-
Notifications
You must be signed in to change notification settings - Fork 933
/
pjsip.conf.sample
1643 lines (1508 loc) · 83.3 KB
/
pjsip.conf.sample
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
; PJSIP Configuration Samples and Quick Reference
;
; This file has several very basic configuration examples, to serve as a quick
; reference to jog your memory when you need to write up a new configuration.
; It is not intended to teach PJSIP configuration or serve as an exhaustive
; reference of options and potential scenarios.
;
; This file has two main sections.
; First, manually written examples to serve as a handy reference.
; Second, a list of all possible PJSIP config options by section. This is
; pulled from the XML config help. It only shows the synopsis for every item.
; If you want to see more detail please check the documentation sources
; mentioned at the top of this file.
; ============================================================================
; NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE
;
; This file does not maintain the complete option documentation.
; ============================================================================
; Documentation
;
; The official documentation is at https://docs.asterisk.org
; You can read the XML configuration help via Asterisk command line with
; "config show help res_pjsip", then you can drill down through the various
; sections and their options.
;
;========!!!!!!!!!!!!!!!!!!! SECURITY NOTICE !!!!!!!!!!!!!!!!!!!!===========
;
; At a minimum please read the file "README-SERIOUSLY.bestpractices.txt",
; located in the Asterisk source directory before starting Asterisk.
; Otherwise you risk allowing the security of the Asterisk system to be
; compromised. Beyond that please visit and read the security information in
; the documentation at: https://docs.asterisk.org/Deployment/Important-Security-Considerations/
;
; A few basics to pay attention to:
;
; Anonymous Calls
;
; By default anonymous inbound calls via PJSIP are not allowed. If you want to
; route anonymous calls you'll need to define an endpoint named "anonymous".
; res_pjsip_endpoint_identifier_anonymous.so handles that functionality so it
; must be loaded. It is not recommended to accept anonymous calls.
;
; Access Control Lists
;
; See the example ACL configuration in this file. Read the configuration help
; for the section and all of its options. Look over the samples in acl.conf
; and documentation at https://docs.asterisk.org/Configuration/Core-Configuration/Named-ACLs/
; If possible, restrict access to only networks and addresses you trust.
;
; Dialplan Contexts
;
; When defining configuration (such as an endpoint) that links into
; dialplan configuration, be aware of what that dialplan does. It's easy to
; accidentally provide access to internal or outbound dialing extensions which
; could cost you severely. The "context=" line in endpoint configuration
; determines which dialplan context inbound calls will enter into.
;
;=============================================================================
; Overview of Configuration Section Types Used in the Examples
;
; * Transport "transport"
; * Configures res_pjsip transport layer interaction.
; * Endpoint "endpoint"
; * Configures core SIP functionality related to SIP endpoints.
; * Authentication "auth"
; * Stores inbound or outbound authentication credentials for use by trunks,
; endpoints, registrations.
; * Address of Record "aor"
; * Stores contact information for use by endpoints.
; * Endpoint Identification "identify"
; * Maps a host directly to an endpoint
; * Access Control List "acl"
; * Defines a permission list or references one stored in acl.conf
; * Registration "registration"
; * Contains information about an outbound SIP registration
; * Resource Lists
; * Contains information for configuring resource lists.
; * Phone Provisioning "phoneprov"
; * Contains information needed by res_phoneprov for autoprovisioning
; The following sections show example configurations for various scenarios.
; Most require a couple or more configuration types configured in concert.
;=============================================================================
; Naming of Configuration Sections
;
; Configuration section names are denoted with enclosing brackets,
; e.g. [6001]
; In most cases, you can name a section whatever makes sense to you. For example
; you might name a transport [transport-udp-nat] to help you remember how that
; section is being used. However, in some cases, ("endpoint" and "aor" types)
; the section name has a relationship to its function.
;
; Depending on the modules loaded, Asterisk can match SIP requests to an
; endpoint or aor in a few ways:
;
; 1) Match a section name for endpoint type sections to the username in the
; "From" header of inbound SIP requests.
; 2) Match a section name for aor type sections to the username in the "To"
; header of inbound SIP REGISTER requests.
; 3) With an identify type section configured, match an inbound SIP request of
; any type to an endpoint or aor based on the IP source address of the
; request.
;
; Note that sections can have the same name as long as their "type" options are
; set to different values. In most cases it makes sense to have associated
; configuration sections use the same name, as you'll see in the examples within
; this file.
;===============EXAMPLE TRANSPORTS============================================
;
; A few examples for potential transport options.
;
; For the NAT transport example, be aware that the options starting with
; the prefix "external_" will only apply to communication with addresses
; outside the range set with "local_net=".
;
; You can have more than one of any type of transport, as long as it doesn't
; use the same resources (bind address, port, etc) as the others.
