# # OpenSIPS residential configuration script # by OpenSIPS Solutions # # Please refer to the Core CookBook at: # http://www.opensips.org/Resources/DocsCookbooks # for a explanation of possible statements, functions and parameters. # ####### Global Parameters ######### debug_mode=yes log_level=2 xlog_level=2 log_stderror=yes log_facility=LOG_LOCAL0 udp_workers=2 # Set up listeners socket = bin:172.xx.xx.xx:5566 socket = udp:172.xx.xx.xx:5066 socket = udp:172.xx.xx.xx:5077 socket = udp:172.xx.xx.xx:5067 socket = ws:172.xx.xx.xx:6060 as os.sip.xxxx.cloud socket = wss:172.xx.xx.xx:443 as os.sip.xxxx.cloud ####### Modules Section ######## # set module path mpath="/usr/lib/x86_64-linux-gnu/opensips/modules/" loadmodule "tls_mgm.so" #### SIGNALING module loadmodule "signaling.so" #### StateLess module loadmodule "sl.so" #### Transaction Module loadmodule "tm.so" modparam("tm", "fr_timeout", 5) modparam("tm", "fr_inv_timeout", 30) modparam("tm", "restart_fr_on_each_reply", 0) modparam("tm", "onreply_avp_mode", 1) #### DB Modules loadmodule "db_mysql.so" modparam("db_mysql", "exec_query_threshold", 60000) modparam("db_mysql", "max_db_queries", 20) #### MOngoDB Module loadmodule "cachedb_mongodb.so" modparam("cachedb_mongodb", "cachedb_url", "mongodb://user:pwd@XXXXXX-shard-00-00.okdm0.mongodb.net:27017,XXXXXXX-shard-00-01.okdm0.mongodb.net:27017,XXXX-shard-00-02.okdm0.mongodb.net:27017/myFirstDatabase.userlocation?ssl=true&authSource=admin&retryWrites=true&w=majority") #### Record Route Module loadmodule "rr.so" modparam("rr", "enable_double_rr", 1) modparam("rr", "append_fromtag", 0) #### MAX ForWarD module loadmodule "maxfwd.so" #### SIP MSG OPerationS module loadmodule "sipmsgops.so" #### FIFO Management Interface loadmodule "mi_fifo.so" modparam("mi_fifo", "fifo_name", "/tmp/opensips_fifo") modparam("mi_fifo", "fifo_mode", 0666) #### USeR LOCation module loadmodule "usrloc.so" # modparam("usrloc", "nat_bflag", "NAT") # modparam("usrloc", "db_mode", 0) modparam("usrloc", "use_domain", 1) modparam("usrloc", "working_mode_preset", "federation-cachedb-cluster") modparam("usrloc", "location_cluster", 1) modparam("usrloc", "cachedb_url", "mongodb://user:pwd@XXXXXX-shard-00-00.okdm0.mongodb.net:27017,XXXXXX-shard-00-01.okdm0.mongodb.net:27017,XXXXXX-shard-00-02.okdm0.mongodb.net:27017/myFirstDatabase.userlocation?ssl=true&authSource=admin&retryWrites=true&w=majority") #### REGISTRAR module loadmodule "registrar.so" modparam("registrar", "default_expires", 1800) modparam("registrar", "attr_avp", "$avp(attr)") modparam("registrar", "max_contacts", 2) ##max_contacts #### RTPengine protocol loadmodule "rtpengine.so" modparam("rtpengine", "rtpengine_sock", "udp:172.xx.xx.102:2223") #### Nathelper protocol loadmodule "nathelper.so" modparam("nathelper", "natping_interval", 30) modparam("nathelper", "sipping_from", "sip:pinger@localhost") modparam("nathelper", "sipping_bflag", "SIPPING_ENABLE") modparam("nathelper", "remove_on_timeout_bflag", "SIPPING_RTO") modparam("nathelper", "max_pings_lost", 5) modparam("nathelper", "cluster_id", 1) ### Load Binary Protocol loadmodule "proto_bin.so" modparam("proto_bin", "bin_port", 5566) #### UDP protocol loadmodule "proto_udp.so" #### WebSocket and WebSocketSecure