# # $Id: opensips.cfg 7014 2010-07-13 07:05:45Z bogdan_iancu $ # # OpenSIPS basic configuration script # by Anca Vamanu # # Please refer to the Core CookBook at: # http://www.opensips.org/Resources/DocsCookbooks # for a explanation of possible statements, functions and parameters. # ####### Global Parameters ######### debug=3 log_stderror=no fork=yes children=32 listen=udp:192.168.2.103 ####### Modules Section ######## #set module path mpath="modules/" /* uncomment next line for MySQL DB support */ loadmodule "db_mysql.so" loadmodule "signaling.so" loadmodule "sl.so" loadmodule "tm.so" loadmodule "rr.so" loadmodule "maxfwd.so" loadmodule "usrloc.so" loadmodule "registrar.so" loadmodule "textops.so" loadmodule "mi_fifo.so" loadmodule "uri.so" loadmodule "dialog.so" loadmodule "localcache.so" /* uncomment next lines for MySQL based authentication support NOTE: a DB (like db_mysql) module must be also loaded */ loadmodule "auth.so" loadmodule "auth_db.so" /* uncomment next line for aliases support NOTE: a DB (like db_mysql) module must be also loaded */ #loadmodule "alias_db.so" /* uncomment next line for multi-domain support NOTE: a DB (like db_mysql) module must be also loaded NOTE: be sure and enable multi-domain support in all used modules (see "multi-module params" section ) */ #loadmodule "domain.so" /* uncomment the next two lines for presence server support NOTE: a DB (like db_mysql) module must be also loaded */ #loadmodule "presence.so" #loadmodule "presence_xml.so" # ----------------- setting module-specific parameters --------------- # ----- mi_fifo params ----- modparam("mi_fifo", "fifo_name", "/tmp/opensips_fifo") modparam("dialog","db_mode",0) # ----- rr params ----- # add value to ;lr param to cope with most of the UAs modparam("rr", "enable_full_lr", 1) # do not append from tag to the RR (no need for this script) modparam("rr", "append_fromtag", 0) # ----- registrar params ----- /* uncomment the next line not to allow more than 10 contacts per AOR */ #modparam("registrar", "max_contacts", 10) # ----- usrloc params ----- modparam("usrloc", "db_mode", 0) /* uncomment the following lines if you want to enable DB persistency for location entries */ modparam("usrloc", "db_mode", 2) modparam("usrloc", "db_url", "mysql://root:voice21@localhost/opensips") # ----- uri params ----- modparam("uri", "use_uri_table", 0) modparam("tm", "wt_timer", 2) modparam("tm", "restart_fr_on_each_reply", 0) # ----- acc params ----- /* what sepcial events should be accounted ? */ #modparam("acc", "early_media", 1) #modparam("acc", "report_ack", 1) #modparam("acc", "report_cancels", 1) /* by default ww do not adjust the direct of the sequential requests. if you enable this parameter, be sure the enable "append_fromtag" in "rr" module */ #modparam("acc", "detect_direction", 0) /* account triggers (flags) */ #modparam("acc", "failed_transaction_flag", 3) #modparam("acc", "log_flag", 1) #modparam("acc", "log_missed_flag", 2) /* uncomment the following lines to enable DB accounting also */ #modparam("acc", "db_flag", 1) #modparam("acc", "db_missed_flag", 2) modparam("auth", "nonce_expire", 2) modparam("auth","username_spec","$avp(i:54)") modparam("auth","password_spec","$avp(i:55)") modparam("auth","calculate_ha1",1) # ----- auth_db params ----- /* uncomment the following lines if you want to enable the DB based authentication */ modparam("auth_db", "calculate_ha1", yes) modparam("auth_db", "password_column", "password") modparam("auth_db", "db_url", "mysql://root:voice21@localhost/opensips") modparam("auth_db", "load_credentials", "$avp(i:55)=password") # ----- alias_db params ----- /* uncomment the following lines if you want to enable the DB based aliases */ #modparam("alias_db", "db_url", # "mysql://opensips:opensipsrw@localhost/opensips") # ----- domain params ----- /* uncomment the following lines to enable multi-domain detection support */ #modparam("domain", "db_url", # "mysql://root:voice21@localhost/opensips") #modparam("domain", "db_mode", 1) # Use caching # ----- multi-module params ----- /* uncomment the following line if you want to enable multi-domain support in the modules (dafault off) */ #modparam("auth_db|usrloc|uri", "use_domain", 1) # ----- presence params ----- /* uncomment the following lines if you want to enable presence */ #modparam("presence|presence_xml", "db_url", # "mysql://opensips:opensipsrw@localhost/opensips") #modparam("presence_xml", "force_active", 1) #modparam("presence", "server_address", "sip:192.168.1.2:5060") ####### Routing Logic ######## # main request routing logic route{ if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); exit; } if (has_totag()) { # sequential request withing a dialog should # take the path determined by record-routing if (loose_route()) { if (is_method("BYE")) { # setflag(1); # do accounting ... # setflag(3); # ... even if the transaction fails } else if (is_method("INVITE")) { # even if in most of the cases is useless, do RR for # re-INVITEs alos, as some buggy clients do change route set # during the dialog. record_route(); } # route it out to whatever destination was set by loose_route() # in $du (destination URI). route(1); } else { /* uncomment the following lines if you want to enable presence */ ##if (is_method("SUBSCRIBE") && $rd == "your.server.ip.address") { ## # in-dialog subscribe requests ## route(2); ## exit; ##} if ( is_method("ACK") ) { if ( t_check_trans() ) { # non loose-route, but stateful ACK; must be an ACK after # a 487 or e.g. 404 from upstream server t_relay(); exit; } else { # ACK without matching transaction -> # ignore and discard exit; } } sl_send_reply("404","Not here"); } exit; } #initial requests if (is_method("INVITE")) create_dialog(); # CANCEL processing if (is_method("CANCEL")) { if (t_check_trans()) t_relay(); exit; } t_check_trans(); # authenticate if from local subscriber (uncomment to enable auth) # authenticate all initial non-REGISTER request that pretend to be # generated by local subscriber (domain from FROM URI is local) if (!(method=="REGISTER") && from_uri==myself) /*no multidomain version*/ # if (!(method=="REGISTER") && is_from_local()) /*multidomain version*/ { if(cache_fetch("local","passwd_$fu",$avp(i:55))) { $avp(i:54) = $fU; # xlog("found in cache - user = `$avp(i:54)` , pwd = `$avp(i:55)`\n"); # xlog("SCRIPT: stored password is $avp(i:55)\n"); # perform auth from variables # $avp(i:54) contains the username # $avp(i:55) contains the password if (!pv_proxy_authorize("")) { # authentication failed -> do challenge # xlog("user $avp(i:54) failed to auth\n"); proxy_challenge("", "0"); exit; }; consume_credentials(); # caller authenticated } else { # perform DB authentication -> # password will be loaded from DB automatically if (!proxy_authorize("", "subscriber")) { proxy_challenge("", "0"); exit; } consume_credentials(); # caller authenticated if (!db_check_from()) { sl_send_reply("403","Forbidden auth ID"); exit; } # after DB authentication, the password is available # in $avp(i:55) because of the "load_credentials" # module parameter. # xlog("SCRIPT: storing password <$avp(i:55)>\n"); # use a 20 minutes lifetime for the password; # after that, it will erased from cache and we do # db authentication again (refresh the passwd from DB) cache_store("local","passwd_$fu","$avp(i:55)",50); } } # preloaded route checking if (loose_route()) { xlog("L_ERR", "Attempt to route with preloaded Route's [$fu/$tu/$ru/$ci]"); if (!is_method("ACK")) sl_send_reply("403","Preload Route denied"); exit; } # record routing if (!is_method("REGISTER|MESSAGE")) record_route(); # account only INVITEs # if (is_method("INVITE")) { # setflag(1); # do accounting # } if (!uri==myself) ## replace with following line if multi-domain support is used ##if (!is_uri_host_local()) { append_hf("P-hint: outbound\r\n"); # if you have some interdomain connections via TLS ##if($rd=="tls_domain1.net") { ## t_relay("tls:domain1.net"); ## exit; ##} else if($rd=="tls_domain2.net") { ## t_relay("tls:domain2.net"); ## exit; ##} route(1); } # requests for my domain ## uncomment this if you want to enable presence server ## and comment the next 'if' block ## NOTE: uncomment also the definition of route[2] from below ##if( is_method("PUBLISH|SUBSCRIBE")) ## route(2); if (is_method("PUBLISH")) { sl_send_reply("503", "Service Unavailable"); exit; } if (is_method("REGISTER")) { # authenticate the REGISTER requests (uncomment to enable auth) if (!www_authorize("", "subscriber")) { www_challenge("", "0"); exit; } if (!db_check_to()) { sl_send_reply("403","Forbidden auth ID"); exit; } if (!save("location")) sl_reply_error(); exit; } if ($rU==NULL) { # request with no Username in RURI sl_send_reply("484","Address Incomplete"); exit; } # apply DB based aliases (uncomment to enable) ##alias_db_lookup("dbaliases"); # do lookup with method filtering if (!lookup("location","m")) { switch ($retcode) { case -1: case -3: t_newtran(); t_reply("404", "Not Found"); exit; case -2: sl_send_reply("405", "Method Not Allowed"); exit; } } # when routing via usrloc, log the missed calls also # setflag(2); route(1); } route[1] { # for INVITEs enable some additional helper routes if (!t_relay()) { sl_reply_error(); }; exit; }