; Basic UDP transport
;
;[transport-udp]
;type=transport
;protocol=udp ;udp,tcp,tls,ws,wss,flow
;bind=0.0.0.0
; UDP transport behind NAT
;
;[transport-udp-nat]
;type=transport
;protocol=udp
;bind=0.0.0.0
;local_net=192.0.2.0/24
;external_media_address=203.0.113.1
;external_signaling_address=203.0.113.1
; Basic IPv6 UDP transport
;
;[transport-udp-ipv6]
;type=transport
;protocol=udp
;bind=::
; Example IPv4 TLS transport
;
;[transport-tls]
;type=transport
;protocol=tls
;bind=0.0.0.0
;cert_file=/path/mycert.crt
;priv_key_file=/path/mykey.key
;cipher=ADH-AES256-SHA,ADH-AES128-SHA
;method=tlsv1
; Example flow transport
;
; A flow transport is used to reference a flow of signaling with a specific
; target. All endpoints or other objects that reference the transport will use
; the same underlying transport and can share runtime discovered transport
; configuration (such as service routes). The protocol in use will be determined
; based on the URI used to establish the connection. Currently only TCP and TLS
; are supported.
;
;[transport-flow]
;type=transport
;protocol=flow
; Example IPv4 TCP transport with Keepalive options
;
;[transport-tcp]
;type=transport
;protocol=tcp
;bind=0.0.0.0
;tcp_keepalive_enable=yes ; Enable TCP keepalive (yes/no)
;tcp_keepalive_idle_time=30 ; Time in seconds the connection needs to remain idle before TCP starts sending keepalive probes
;tcp_keepalive_interval_time=10 ; The time in seconds between individual keepalive probes
;tcp_keepalive_probe_count=5 ; The maximum number of keepalive probes TCP should send before dropping the connection
; Example IPv4 TLS transport with Keepalive options
;
;[transport-tls]
;type=transport
;protocol=tls
;bind=0.0.0.0
;cert_file=/path/to/mycert.crt
;priv_key_file=/path/to/mykey.key
;cipher=ADH-AES256-SHA,ADH-AES128-SHA
;method=tlsv1
;tcp_keepalive_enable=yes ; Enable TCP keepalive (yes/no)
;tcp_keepalive_idle_time=30 ; Time in seconds the connection needs to remain idle before TCP starts sending keepalive probes
;tcp_keepalive_interval_time=10 ; The time in seconds between individual keepalive probes
;tcp_keepalive_probe_count=5 ; The maximum number of keepalive probes TCP should send before dropping the connection
;===============OUTBOUND REGISTRATION WITH OUTBOUND AUTHENTICATION============
;
; This is a simple registration that works with some SIP trunking providers.
; You'll need to set up the auth example "mytrunk_auth" below to enable outbound
; authentication. Note that we use "outbound_auth=" for outbound authentication
; instead of "auth=", which is for inbound authentication.
;
; If you are registering to a server from behind NAT, be sure you assign a transport
; that is appropriately configured with NAT related settings. See the NAT transport example.
;
; "contact_user=" sets the SIP contact header's user portion of the SIP URI
; this will affect the extension reached in dialplan when the far end calls you at this
; registration. The default is 's'.
;
; If you would like to enable line support and have incoming calls related to this
; registration go to an endpoint automatically the "line" and "endpoint" options must
; be set. The "endpoint" option specifies what endpoint the incoming call should be
; associated with.
;[mytrunk]
;type=registration
;transport=transport-udp
;outbound_auth=mytrunk_auth
;server_uri=sip:sip.example.com
;client_uri=sip:1234567890@sip.example.com
;contact_user=1234567890
;retry_interval=60
;forbidden_retry_interval=600
;expiration=3600
;line=yes
;endpoint=mytrunk
;[mytrunk_auth]
;type=auth
;auth_type=userpass
;password=1234567890
;username=1234567890
;realm=sip.example.com
;===============ENDPOINT CONFIGURED AS A TRUNK, OUTBOUND AUTHENTICATION=======
;
; This is one way to configure an endpoint as a trunk. It is set up with
; "outbound_auth=" to enable authentication when dialing out through this
; endpoint. There is no inbound authentication set up since a provider will
; not normally authenticate when calling you.
;
; The identify configuration enables IP address matching against this endpoint.
; For calls from a trunking provider, the From user may be different every time,
; so we want to match against IP address instead of From user.
;
; If you want the provider of your trunk to know where to send your calls
; you'll need to use an outbound registration as in the example above this
; section.
;
; NAT
;
; At a basic level configure the endpoint with a transport that is set up
; with the appropriate NAT settings. There may be some additional settings you
; need here based on your NAT/Firewall scenario. Look to the CLI config help
; "config show help res_pjsip endpoint" or on the wiki for other NAT related
; options and configuration. We've included a few below.
;
; AOR
;
; Endpoints use one or more AOR sections to store their contact details.
; You can define multiple contact addresses in SIP URI format in multiple
; "contact=" entries.
