## /etc/siproxd.conf - siproxd configuration file## !! This is a sample fi

1. #
2. # /etc/siproxd.conf - siproxd configuration file
3. #
4. # !! This is a sample file, adapt it to your needs before using it !!
5. #
6. # !! Strings MUST NOT contain spaces !!
7. #
8.  
9. ######################################################################
10. # The interface names of INBOUND and OUTBOUND interface.
11. #
12. # If siproxd is not running on the host doing the masquerading
13. # but on a host within the private network segment, "in front" of
14. # the masquerading router: define if_inbound and if_outbound to
15. # point to the same interface (the inbound interface). In *addition*
16. # define 'host_outbound' to hold your external (public) IP address
17. # or a hostname that resolves to that address (use a dyndns address for
18. # example).
19. #
20. if_inbound = bge0
21. if_outbound = bge0
22. # uncomment the following line ONLY IF YOU KNOW WHAT YOU ARE DOING!
23. # READ THE FAQ FIRST!
24. #host_outbound = 1.2.3.4
25.  
26. ######################################################################
27. # Access control.
28. # Access lists in the form: IP/mask (ex. 10.0.0.1/24)
29. # Multiple entries may be separated by commas NO SPACES ARE ALLOWED!!
30. # Empty list means 'does not apply' - no filtering is done then.
31. # For *allow* lists this means: always allow, for *deny* lists that
32. # this means never deny.
33. #
34. # hosts_allow_reg: defines nets from which we accept registrations
35. # Registrations are *ONLY* allowed from INBOUND!
36. # hosts_allow_sip: defines nets from which we accept SIP traffic
37. # hosts_deny_sip: defines nets from which we deny SIP traffic
38. #
39. # - The deny list takes precedence over the allow lists.
40. # - The allow_reg list also implies allowance for sip.
41. #
42. # Example for usage:
43. # local private net -> allow_reg list
44. # external nets (from which we accept incoming calls) -> allow_sip
45. #
46. # NOTE: Improper setting here will result in dropped SIP packets!
47. # Usually you do NOT want to define hosts_allow_sip!
48. #
49. #hosts_allow_reg = 192.168.1.8/24
50. #hosts_allow_sip = 123.45.0.0/16,123.46.0.0/16
51. #hosts_deny_sip = 10.0.0.0/8,11.0.0.0/8
52.  
53.  
54. ######################################################################
55. # Port to listen for incoming SIP messages.
56. # 5060 is usually the correct choice - don't change this unless you
57. # know what you're doing
58. #
59. sip_listen_port = 5060
60.  
61.  
62. ######################################################################
63. # Shall we daemonize?
64. #
65. daemonize = 1
66.  
67. ######################################################################
68. # What shall I log to syslog?
69. # 0 - DEBUGs, INFOs, WARNINGs and ERRORs
70. # 1 - INFOs, WARNINGs and ERRORs (this is the default)
71. # 2 - WARNINGs and ERRORs
72. # 3 - only ERRORs
73. # 4 - absolutely nothing (be careful - you will have no way to
74. # see what siproxd is doing - or NOT doing)
75. silence_log = 1
76.  
77. ######################################################################
78. # Secure Enviroment settings:
79. # user: uid/gid to switch to after startup
80. # chrootjail: path to chroot to (chroot jail)
81. user = nobody
82. chrootjail = /var/tmp/siproxd/
83.  
84. ######################################################################
85. # Registration file:
86. # Where to store the current registrations.
87. # An empty value means we do not save registrations. Make sure that
88. # the specified directory path does exist!
89. # Note: If running in chroot jail, this path starts relative
90. # to the jail.
91. registration_file = /var/log/siproxd.registr
92.  
93. ######################################################################
94. # Automatically save current registrations every 'n' seconds
95. #
96. autosave_registrations = 1000
97.  
98. ######################################################################
99. # PID file:
100. # Where to create the PID file.
101. # This file holds the PID of the main thread of siproxd.
102. # Note: If running in chroot jail, this path starts relative
103. # to the jail.
104. pid_file = /var/run/siproxd.pid
105.  
106. ######################################################################
107. # global switch to control the RTP proxy behaviour
108. # 0 - RTP proxy disabled
109. # 1 - RTP proxy (UDP relay of siproxd)
110. #
111. # Note: IPCHAINS and IPTABLES(netfilter) support is no longer present!
112. #
113. rtp_proxy_enable = 1
114.  