protocol loadmodule "proto_wss.so" loadmodule "proto_ws.so" # Certificate management modparam("tls_mgm", "server_domain", "dom") modparam("tls_mgm", "match_sip_domain", "[dom]os.sip.xxx.cloud") modparam("tls_mgm", "certificate", "[dom]/etc/opensips/os.sip.xxxx.cloud/cert.pem") modparam("tls_mgm", "private_key", "[dom]/etc/opensips/os.sip.xxxx.cloud/privkey.pem") modparam("tls_mgm", "ca_list", "[dom]/etc/opensips/os.sip.xxxx.cloud/chain.pem") modparam("tls_mgm", "verify_cert", "[dom]0") modparam("tls_mgm", "require_cert", "[dom]0") modparam("tls_mgm", "tls_method", "[dom]TLSv1-") ### Load Custer module loadmodule "clusterer.so" modparam("clusterer", "my_node_id", 1) modparam("clusterer", "db_mode", 0) modparam("clusterer", "my_node_info", "cluster_id=1, url=bin:172.xx.xx.60:5566, sip_addr=172.xx.xx.60:5067, flags=seed") modparam("clusterer", "neighbor_node_info", "cluster_id=1,node_id=2,url=bin:172.xx.yy.60:5566") modparam("clusterer", "neighbor_node_info", "cluster_id=1,node_id=2,url=bin:172.xx.yy.60:5566") #### Load dialog module loadmodule "dialog.so" modparam("dialog", "db_mode", 0) modparam("dialog", "db_update_period", 20) ### Load account module loadmodule "acc.so" modparam("acc", "early_media", 0) modparam("acc", "report_cancels", 0) modparam("acc", "detect_direction", 0) ####### Routing Logic ######## # main request routing logic route{ if (!mf_process_maxfwd_header(10)) { send_reply(483,"Too Many Hops"); exit; } if (has_totag()) { # sequential requests within a dialog should # take the path determined by record-routing if (loose_route()) { if (is_method("INVITE")) { # even if in most of the cases is useless, do RR for # re-INVITEs alos, as some buggy clients do change route set # during the dialog. record_route(); } # route it out to whatever destination was set by loose_route() # in $du (destination URI). route(relay); } else { if ( is_method("ACK") ) { if ( t_check_trans() ) { # non loose-route, but stateful ACK; must be an ACK after # a 487 or e.g. 404 from upstream server t_relay(); exit; } else { # ACK without matching transaction -> # ignore and discard exit; } } send_reply(404,"Not here"); } exit; } # CANCEL processing if (is_method("CANCEL")) { if (t_check_trans()) t_relay(); exit; } t_check_trans(); if (!is_method("REGISTER")) { if (!is_myself("$fd")) { if (!is_myself("$rd")) { send_reply(403,"Relay Forbidden"); exit; } } } # preloaded route checking if (loose_route()) { xlog("L_ERR", "Attempt to route with preloaded Route's [$fu/$tu/$ru/$ci]"); if (!is_method("ACK")) send_reply(403,"Preload Route denied"); exit; } # record routing if (!is_method("REGISTER|MESSAGE")) record_route(); if (!is_myself("$rd")) { append_hf("P-hint: outbound\r\n"); route(relay); } # requests for my domain if (is_method("PUBLISH|SUBSCRIBE")) { send_reply(503,"Service Unavailable"); exit; } # check if the clients are using WebSockets or WebSocketSecure if ($socket_in(proto) == "WS"|| $socket_in(proto) == "WSS"){ setflag("SRC_WS"); } # consider the client is behind NAT - always fix the contact fix_nated_contact(); if (is_method("REGISTER")) { # indicate that the client supports DTLS # so we know when he is called if (isflagset("SRC_WS")){ setbflag("DST_WS"); } fix_nated_register(); if (!save("os.sip.xxxx.cloud")){ sl_reply_error(); } exit; } if ($rU==NULL) { # request with no Username in RURI send_reply(484,"Address Incomplete"); exit; } # do lookup with method filtering $var(lookup_flags) = "m"; $var(rd_backup) = $rd; #sethost("os.sip.xxxx.cloud"); if(cluster_check_addr(1, "$si")){ xlog("\033[36m>>>>>>>>Local---- SorceIP $si >>>-\033[0m--\n"); xlog("$rm from cluster, doing local lookup only\n"); }else{ xlog("\033[36m>>>>>>>>Global---- SorceIP $si >>>-\033[0m--\n"); xlog("$rm from outside, doing global lookup\n"); $var(lookup_flags) = $var(lookup_flags) + "g"; xlog("\033[36m>>>>>>>>-lookup_flags -- $var(lookup_flags) --->>> >>>-\033[0m--\n"); } $var(aor) = "sip:" + $rU + "@" + "os.sip.xxxx.cloud"; if (!lookup("os.sip.xxxx.cloud", "$var(lookup_flags)", "$var(aor)")) { t_reply(404, "Not Found"); exit; } #sethost($var(rd_backup)); do_accounting("log","missed"); route(relay); } route[relay] { # for INVITEs enable some additional helper routes if (is_method("INVITE")) { t_on_branch("handle_nat"); t_on_reply("handle_nat"); } else if (is_method("BYE|CANCEL")) { rtpengine_delete(); } if (!t_relay()) { send_reply(500,"Internal Error"); }; exit; } branch_route[handle_nat] { xlog("\033[31m>>>>>>>>branch_route ------------------- >>>-\033[0m--\n"); if (!is_method("INVITE") || !has_body("application/sdp")) return; if(isbflagset("DST_WS")) xlog("\033[31m>>>>>>>>branch_route Protocol DST_WS ---- set >>>-\033[0m--\n"); if(isflagset("SRC_WS")) xlog("\033[31m>>>>>>>>branch_route Protocol SRC_WS ---- set >>>-\033[0m--\n"); if (isflagset("SRC_WS") && isbflagset("DST_WS")) $var(rtpengine_flags) = "ICE=force-relay DTLS=passive"; else if (isflagset("SRC_WS") && !isbflagset("DST_WS")) $var(rtpengine_flags) = "RTP/AVP replace-session-connection replace-origin ICE=remove rtcp-mux-demux"; else if (!isflagset("SRC_WS") && isbflagset("DST_WS")) $var(rtpengine_flags) = "UDP/TLS/RTP/SAVPF ICE=force SDES-off rtcp-mux-offer"; else if (!isflagset("SRC_WS") && !isbflagset("DST_WS")) $var(rtpengine_flags) = "RTP/AVP replace-session-connection replace-origin ICE=remove"; xlog("\033[31m>>>>>>>>offer flag is ------------------- $var(rtpengine_flags) >>>-\033[0m--\n"); rtpengine_offer("$var(rtpengine_flags)"); } onreply_route[handle_nat] { xlog("\033[31m>>>>>>>>onreply_route ------------------- >>>-\033[0m--\n"); fix_nated_contact(); if (!has_body("application/sdp")) return; if(isbflagset("DST_WS")) xlog("\033[31m>>>>>>>>onreply_route Protocol DST_WS ---- set >>>-\033[0m--\n"); if(isflagset("SRC_WS")) xlog("\033[31m>>>>>>>>onreply_route Protocol SRC_WS ---- set >>>-\033[0m--\n"); if (isflagset("SRC_WS") && isbflagset("DST_WS DTLS=passive")) $var(rtpengine_flags) = "ICE=force-relay DTLS=passive"; else if (isflagset("SRC_WS") && !isbflagset("DST_WS")) $var(rtpengine_flags) = "UDP/TLS/RTP/SAVPF ICE=force"; else if (!isflagset("SRC_WS") && isbflagset("DST_WS")) $var(rtpengine_flags) = "RTP/AVP replace-session-connection replace-origin ICE=remove"; else if (!isflagset("SRC_WS") && !isbflagset("DST_WS")) $var(rtpengine_flags) = "RTP/AVP replace-session-connection replace-origin ICE=remove"; xlog("\033[31m>>>>>>>>answer flag is ------------------- $var(rtpengine_flags) >>>-\033[0m--\n"); rtpengine_answer("$var(rtpengine_flags)"); }