;
;[mytrunk]
;type=endpoint
;transport=transport-udp
;context=from-external
;disallow=all
;allow=ulaw
;outbound_auth=mytrunk_auth
;aors=mytrunk
; ;A few NAT relevant options that may come in handy.
;force_rport=yes ;It's a good idea to read the configuration help for each
;direct_media=no ;of these options.
;ice_support=yes
;[mytrunk]
;type=aor
;contact=sip:198.51.100.1:5060
;contact=sip:198.51.100.2:5060
;[mytrunk]
;type=identify
;endpoint=mytrunk
;match=198.51.100.1
;match=198.51.100.2
;match=192.168.10.0:5061/24
;=============ENDPOINT CONFIGURED AS A TRUNK, INBOUND AUTH AND REGISTRATION===
;
; Here we are allowing a remote device to register to Asterisk and requiring
; that they authenticate for registration and calls.
; You'll note that this configuration is essentially the same as configuring
; an endpoint for use with a SIP phone.
;[7000]
;type=endpoint
;context=from-external
;disallow=all
;allow=ulaw
;transport=transport-udp
;auth=7000
;aors=7000
;[7000]
;type=auth
;auth_type=userpass
;password=7000
;username=7000
;[7000]
;type=aor
;max_contacts=1
;===============ENDPOINT CONFIGURED FOR USE WITH A SIP PHONE==================
;
; This example includes the endpoint, auth and aor configurations. It
; requires inbound authentication and allows registration, as well as references
; a transport that you'll need to uncomment from the previous examples.
;
; Uncomment one of the transport lines to choose which transport you want. If
; not specified then the default transport chosen is the first compatible transport
; in the configuration file for the contact URL.
;
; Modify the "max_contacts=" line to change how many unique registrations to allow.
;
; Use the "contact=" line instead of max_contacts= if you want to statically
; define the location of the device.
;
; If using the TLS enabled transport, you may want the "media_encryption=sdes"
; option to additionally enable SRTP, though they are not mutually inclusive.
;
; If this endpoint were remote, and it was using a transport configured for NAT
; then you likely want to use "direct_media=no" to prevent audio issues.
;[6001]
;type=endpoint
;transport=transport-udp
;context=from-internal
;disallow=all
;allow=ulaw
;allow=gsm
;auth=6001
;aors=6001
;
; A few more transports to pick from, and some related options below them.
;
;transport=transport-tls
;media_encryption=sdes
;transport=transport-udp-ipv6
;transport=transport-udp-nat
;direct_media=no
;
; MWI related options
;aggregate_mwi=yes
;mailboxes=6001@default,7001@default
;mwi_from_user=6001
;
; Extension and Device state options
;
;device_state_busy_at=1
;allow_subscribe=yes
;sub_min_expiry=30
;
; STIR/SHAKEN support.
;
;stir_shaken=no
;stir_shaken_profile=my_profile
;[6001]
;type=auth
;auth_type=userpass
;password=6001
;username=6001
;[6001]
;type=aor
;max_contacts=1
;contact=sip:6001@192.0.2.1:5060
;===============ENDPOINT BEHIND NAT OR FIREWALL===============================
;
; This example assumes your transport is configured with a public IP and the
; endpoint itself is behind NAT and maybe a firewall, rather than having
; Asterisk behind NAT. For the sake of simplicity, we'll assume a typical
; VOIP phone. The most important settings to configure are:
;
; * direct_media, to ensure Asterisk stays in the media path
; * rtp_symmetric and force_rport options to help the far-end NAT/firewall
;
; Depending on the settings of your remote SIP device or NAT/firewall device
; you may have to experiment with a combination of these settings.
;
; If both Asterisk and the remote phones are a behind NAT/firewall then you'll
; have to make sure to use a transport with appropriate settings (as in the
; transport-udp-nat example).
;
;[6002]
;type=endpoint
;transport=transport-udp
;context=from-internal
;disallow=all
;allow=ulaw
;auth=6002
;aors=6002
;direct_media=no
;rtp_symmetric=yes
;force_rport=yes
;rewrite_contact=yes ; necessary if endpoint does not know/register public ip:port
;ice_support=yes ;This is specific to clients that support NAT traversal
;for media via ICE,STUN,TURN. See the wiki at:
;https://docs.asterisk.org/Configuration/Miscellaneous/Interactive-Connectivity-Establishment-ICE-in-Asterisk/
;for a deeper explanation of this topic.
;[6002]
;type=auth
;auth_type=userpass
;password=6002
;username=6002
;[6002]
;type=aor
;max_contacts=2
;============EXAMPLE ACL CONFIGURATION==========================================
;
; The ACL or Access Control List section defines a set of permissions to permit
; or deny access to various address or addresses. Alternatively it references an
; ACL configuration already set in acl.conf.
;
; The ACL configuration is independent of individual endpoint configuration and
; operates on all inbound SIP communication using res_pjsip.
; Reference an ACL defined in acl.conf.
