# # $Id: ser.cfg,v 1.21.4.1 2003/11/10 15:35:15 andrei Exp $ # # simple quick-start config script # # -----------------global configuration parameters -------------------------------------- debug=3 #debug level (cmd line: -dddddddddd) fork=yes log_stderror=no # (cmd line: -E) /* Uncomment these lines to enter debugging mode debug=7 fork=no log_stderror=yes */ log_facility=LOG_LOCAL0 check_via=yes #(cmd line: -v) dns=no #(cmd line: -r) rev_dns=no #(cmd line: -R) port=5060 children=4 fifo="/tmp/ser_fifo" fifo_mode=438 sip_warning=yes server_signature=yes reply_to_via=no listen= listen=127.0.0.1 alias= alias= alias= alias=127.0.0.1 # ----------------module loading ---------------------------------------------------------- # MySQL Support loadmodule "/usr/local/lib/ser/modules/mysql.so" # unknown loadmodule "/usr/local/lib/ser/modules/sl.so" loadmodule "/usr/local/lib/ser/modules/domain.so" # Transaction processing loadmodule "/usr/local/lib/ser/modules/tm.so" # Record-routing and Loose-routing module loadmodule "/usr/local/lib/ser/modules/rr.so" # Count max forwards loadmodule "/usr/local/lib/ser/modules/maxfwd.so" # use of MySQL database for user location state saving loadmodule "/usr/local/lib/ser/modules/usrloc.so" loadmodule "/usr/local/lib/ser/modules/registrar.so" # Comment these lines to disable digest authentication loadmodule "/usr/local/lib/ser/modules/auth.so" loadmodule "/usr/local/lib/ser/modules/auth_db.so" # Accounting support - requires mysql loadmodule "/usr/local/lib/ser/modules/acc.so" # Execute outside programs loadmodule "/usr/local/lib/ser/modules/exec.so" # Allow use of group membership loadmodule "/usr/local/lib/ser/modules/group.so" #loadmodule "/usr/local/lib/ser/modules/print.so" # URI and Text operations support - allows lines like 'if uri=~"[679][0-9]+@"' # and 'if (search(from:|F:))' in routing code loadmodule "/usr/local/lib/ser/modules/uri.so" loadmodule "/usr/local/lib/ser/modules/textops.so" # NAT Transversal support - required for NAT support, but forces all traffic # to proxy through our server, which greatly limits scalability loadmodule "/usr/local/lib/ser/modules/mediaproxy.so" loadmodule "/usr/local/lib/ser/modules/nathelper.so" # Native Voicemail support # loadmodule "/usr/local/lib/ser/modules/vm.so" #-----------------module-specific parameters ---------------------------------------------- #-----userloc parameters----------------------- #Set this at 0 to disable SQL database support for persistant storage #Set at 2 to use MySQL modparam("usrloc", "db_mode", 2) #-----auth params------------------------------ #required for auth module modparam("auth", "secret", "") modparam("auth_db", "calculate_ha1", 0) # If you set "calculate_ha1" parameter to 1 (true), you need the following line: modparam("auth_db", "password_column", "ha1") # If you set "calculate_ha1" parameter to 0 (false, or no), you need to use the following line instead: #modparam("auth_db", "password_column", "password") modparam("usrloc", "db_url", "mysql://ser:heslo@localhost/ser") #-----rr params ------------------------------- # add value to lr param to make some broken UAs happy modparam("rr", "enable_full_lr", 1) #-----tm params # fr_timer is the timeout for transactions modparam("tm", "fr_timer", 18) # fr_inv_timer is the timeout for opening calls (INVITE) modparam("tm", "fr_inv_timer", 24) #-----accounting paramters-------------------- modparam("acc", "log_level", 1) modparam("acc", "log_flag", 1) modparam("acc", "db_url", "mysql://ser:heslo@localhost/ser") modparam("acc", "report_ack", 1) modparam("acc", "failed_transactions", 1) modparam("acc", "db_flag", 1) modparam("acc", "report_cancels", 1) modparam("acc", "db_missed_flag", 1) modparam("acc", "log_fmt", "fisum") #-----nathelper and mediaproxy paramters------- modparam("nathelper", "natping_interval", 10) #-----uri parameters -------------------------- modparam("uri", "db_url", "mysql://ser:heslo@localhost/ser") modparam("uri", "uri_table", "uri") modparam("uri", "uri_user_column", "username") modparam("uri", "uri_domain_column", "domain") modparam("uri", "uri_uriuser_column", "uri_user") modparam("uri", "subscriber_table", "subscriber") modparam("uri", "subscriber_user_column", "username") modparam("uri", "subscriber_domain_column", "domain") #-----voicemail paramters---------------------- #modparam("voicemail", "db_url", "mysql://ser:heslo@localhost/ser") #modparam("voicemail", "email_column", "email") #modparam("voicemail", "subscriber_table", "subscriber") #modparam("voicemail", "user_column", "user") #modparam("voicemail", "domain_column", "domain") #-----------------END Module Parameters ----------------------------------------------- #-----------------routing logic begins here ------------------------------------------- #-----main routing logic route{ setflag(1); # initial sanity checks - messages with # max forwards==0 or excessively long requests if (!mf_process_maxfwd_header("10")) { sl_send_reply("483", "Too Many Hops"); log(1, "LOG:483 - Too Many Hops, dropping connection\n"); break; }; if (msg:len > max_len) { sl_send_reply("513", "Message Too Big"); log(1, "LOG:513-Message too Big, dropping connection\n"); break; }; # Special Handling for NATed clients: # First, NAT test is executed - it looks # for via!