115. ######################################################################
116. # Port range to allocate listen ports from for incoming RTP traffic
117. # This should be a range that is not blocked by the firewall
118. #
119. rtp_port_low = 7070
120. rtp_port_high = 7099
121.  
122. ######################################################################
123. # Timeout for RTP streams
124. # after this number of seconds, an RTP stream is considered dead
125. # and proxying for it will be stopped.
126. # Be aware that this timeout also applies to streams that are
127. # in HOLD.
128. #
129. rtp_timeout = 300
130.  
131. ######################################################################
132. # DSCP value for sent RTP packets
133. # The Differentiated Service Code Point is a selector for
134. # router's per-hop behaviours.
135. # RFC2598 defined a "expedited forwarding" service. This service
136. # is designed to allow ISPs to offer a service with attributes
137. # similar to a "leased line". This service offers the ULTIMATE IN LOW
138. # LOSS, LOW LATENCY AND LOW JITTER by ensuring that there is always
139. # sufficent room in output queues for the contracted expedited forwarding
140. # traffic.
141. # The Expedited Forwarding service has a DSCP of 46.
142. # Putting a 0 here means that siproxd does NOT set the DSCP field.
143. # Siproxd must be started as root for this to work.
144. #
145. rtp_dscp = 46
146.  
147. ######################################################################
148. # DSCP value for sent SIP packets
149. # Same as above but for SIP signalling.
150. #
151. sip_dscp = 0
152.  
153. ######################################################################
154. # Dejitter value
155. # Artificial delay to be used to de-jitter RTP data streams.
156. # This time is in microseconds.
157. # 0 - completely disable dejitter (default)
158. #
159. rtp_input_dejitter = 0
160. rtp_output_dejitter = 0
161.  
162. ######################################################################
163. # Default Expiration timeout for Registrations
164. # If a REGISTER request does not contain an Expires header
165. # or expires= parameter in the Contact header, this number of
166. # seconds will be used - and reported back to the UA in the answer.
167. #
168. default_expires = 600
169.  
170. ######################################################################
171. # Proxy authentication
172. # If proxy_auth_realm is defined (a string), clients will be forced
173. # to authenticate themselfes at the proxy (for registration only).
174. # To disable Authentication, simply comment out this line.
175. # Note: The proxy_auth_pwfile is independent of the chroot jail.
176. #
177. #proxy_auth_realm = Authentication_Realm
178. #
179. # the (global) password to use (will be the same for all local clients)
180. #
181. #proxy_auth_passwd = password
182. #
183. # OR use individual per user passwords stored in a file
184. #
185. #proxy_auth_pwfile = /etc/siproxd_passwd.cfg
186. #
187. # 'proxy_auth_pwfile' has precedence over 'proxy_auth_passwd'
188.  
189. ######################################################################
190. # Debug level... (setting to -1 will enable everything)
191. #
192. # DBCLASS_BABBLE 0x00000001 // babble (like entering/leaving func)
193. # DBCLASS_NET 0x00000002 // network
194. # DBCLASS_SIP 0x00000004 // SIP manipulations
195. # DBCLASS_REG 0x00000008 // Client registration
196. # DBCLASS_NOSPEC 0x00000010 // non specified class
197. # DBCLASS_PROXY 0x00000020 // proxy
198. # DBCLASS_DNS 0x00000040 // DNS stuff
199. # DBCLASS_NETTRAF 0x00000080 // network traffic
200. # DBCLASS_CONFIG 0x00000100 // configuration
201. # DBCLASS_RTP 0x00000200 // RTP proxy
202. # DBCLASS_ACCESS 0x00000400 // Access list evaluation
203. # DBCLASS_AUTH 0x00000800 // Authentication
204. # DBCLASS_PLUGIN 0x00001000 // Plugins
205. # DCLASS_RTPBABL 0x00002000 // RTP babble
206. #
207. debug_level = 0x00000000
208.  
209. ######################################################################
210. # TCP debug port
211. #
212. # You may connect to this port from a remote machine and
213. # receive the debug output. This allows bettwer creation of
214. # odebug output on embedded systems that do not have enough
215. # memory for large disk files.
216. # Port number 0 means this feature is disabled.
217. #
218. debug_port = 0
219.  
220. ######################################################################
221. # Mask feature (experimental)
222. #
223. # Some UAs will always use the host/ip they register with as
224. # host part in the registration record (which will be the inbound
225. # ip address / hostname of the proxy) and can not be told to use a
226. # different host part in the registration record (like sipphone, FWD,
227. # iptel, ...)
228. # This Mask feature allows to force such a UA to be masqueraded to
229. # use different host.