;
;[acl]
;type=acl
;acl=example_named_acl1
; Reference a contactacl specifically.
;
;[acl]
;type=acl
;contact_acl=example_contact_acl1
; Define your own ACL here in pjsip.conf and
; permit or deny by IP address or range.
;
;[acl]
;type=acl
;deny=0.0.0.0/0.0.0.0
;permit=209.16.236.0/24
;deny=209.16.236.1
; Restrict based on Contact Headers rather than IP.
; Define options multiple times for various addresses or use a comma-delimited string.
;
;[acl]
;type=acl
;contact_deny=0.0.0.0/0.0.0.0
;contact_permit=209.16.236.0/24
;contact_permit=209.16.236.1
;contact_permit=209.16.236.2,209.16.236.3
; Restrict based on Contact Headers rather than IP and use
; advanced syntax. Note the bang symbol used for "NOT", so we can deny
; 209.16.236.12/32 within the permit= statement.
;
;[acl]
;type=acl
;contact_deny=0.0.0.0/0.0.0.0
;contact_permit=209.16.236.0
;permit=209.16.236.0/24, !209.16.236.12/32
;============EXAMPLE RLS CONFIGURATION==========================================
;
;Asterisk provides support for RFC 4662 Resource List Subscriptions. This allows
;for an endpoint to, through a single subscription, subscribe to the states of
;multiple resources. Resource lists are configured in pjsip.conf using the
;resource_list configuration object. Below is an example of a resource list that
;allows an endpoint to subscribe to the presence of alice, bob, and carol.
;[my_list]
;type=resource_list
;list_item=alice
;list_item=bob
;list_item=carol
;event=presence
;The "event" option in the resource list corresponds to the SIP event-package
;that the subscribed resources belong to. A resource list can only provide states
;for resources that belong to the same event-package. This means that you cannot
;create a list that is a combination of presence and message-summary resources,
;for instance. Any event-package that Asterisk supports can be used in a resource
;list (presence, dialog, and message-summary). Whenever support for a new event-
;package is added to Asterisk, support for that event-package in resource lists
;will automatically be supported.
;The "list_item" options indicate the names of resources to subscribe to. The
;way these are interpreted is event-package specific. For instance, with presence
;list_items, hints in the dialplan are looked up. With message-summary list_items,
;mailboxes are looked up using your installed voicemail provider (app_voicemail
;by default). Note that in the above example, the list_item options were given
;one per line. However, it is also permissible to provide multiple list_item
;options on a single line (e.g. list_item = alice,bob,carol).
;In addition to the options presented in the above configuration, there are two
;more configuration options that can be set.
; * full_state: dictates whether Asterisk should always send the states of
; all resources in the list at once. Defaults to "no". You should only set
; this to "yes" if you are interoperating with an endpoint that does not
; behave correctly when partial state notifications are sent to it.
; * notification_batch_interval: By default, Asterisk will send a NOTIFY request
; immediately when a resource changes state. This option causes Asterisk to
; start batching resource state changes for the specified number of milliseconds
; after a resource changes states. This way, if multiple resources change state
; within a brief interval, Asterisk can send a single NOTIFY request with all
; of the state changes reflected in it.
;There is a limitation to the size of resource lists in Asterisk. If a constructed
;notification from Asterisk will exceed 64000 bytes, then the message is deemed
;too large to send. If you find that you are seeing error messages about SIP
;NOTIFY requests being too large to send, consider breaking your lists into
;sub-lists.
;============EXAMPLE PHONEPROV CONFIGURATION================================
; Before configuring provisioning here, see the documentation for res_phoneprov
; and configure phoneprov.conf appropriately.
; For each user to be autoprovisioned, a [phoneprov] configuration section
; must be created. At a minimum, the 'type', 'PROFILE' and 'MAC' variables must
; be set. All other variables are optional.
; Example:
;[1000]
;type=phoneprov ; must be specified as 'phoneprov'
;endpoint=1000 ; Required only if automatic setting of
; USERNAME, SECRET, DISPLAY_NAME and CALLERID
; are needed.
;PROFILE=digium ; required
;MAC=deadbeef4dad ; required
;SERVER=myserver.example.com ; A standard variable
;TIMEZONE=America/Denver ; A standard variable
;MYVAR=somevalue ; A user confdigured variable
; If the phoneprov sections have common variables, it is best to create a
; phoneprov template. The example below will produce the same configuration
; as the one specified above except that MYVAR will be overridden for
; the specific user.
; Example:
;[phoneprov_defaults](!)
;type=phoneprov ; must be specified as 'phoneprov'
;PROFILE=digium ; required
;SERVER=myserver.example.com ; A standard variable
;TIMEZONE=America/Denver ; A standard variable
;MYVAR=somevalue ; A user configured variable
;[1000](phoneprov_defaults)
;endpoint=1000 ; Required only if automatic setting of
; USERNAME, SECRET, DISPLAY_NAME and CALLERID
; are needed.