=recieved and RFC1918 addresses # in contact (may fail if line-folding is used); # also the recieved test should, if completed, # check all vias for precense of recieved. if (nat_uac_test("3")) { # Allow RR-ed requests, as these may # indicate that a NAT-enabled proxy # already handles it, unless REGISTER # also, allow VPN users from 172.16.8.0/24 # Which is routeable in our network if (method == "REGISTER" || !search("^Record-Route:") || !uri=~"172\.16\.8\.[0-9]+@") { log(1, "LOG:Someone trying to register from private IP, rewriting\n"); # THis only works for UAs that support # symmetric communication - works on most fix_nated_contact(); if (method == "INVITE") { fix_nated_sdp("1"); # Add direction=active to SDP }; force_rport(); # Add rport parameter to topmost Via setflag(6); # Mark as NATed }; }; # We Record-Route all messages - to make sure # that subsequent messages will go through # our proxy - neccessary for accounting, and if # downstream entities use different transport # protocol record_route(); # Loose Route Processing # It appears that if this line is absent at this point # The MVP130 (PBX Gateway) refuses to correctly work # with SER. unsure why. 2004-10-21 if (loose_route()) { log(1, "LOG: Doing top loose_route t_relay\n"); t_relay(); break; }; # If the request is for other domain, use UsrLoc # (in case it doesn't work, use the following # command with proper names and addresses) # This requires use of "alias=" in global parameters lookup("aliases"); if (uri==myself) { if (method == "REGISTER") { # Force digest authentication, but not for the PBX Gateway # if (!www_authorize("", "subscriber")) { if (!www_authorize("", "subscriber")) { www_challenge("", "0"); break; }; if (!is_user("replicator") && !check_to()) { log(1, "LOG: unregistered user registration attempt\n"); sl_send_reply("403", "Only registered users allowed"); acc_db_request("403 - Only registered Users allowed", "acc"); break; }; if (!save("location")) { sl_reply_error(); log(1, "LOG: error saving location\n"); acc_db_request("Error Saving location", "acc"); }; break; }; # Native SIP destinations are handled using userloc DB if (!lookup("location")) { if (does_uri_exist()) { # Can't find the user's location, but know they # are a subscriber? Check if they are a voicemail # user and send them there, otherwise, tell UA # that callee is offline. if (is_user_in("Request-URI", "voicemail")) { rewritehostport(":5090"); append_branch(); t_relay_to_udp("", "5090"); # if (!vm("/tmp/am_fifo", "voicemail")) { # log(1, "LOG: Could not contact voicemail\n"); # t_reply("500", "Could not contact voicemail"); # break; # } else { log(1, "LOG: Caller sent to Voicemail\n"); acc_db_request("Call sent to voicemail - missed", "acc"); break; # }; }; sl_send_reply("404", "User Offline"); log(1, "LOG: User offline\n"); acc_db_request("404 - User Offline", "acc"); break; }; if (uri=~"^sip:[679][0-9]+@") { # /6([0-9]+)/ goes to voicemail for $1 # /7([0-9]+)/ goes to extension $1 # /9([0-9]+)/ goes to outside number $1 (dials the 9 for you) # so we just check that they are a valid PBX user # so nobody outside uses us as a free PBX if (is_user_in("From", "free-pstn")) { rewritehostport(":5060"); forward(uri:host, uri:port); log(1, "LOG: User dialing PBX Gateway\n"); break; }; acc_db_request("403 - Registered users only for POTS", "acc"); sl_send_reply("403", "Only registered users allowed"); break; }; acc_db_request("404 - Location not found", "acc"); sl_send_reply("404", "Location not found"); log(1, "LOG: Dial placed to unknown location\n"); break; }; route(1); break; }; if (!(uri==myself)) { log(1, "LOG: Proxying request for someone else, most likely PBX\n"); if (!t_relay()) { sl_reply_error(); break; }; break; }; } route[1] { # lookup("aliases"); # We don't look for 172.16.0.0/16 here # because that is a valid routeable VPN # network in our environment if (uri=~"[@:](192\.168\.|10\.|172\.(1[7-9]|2[0-9]|3[0-2])\.)" && !search("^Route:")) { sl_send_reply("479", "We don't forward to private IP addresses"); log(1, "LOG: Forward attempted to private IP address\n"); acc_db_request("479 - Attempt to Private IP blocked", "acc"); break; }; # If client or server known to be behind NAT, enable relay if (isflagset(6)) { force_rtp_proxy(); log(1, "LOG: forcing RTP Proxy\n"); }; # NAT processing of replies: apply to all transactions # (for example re-INVITEs from public to private # UA are hard to identify as NATed at the moment of # request processing); look at replies t_on_reply("1"); t_on_failure("1"); # # loose-route processing if (loose_route()) { log(1, "LOG: Doing bottom loose-route before end of route[1]\n"); t_relay(); break; }; # forward to current uri now: use stateful forwarding: # use stateful forwarding - it works reliably even if # we forward from TCP to UDP if (!t_relay()) { sl_reply_error(); }; } onreply_route[1] { # NATed transaction? if (isflagset(6) && status=~"(183)|2[0-9][0-9]") { fix_nated_contact(); force_rtp_proxy(); log(1, "LOG: Fixed NATed contact, forced RTP PRoxy on reply\n"); # otherwise, it is a transaction behind a NAT and we # did not know at time of request processing? (RFC1918 contacts) } else if (nat_uac_test("1")) { fix_nated_contact(); }; } failure_route[1] { # if (is_user_in("Request-URI:", "voicemail") { rewritehostport(":5090"); append_branch(); t_relay_to_udp("", "5090"); log(1, "LOG:forwarding to voicemail - failure of some kind\n"); break; # }; }