230. # -> Siemens SIP Phones seem to need this feature.
231. #
232. # Unles you really KNOW that you need this, don't enable it.
233. #
234. # mask_host=<inbound_ip/hostname>
235. # masked_host=<hostname_to_be_masqueraded_as>
236. #
237. # mask_host=10.0.1.1 -- inbound IP address of proxy
238. # masked_host=my.public.host -- outbound hostname proxy
239.  
240. ######################################################################
241. # User Agent Masquerading
242. #
243. # Siproxd can masquerade the User Agent string of your local UAs.
244. # Useful for Providers that do not work with some specific UAs
245. # (e.g. sipcall.ch - it does not work if your outgoing SIP
246. # traffic contains an Asterisk UA string...)
247. # Default is to do no replacement.
248. #
249. #ua_string = Siproxd-UA
250.  
251. ######################################################################
252. # Use ;rport in via header
253. #
254. # may be required in some cases where you have a NAT router that
255. # remaps the source port 5060 to something different and the
256. # registrar sends back the responses to port 5060.
257. # Default is disabled
258. # 0 - do not add ;rport to via header
259. # 1 - do add ;rport to INCOMING via header only
260. # 2 - do add ;rport to OUTGOING via header only
261. # 3 - do add ;rport to OUTGOING and INCOMING via headers
262. #
263. # use_rport = 0
264.  
265. ######################################################################
266. # Outbound proxy
267. #
268. # Siproxd itself can be told to send all traffic to another
269. # outbound proxy.
270. # You can use this feature to 'chain' multiple siproxd proxies
271. # if you have several masquerading firewalls to cross.
272. #
273. # outbound_proxy_host = my.outboundproxy.org
274. # outbound_proxy_port = 5060
275.  
276. ######################################################################
277. # Outbound proxy (Provider specific)
278. #
279. # Outbound proxies can be specified on a per-domain base.
280. # This allows to use an outbound proxy needed for ProviderA
281. # and none (or another) for ProviderB.
282. #
283. #outbound_domain_name = freenet.de
284. #outbound_domain_host = proxy.for.domain.freende.de
285. #outbound_domain_port = 5060
286.  
287.  
288. ######################################################################
289. # Loadable Plug-ins
290. #
291. # The plugins are loaded in the order they appear here. Also
292. # the processing order is given by the load order.
293. #
294. # plugin_dir: MUST be terminated with '/'
295. plugindir=/usr/local/lib/siproxd/
296. #
297. # List of plugins to load. MUST use the .la file extension!
298. #load_plugin=plugin_demo.la
299. #load_plugin=plugin_shortdial.la
300. load_plugin=plugin_logcall.la
301. #load_plugin=plugin_defaulttarget.la
302. #load_plugin=plugin_fix_bogus_via.la
303.  
304.  
305. ######################################################################
306. # Plugin_demo
307. #
308. #plugin_demo_string = This_is_a_string_passed_to_the_demo_plugin
309.  
310. ######################################################################
311. # Plugin_shortdial
312. #
313. # Quick Dial (Short Dial)
314. # ability to define quick dial numbers that can be accessed by
315. # dialing "*00" from a local phone. '00' corresponds to the entry number
316. # (pi_shortdial_entry) below. The '*' character can be chosen freely
317. # (pi_shortdial_akey).
318. # Note: If this module is enabled, there does NOT exist a way to dial
319. # a "real" number like *01, siproxd will try to replace it by it's
320. # quick dial entry.
321. #
322. # The first character is the "key", the following characters give
323. # the length of the number string. E.g. "*00" allows speed dials
324. # from *01 to *99. (the number "*100" will be passed through unprocessed)
325. plugin_shortdial_akey = *00
326. #
327. # *01 sipphone echo test
328. plugin_shortdial_entry = 1000
329. # *02 sipphone welcome message
330. plugin_shortdial_entry = 2000
331.  
332. ######################################################################
333. # Plugin_defaulttarget
334. #
335. # Log redirects to syslog
336. #plugin_defaulttarget_log = 1
337. # target must be a full SIP URI with the syntax
338. # sip:user@host[:port]
339. #plugin_defaulttarget_target = sip:internal@dddd:port
340.  
341. ######################################################################
342. # Plugin_fix_bogus_via
343. #
344. # Incoming (from public network) SIP messages are checked for broken
345. # SIP Via headers. If the IP address in the latest Via Header is
346. # part of the list below, it will be replaced by the IP where the
347. # SIP message has been received from.
348. plugin_fix_bogus_via_networks = 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16