;MAC=deadbeef4dad ; required
;MYVAR=someOTHERvalue ; A user confdigured variable
; To have USERNAME and SECRET automatically set, the endpoint
; specified here must in turn have an outbound_auth section defined.
; Fuller example:
;[1000]
;type=endpoint
;outbound_auth=1000-auth
;callerid=My Name <8005551212>
;transport=transport-udp-nat
;[1000-auth]
;type=auth
;auth_type=userpass
;username=myname
;password=mysecret
;[phoneprov_defaults](!)
;type=phoneprov ; must be specified as 'phoneprov'
;PROFILE=someprofile ; required
;SERVER=myserver.example.com ; A standard variable
;TIMEZONE=America/Denver ; A standard variable
;MYVAR=somevalue ; A user configured variable
;[1000](phoneprov_defaults)
;endpoint=1000 ; Required only if automatic setting of
; USERNAME, SECRET, DISPLAY_NAME and CALLERID
; are needed.
;MAC=deadbeef4dad ; required
;MYVAR=someUSERvalue ; A user confdigured variable
;LABEL=1000 ; A standard variable
; The previous sections would produce a template substitution map as follows:
;MAC=deadbeef4dad ;added by pp1000
;USERNAME=myname ;automatically added by 1000-auth username
;SECRET=mysecret ;automatically added by 1000-auth password
;PROFILE=someprofile ;added by defaults
;SERVER=myserver.example.com ;added by defaults
;SERVER_PORT=5060 ;added by defaults
;MYVAR=someUSERvalue ;added by defaults but overdidden by user
;CALLERID=8005551212 ;automatically added by 1000 callerid
;DISPLAY_NAME=My Name ;automatically added by 1000 callerid
;TIMEZONE=America/Denver ;added by defaults
;TZOFFSET=252100 ;automatically calculated by res_phoneprov
;DST_ENABLE=1 ;automatically calculated by res_phoneprov
;DST_START_MONTH=3 ;automatically calculated by res_phoneprov
;DST_START_MDAY=9 ;automatically calculated by res_phoneprov
;DST_START_HOUR=3 ;automatically calculated by res_phoneprov
;DST_END_MONTH=11 ;automatically calculated by res_phoneprov
;DST_END_MDAY=2 ;automatically calculated by res_phoneprov
;DST_END_HOUR=1 ;automatically calculated by res_phoneprov
;ENDPOINT_ID=1000 ;automatically added by this module
;AUTH_ID=1000-auth ;automatically added by this module
;TRANSPORT_ID=transport-udp-nat ;automatically added by this module
;LABEL=1000 ;added by user
; MODULE PROVIDING BELOW SECTION(S): res_pjsip
;==========================ENDPOINT SECTION OPTIONS=========================
;[endpoint]
; SYNOPSIS: Endpoint
;100rel=yes ; Allow support for RFC3262 provisional ACK tags (default:
; "yes")
;aggregate_mwi=yes ; (default: "yes")
;allow= ; Media Codec s to allow (default: "")
;allow_overlap=yes ; Enable RFC3578 overlap dialing support. (default: "yes")
;overlap_context=default ; Context to used for overlap dialing matches
; (default: same as context option)
;aors= ; AoR s to be used with the endpoint (default: "")
;auth= ; Authentication Object s associated with the endpoint (default: "")
;callerid= ; CallerID information for the endpoint (default: "")
;callerid_privacy=allowed_not_screened ; Default privacy level (default: "allowed_not_screened")
;callerid_tag= ; Internal id_tag for the endpoint (default: "")
;context=default ; Dialplan context for inbound sessions (default:
; "default")
;direct_media_glare_mitigation=none ; Mitigation of direct media re INVITE
; glare (default: "none")
;direct_media_method=invite ; Direct Media method type (default: "invite")
;trust_connected_line=yes ; Accept Connected Line updates from this endpoint
; (default: "yes")
;send_connected_line=yes ; Send Connected Line updates to this endpoint
; (default: "yes")
;connected_line_method=invite ; Connected line method type.
; When set to "invite", check the remote's
; Allow header and if UPDATE is allowed, send
; UPDATE instead of INVITE to avoid SDP
; renegotiation. If UPDATE is not Allowed,
; send INVITE.
; If set to "update", send UPDATE regardless
; of what the remote Allows.
; (default: "invite")
;direct_media=yes ; Determines whether media may flow directly between
; endpoints (default: "yes")
;disable_direct_media_on_nat=no ; Disable direct media session refreshes when
; NAT obstructs the media session (default:
; "no")
;disallow= ; Media Codec s to disallow (default: "")
;dtmf_mode=rfc4733 ; DTMF mode (default: "rfc4733")
;media_address= ; IP address used in SDP for media handling (default: "")
;bind_rtp_to_media_address= ; Bind the RTP session to the media_address.
