debug-Expected realm found : 149.202.194.24
2017-02-28 12:53:47:844 flexisip-debug-Inject Request SIP message:
REGISTER sip:149.202.194.24 SIP/2.0
Via: SIP/2.0/UDP 192.168.0.100:5060;branch=z9hG4bK.Jx2ol3wXh;rport=5060;
received=192.168.1.1
From: <sip:***@149.202.194.24>;tag=r65I5IfL6
To: sip:***@149.202.194.24
CSeq: 25 REGISTER
Call-ID: 7bQz-qDINY
Max-Forwards: 70
Supported: replaces, outbound
Accept: application/sdp, text/plain, application/vnd.gsma.rcs-ft-http+xml
Contact: <sip:***@192.168.1.1;app-id=622464153529;pn-type=google;pn-tok=
APA91bHQg81VyKQChjf6g1TQx6Tt1_lr_e5YVDSZJ5E7YefdXW2F30cp53JME5U
DnXOu9rapiwvVb1G_pUIvY2fg7Dd7eeIcplL75jRLTzVrzgg64DQ0AfA>;+sip.instance="<
urn:uuid:5a3189a4-a97b-44fa-bc1a-cecf3ea94858>"
Expires: 3600
User-Agent: LinphoneAndroid/3.2.4 (belle-sip/1.5.0)
2017-02-28 12:53:47:844 flexisip-debug-Restart SipEvent 0x1b48cb0
2017-02-28 12:53:47:844 flexisip-debug-Injecting request event after
Authentication
2017-02-28 12:53:47:844 flexisip-debug-Skipping onRequest() on module
Redirect
2017-02-28 12:53:47:844 flexisip-debug-Skipping onRequest() on module
GatewayAdapter
2017-02-28 12:53:47:844 flexisip-debug-Skipping onRequest() on module
Presence
2017-02-28 12:53:47:844 flexisip-debug-Invoking onRequest() on module
Registrar
2017-02-28 12:53:47:844 flexisip-debug-Path added to: sip:192.168.1.25:5060
;lr
2017-02-28 12:53:47:844 flexisip-debug-Suspend SipEvent 0x1b48cb0
2017-02-28 12:53:47:844 flexisip-debug-Updating binding
2017-02-28 12:53:47:844 flexisip-debug-AOR ***@149.202.194.24 found
2017-02-28 12:53:47:844 flexisip-debug-Record contains 1 contacts
sip:***@192.168.1.1:54763;app-id=622464153529;pn-type=
google;pn-tok=APA91bGMjB-dnVeh1JFEqivz6PBTnDMYYoF0q9Ovxt_
4IT9axVVNahm4MaQ7bw99wGtwvpOEGaTerZBcyw7S3ASVuIRZstwzc_
hCJMbceySSmOvQa9Ty3LU;transport=tcp
path="sip:192.168.1.25:5060;transport=tcp;lr"
alias=no uid="<urn:uuid:60ee6a03-1be9-4484-9557-39ffb81b05a5>" expire=3305
s (Tue Feb 28 13:48:52 2017)
==========================
2017-02-28 12:53:47:844 flexisip-debug-Record contains 2 contacts
sip:***@192.168.1.1:54763;app-id=622464153529;pn-type=
google;pn-tok=APA91bGMjB-dnVeh1JFEqivz6PBTnDMYYoF0q9Ovxt_
4IT9axVVNahm4MaQ7bw99wGtwvpOEGaTerZBcyw7S3ASVuIRZstwzc_
hCJMbceySSmOvQa9Ty3LU;transport=tcp
path="sip:192.168.1.25:5060;transport=tcp;lr"
alias=no uid="<urn:uuid:60ee6a03-1be9-4484-9557-39ffb81b05a5>" expire=3305
s (Tue Feb 28 13:48:52 2017)
sip:***@192.168.1.1;app-id=622464153529;pn-type=google;pn-tok=
APA91bHQg81VyKQChjf6g1TQx6Tt1_lr_e5YVDSZJ5E7YefdXW2F30cp53JME5U
DnXOu9rapiwvVb1G_pUIvY2fg7Dd7eeIcplL75jRLTzVrzgg64DQ0AfA path="sip:
192.168.1.25:5060;lr" alias=no
uid="<urn:uuid:5a3189a4-a97b-44fa-bc1a-cecf3ea94858>"
expire=3600 s (Tue Feb 28 13:53:47 2017)
==========================
2017-02-28 12:53:47:844 flexisip-debug-Replying Request SIP message: 200
Registration successful
2017-02-28 12:53:47:844 flexisip-debug-tport_tsend(0x1b08db0) tpn = UDP/
192.168.1.1:5060
2017-02-28 12:53:47:844 flexisip-debug-tport_resolve addrinfo =
192.168.1.1:5060
2017-02-28 12:53:47:844 flexisip-debug-tport_by_addrinfo(0x1b08db0): not
found by name UDP/192.168.1.1:5060
2017-02-28 12:53:47:844 flexisip-debug-tport_vsend returned 798
2017-02-28 12:53:47:844 flexisip-debug-nta: sent 200 Registration
successful for REGISTER (25)
2017-02-28 12:53:47:844 flexisip-debug-nta_incoming_destroy: 0x1b3c830
2017-02-28 12:53:47:844 flexisip-debug-Terminate SipEvent 0x1b48cb0