; This causes all RTP packets to be sent from
; the specified address. (default: "no")
;force_rport=yes ; Force use of return port (default: "yes")
;ice_support=no ; Enable the ICE mechanism to help traverse NAT (default: "no")
;identify_by=username ; A comma-separated list of ways the Endpoint or AoR can be
; identified.
; "username": Identify by the From or To username and domain
; "auth_username": Identify by the Authorization username and realm
; "ip": Identify by the source IP address
; "header": Identify by a configured SIP header value.
; "request_uri": Identify by the configured SIP request URI.
; In the username and auth_username cases, if an exact match
; on both username and domain/realm fails, the match is
; retried with just the username.
; (default: "username,ip")
;redirect_method=user ; How redirects received from an endpoint are handled
; (default: "user")
;mailboxes= ; NOTIFY the endpoint when state changes for any of the specified mailboxes.
; Asterisk will send unsolicited MWI NOTIFY messages to the endpoint when state
; changes happen for any of the specified mailboxes. (default: "")
;voicemail_extension= ; The voicemail extension to send in the NOTIFY Message-Account header
; (default: global/default_voicemail_extension)
;mwi_subscribe_replaces_unsolicited=no
; An MWI subscribe will replace unsoliticed NOTIFYs
; (default: "no")
;moh_suggest=default ; Default Music On Hold class (default: "default")
;moh_passthrough=yes ; Pass Music On Hold through using SIP re-invites with sendonly
; when placing on hold and sendrecv when taking off hold
;outbound_auth= ; Authentication object used for outbound requests (default:
; "")
;outbound_proxy= ; Proxy through which to send requests, a full SIP URI
; must be provided (default: "")
;rewrite_contact=no ; Allow Contact header to be rewritten with the source
; IP address port (default: "no")
;rtp_symmetric=no ; Enforce that RTP must be symmetric (default: "no")
;send_diversion=yes ; Send the Diversion header conveying the diversion
; information to the called user agent (default: "yes")
;send_pai=no ; Send the P Asserted Identity header (default: "no")
;send_rpid=no ; Send the Remote Party ID header (default: "no")
;rpid_immediate=no ; Send connected line updates on unanswered incoming calls immediately. (default: "no")
;timers_min_se=90 ; Minimum session timers expiration period (default:
; "90")
;timers=yes ; Session timers for SIP packets (default: "yes")
;timers_sess_expires=1800 ; Maximum session timer expiration period
; (default: "1800")
;transport= ; Explicit transport configuration to use (default: "")
; This will force the endpoint to use the specified transport
; configuration to send SIP messages. You need to already know
; what kind of transport (UDP/TCP/IPv4/etc) the endpoint device
; will use.
;trust_id_inbound=no ; Accept identification information received from this
; endpoint (default: "no")
;trust_id_outbound=no ; Send private identification details to the endpoint
; (default: "no")
;type= ; Must be of type endpoint (default: "")
;use_ptime=no ; Use Endpoint s requested packetisation interval (default:
; "no")
;use_avpf=no ; Determines whether res_pjsip will use and enforce usage of
; AVPF for this endpoint (default: "no")
;media_encryption=no ; Determines whether res_pjsip will use and enforce
; usage of media encryption for this endpoint (default:
; "no")
;media_encryption_optimistic=no ; Use encryption if possible but don't fail the call
; if not possible.
;g726_non_standard=no ; When set to "yes" and an endpoint negotiates g.726
; audio then g.726 for AAL2 packing order is used contrary
; to what is recommended in RFC3551. Note, 'g726aal2' also
; needs to be specified in the codec allow list
; (default: "no")
;inband_progress=no ; Determines whether chan_pjsip will indicate ringing
; using inband progress (default: "no")
;call_group= ; The numeric pickup groups for a channel (default: "")
;pickup_group= ; The numeric pickup groups that a channel can pickup (default:
; "")
;named_call_group= ; The named pickup groups for a channel (default: "")
;named_pickup_group= ; The named pickup groups that a channel can pickup
; (default: "")
;device_state_busy_at=0 ; The number of in use channels which will cause busy
; to be returned as device state (default: "0")
;t38_udptl=no ; Whether T 38 UDPTL support is enabled or not (default: "no")
;t38_udptl_ec=none ; T 38 UDPTL error correction method (default: "none")
;t38_udptl_maxdatagram=0 ; T 38 UDPTL maximum datagram size (default:
; "0")
;fax_detect=no ; Whether CNG tone detection is enabled (default: "no")
;fax_detect_timeout=30 ; How many seconds into a call before fax_detect is
; disabled for the call.
; Zero disables the timeout.
; (default: "0")
;t38_udptl_nat=no ; Whether NAT support is enabled on UDPTL sessions
; (default: "no")
;t38_bind_rtp_to_media_address= ; Bind the UDPTL session to the media_address.
; This causes all UDPTL packets to be sent from
; the specified address. (default: "no")
;tone_zone= ; Set which country s indications to use for channels created
; for this endpoint (default: "")
;language= ; Set the default language to use for channels created for this
; endpoint (default: "")
;one_touch_recording=no ; Determines whether one touch recording is allowed for
; this endpoint (default: "no")
;record_on_feature=automixmon ; The feature to enact when one touch recording
; is turned on (default: "automixmon")
;record_off_feature=automixmon ; The feature to enact when one touch recording
; is turned off (default: "automixmon")
;rtp_engine=asterisk ; Name of the RTP engine to use for channels created
; for this endpoint (default: "asterisk")
;allow_transfer=yes ; Determines whether SIP REFER transfers are allowed
; for this endpoint (default: "yes")
;sdp_owner=- ; String placed as the username portion of an SDP origin o line
; (default: "-")
;sdp_session=Asterisk ; String used for the SDP session s line (default:
; "Asterisk")
;tos_audio=0 ; DSCP TOS bits for audio streams (default: "0")
;tos_video=0 ; DSCP TOS bits for video streams (default: "0")
;cos_audio=0 ; Priority for audio streams (default: "0")
;cos_video=0 ; Priority for video streams (default: "0")
;allow_subscribe=yes ; Determines if endpoint is allowed to initiate
; subscriptions with Asterisk (default: "yes")
;sub_min_expiry=0 ; The minimum allowed expiry time for subscriptions
; initiated by the endpoint (default: "0")
;from_user= ; Username to use in From header for requests to this endpoint
; (default: "")
;mwi_from_user= ; Username to use in From header for unsolicited MWI NOTIFYs to
; this endpoint (default: "")
;from_domain= ; Domain to user in From header for requests to this endpoint
; (default: "")
;dtls_verify=no ; Verify that the provided peer certificate is valid (default:
; "no")
;dtls_rekey=0 ; Interval at which to renegotiate the TLS session and rekey
; the SRTP session (default: "0")
;dtls_auto_generate_cert= ; Enable ephemeral DTLS certificate generation (default:
; "no")
;dtls_cert_file= ; Path to certificate file to present to peer (default:
; "")
;dtls_private_key= ; Path to private key for certificate file (default:
; "")
;dtls_cipher= ; Cipher to use for DTLS negotiation (default: "")
;dtls_ca_file= ; Path to certificate authority certificate (default: "")
;dtls_ca_path= ; Path to a directory containing certificate authority
; certificates (default: "")
;dtls_setup= ; Whether we are willing to accept connections connect to the
; other party or both (default: "")
;dtls_fingerprint= ; Hash to use for the fingerprint placed into SDP
; (default: "SHA-256")
;srtp_tag_32=no ; Determines whether 32 byte tags should be used instead of 80
; byte tags (default: "no")
;set_var= ; Variable set on a channel involving the endpoint. For multiple
; channel variables specify multiple 'set_var'(s)
;rtp_keepalive= ; Interval, in seconds, between comfort noise RTP packets if
; RTP is not flowing. This setting is useful for ensuring that
; holes in NATs and firewalls are kept open throughout a call.
;rtp_timeout= ; Hang up channel if RTP is not received for the specified
; number of seconds when the channel is off hold (default:
; "0" or not enabled)
;rtp_timeout_hold= ; Hang up channel if RTP is not received for the specified
; number of seconds when the channel is on hold (default:
; "0" or not enabled)
;contact_user= ; On outgoing requests, force the user portion of the Contact
; header to this value (default: "")
;incoming_call_offer_pref= ; Based on this setting, a joint list of
; preferred codecs between those received in an
; incoming SDP offer (remote), and those specified
; in the endpoint's "allow" parameter (local)
; is created and is passed to the Asterisk core.
;
; local - Include all codecs in the local list that
; are also in the remote list preserving the local
; order. (default).
; local_first - Include only the first codec in the
; local list that is also in the remote list.
; remote - Include all codecs in the remote list that
; are also in the local list preserving remote list
; order.
; remote_first - Include only the first codec in
; the remote list that is also in the local list.
;outgoing_call_offer_pref= ; Based on this setting, a joint list of
; preferred codecs between those received from the
; Asterisk core (remote), and those specified in
; the endpoint's "allow" parameter (local) is
; created and is used to create the outgoing SDP
; offer.
;
; local - Include all codecs in the local list that
; are also in the remote list preserving the local
; order.
; local_merge - Include all codecs in the local list
; preserving the local order.
; local_first - Include only the first codec in the
; local list.
; remote - Include all codecs in the remote list that
; are also in the local list preserving remote list
; order.
; remote_merge - Include all codecs in the local list
; preserving the remote list order. (default)
; remote_first - Include only the first codec in the
; remote list that is also in the local list.
;preferred_codec_only=no ; Respond to a SIP invite with the single most
; preferred codec rather than advertising all joint
; codec capabilities. This limits the other side's
; codec choice to exactly what we prefer.
; default is no.
; NOTE: This option is deprecated in favor
; of incoming_call_offer_pref. Setting both
; options is unsupported.
;asymmetric_rtp_codec= ; Allow the sending and receiving codec to differ and
; not be automatically matched (default: "no")
;refer_blind_progress= ; Whether to notifies all the progress details on blind
; transfer (default: "yes"). The value "no" is useful
; for some SIP phones (Mitel/Aastra, Snom) which expect
; a sip/frag "200 OK" after REFER has been accepted.
;notify_early_inuse_ringing = ; Whether to notifies dialog-info 'early'
; on INUSE && RINGING state (default: "no").
; The value "yes" is useful for some SIP phones
; (Cisco SPA) to be able to indicate and pick up
; ringing devices.
;max_audio_streams= ; The maximum number of allowed negotiated audio streams
; (default: 1)
;max_video_streams= ; The maximum number of allowed negotiated video streams
; (default: 1)
;webrtc= ; When set to "yes" this also enables the following values that are needed
; for webrtc: rtcp_mux, use_avpf, ice_support, and use_received_transport.
; The following configuration settings also get defaulted as follows:
; media_encryption=dtls
; dtls_verify=fingerprint
; dtls_setup=actpass
; A dtls_cert_file and a dtls_ca_file still need to be specified.
; Default for this option is "no"
;incoming_mwi_mailbox = ; Mailbox name to use when incoming MWI NOTIFYs are
; received.
; If an MWI NOTIFY is received FROM this endpoint,
; this mailbox will be used when notifying other modules
; of MWI status changes. If not set, incoming MWI
; NOTIFYs are ignored.
;follow_early_media_fork = ; On outgoing calls, if the UAS responds with
; different SDP attributes on subsequent 18X or 2XX
; responses (such as a port update) AND the To tag
; on the subsequent response is different than that
; on the previous one, follow it. This usually
; happens when the INVITE is forked to multiple UASs
; and more than 1 sends an SDP answer.
; This option must also be enabled in the system
; section.
; (default: yes)
;accept_multiple_sdp_answers =
; On outgoing calls, if the UAS responds with
; different SDP attributes on non-100rel 18X or 2XX
; responses (such as a port update) AND the To tag on
; the subsequent response is the same as that on the
; previous one, process it. This can happen when the
; UAS needs to change ports for some reason such as
; using a separate port for custom ringback.
; This option must also be enabled in the system
; section.
; (default: no)
;suppress_q850_reason_headers =
; Suppress Q.850 Reason headers for this endpoint.
; Some devices can't accept multiple Reason headers
; and get confused when both 'SIP' and 'Q.850' Reason
; headers are received. This option allows the
; 'Q.850' Reason header to be suppressed.
; (default: no)
;ignore_183_without_sdp =
; Do not forward 183 when it doesn't contain SDP.
; Certain SS7 internetworking scenarios can result in
; a 183 to be generated for reasons other than early
; media. Forwarding this 183 can cause loss of
; ringback tone. This flag emulates the behavior of
; chan_sip and prevents these 183 responses from
; being forwarded.
; (default: no)
;stir_shaken =
; If this is enabled, STIR/SHAKEN operations will be
; performed on this endpoint. This includes inbound
; and outbound INVITEs. On an inbound INVITE, Asterisk
; will check for an Identity header and attempt to
; verify the call. On an outbound INVITE, Asterisk will
; add an Identity header that others can use to verify
; calls from this endpoint. Additional configuration is
; done in stir_shaken.conf.
; The STIR_SHAKEN dialplan function must be used to get
; the verification results on inbound INVITEs. Nothing
; happens to the call if verification fails; it's up to
; you to determine what to do with the results.
; (default: no)
;stir_shaken_profile =
; If a profile is specified (defined in stir_shaken.conf),
; this endpoint will follow the rules defined there.
;allow_unauthenticated_options =
; By default, chan_pjsip will challenge an incoming
; OPTIONS request for authentication credentials just
; as it would an INVITE request. This is consistent
; with RFC 3261.
; There are many UAs that use an OPTIONS request as a
; "ping" and they expect a 200 response indicating that
; the remote party is up and running without a need to
; authenticate.
; Setting allow_unauthenticated_options to 'yes' will
; instruct chan_pjsip to skip the authentication step
; when it receives an OPTIONS request for this
; endpoint.
; There are security implications to enabling this
; setting as it can allow information disclosure to
; occur - specifically, if enabled, an external party
; could enumerate and find the endpoint name by
; sending OPTIONS requests and examining the
; responses.
; (default: no)
;geoloc_incoming_call_profile =
; This geolocation profile will be applied to all calls received
; by the channel driver from the remote endpoint before they're
; forwarded to the dialplan.
;geoloc_outgoing_call_profile =
; This geolocation profile will be applied to all calls received
; by the channel driver from the dialplan before they're forwarded
; the remote endpoint.
;
; send_aoc =
; This options turns on and off support for sending AOC to endpoints.
; AOC updates can be sent using the AOCMessage AMI action or come
; from PRI channels.
; (default: no)