# # $Id: ser.cfg,v 1.21.4.1 2003/11/10 15:35:15 andrei Exp $ # # simple quick-start config script # # -----------------global configuration parameters -------------------------------------- debug=3 #debug level (cmd line: -dddddddddd) fork=yes log_stderror=no # (cmd line: -E) /* Uncomment these lines to enter debugging mode debug=7 fork=no log_stderror=yes */ check_via=yes #(cmd line: -v) dns=no #(cmd line: -r) rev_dns=no #(cmd line: -R) port=5060 children=4 fifo="/tmp/ser_fifo" sip_warning=yes server_signature=yes reply_to_via=no listen=x.x.x.243 listen=127.0.0.1 alias=mydomain.com alias=sip.mydomain.com alias=x.x.x.243 alias=127.0.0.1 # ----------------module loading ---------------------------------------------------------- # MySQL Support loadmodule "/usr/local/lib/ser/modules/mysql.so" # unknown loadmodule "/usr/local/lib/ser/modules/sl.so" # T-relay? loadmodule "/usr/local/lib/ser/modules/tm.so" # Record-routing and Loose-routing module loadmodule "/usr/local/lib/ser/modules/rr.so" # Count max forwards loadmodule "/usr/local/lib/ser/modules/maxfwd.so" # use of MySQL database for user location state saving loadmodule "/usr/local/lib/ser/modules/usrloc.so" loadmodule "/usr/local/lib/ser/modules/registrar.so" # Comment these lines to disable digest authentication loadmodule "/usr/local/lib/ser/modules/auth.so" loadmodule "/usr/local/lib/ser/modules/auth_db.so" # Accounting support - requires mysql loadmodule "/usr/local/lib/ser/modules/acc.so" # Execute outside programs loadmodule "/usr/local/lib/ser/modules/exec.so" # Allow use of group membership loadmodule "/usr/local/lib/ser/modules/group.so" #loadmodule "/usr/local/lib/ser/modules/print.so" # URI and Text operations support - allows lines like 'if uri=~"[679][0-9]+@"' # and 'if (search(from:|F:))' in routing code loadmodule "/usr/local/lib/ser/modules/uri.so" loadmodule "/usr/local/lib/ser/modules/textops.so" # NAT Transversal support - required for NAT support, but forces all traffic # to proxy through our server, which greatly limits scalability loadmodule "/usr/local/lib/ser/modules/mediaproxy.so" loadmodule "/usr/local/lib/ser/modules/nathelper.so" # Native Voicemail support loadmodule "/usr/local/lib/ser/modules/vm.so" #-----------------module-specific parameters ---------------------------------------------- #-----userloc parameters----------------------- #Set this at 0 to disable SQL database support for persistant storage #Set at 2 to use MySQL modparam("usrloc", "db_mode", 2) #-----auth params------------------------------ #required for auth module modparam("auth", "secret", "43789bfdbc34890") modparam("auth_db", "calculate_ha1", 1) # If you set "calculate_ha1" parameter to 1 (true), you need the following line: modparam("auth_db", "password_column", "password") modparam("usrloc", "db_url", "mysql://ser:nscser@localhost/ser") #-----rr params ------------------------------- # add value to lr param to make some broken UAs happy modparam("rr", "enable_full_lr", 1) #-----tm params # fr_timer is the timeout for transactions modparam("tm", "fr_timer", 18) # fr_inv_timer is the timeout for opening calls (INVITE) modparam("tm", "fr_inv_timer", 24) #-----accounting paramters-------------------- modparam("acc", "log_level", 1) modparam("acc", "log_flag", 1) modparam("acc", "db_url", "mysql://ser:nscser@localhost/ser") modparam("acc", "report_ack", 1) modparam("acc", "failed_transactions", 1) modparam("acc", "db_flag", 1) modparam("acc", "report_cancels", 1) modparam("acc", "db_missed_flag", 1) modparam("acc", "log_fmt", "fisum") #-----nathelper and mediaproxy paramters------- modparam("nathelper", "natping_interval", 10) #-----voicemail paramters---------------------- modparam("voicemail", "db_url", "sql://ser:nscser@localhost/ser") modparam("voicemail", "email_column", "email") modparam("voicemail", "subscriber_table", "subscriber") modparam("voicemail", "user_column", "user") modparam("voicemail", "domain_column", "domain") #-----------------END Module Parameters ----------------------------------------------- #-----------------routing logic begins here ------------------------------------------- #-----main routing logic route{ setflag(1); # initial sanity checks - messages with # max forwards==0 or excessively long requests if (!mf_process_maxfwd_header("10")) { sl_send_reply("483", "Too Many Hops"); log(1, "LOG:483 - Too Many Hops, dropping connection\n"); break; }; if (msg:len > max_len) { sl_send_reply("513", "Message Too Big"); log(1, "LOG:513-Message too Big, dropping connection\n"); break; }; # Special Handling for NATed clients: # First, NAT test is executed - it looks # for via!=recieved and RFC1918 addresses # in contact (may fail if line-folding is used); # also the recieved test should, if completed, # check all vias for precense of recieved. if (nat_uac_test("3")) { # Allow RR-ed requests, as these may # indicate that a NAT-enabled proxy # already handles it, unless REGISTER # also, allow VPN users from 172.16.8.0/24 if (method == "REGISTER" || !search("^Record-Route:") || !uri=~"172\.16\.8\.[0-9]+@") { log(1, "LOG:Someone trying to register from private IP, rewriting\n"); # THis only works for UAs that support # symmetric communication - works on most fix_nated_contact(); if (method == "INVITE") { fix_nated_sdp("1"); # Add direction=active to SDP }; force_rport(); # Add rport parameter to topmost Via setflag(6); # Mark as NATed }; }; # We Record-Route all messages - to make sure # that subsequent messages will go through # our proxy - neccessary for accounting, and if # downstream entities use different transport # protocol record_route(); # If the request is for other domain, use UsrLoc # (in case it doesn't work, use the following # command with proper names and addresses) # This requires use of "alias=" in global parameters lookup("aliases"); if (uri==myself) { if (method == "REGISTER") { # Force digest authentication, but not for the PBX Gateway if (!www_authorize("mydomain.com", "subscriber") && !(src_ip==x.x.x.155)) { www_challenge("mydomain.com", "0"); break; }; if (!is_user("replicator") && !check_to()) { log(1, "LOG: unregistered user registration attempt\n"); sl_send_reply("403", "Only registered users allowed"); break; }; if (!save("location")) { sl_reply_error(); log(1, "LOG: error saving location\n"); }; break; }; # Native SIP destinations are handled using userloc DB if (!lookup("location")) { if (does_uri_exist()) { # Can't find the user's location, but know they # are a subscriber? Check if they are a voicemail # user and send them there, otherwise, tell UA # that callee is offline. if (is_user_in("To", "voicemail")) { vm("/tmp/vm_fifo", "vlicemail"); log(1, "LOG: Caller sent to Voicemail\n"); break; }; sl_send_reply("404", "User Offline"); log(1, "LOG: User offline\n"); break; }; if (uri=~"^sip:[679][0-9]+@") { # /6([0-9]+)/ goes to voicemail for $1 # /7([0-9]+)/ goes to extension $1 # /9([0-9]+)/ goes to outside number $1 (dials the 9 for you) # so we just check that they are a valid PBX user # so nobody outside uses us as a free PBX if (is_user_in("From", "freepstn")) { rewritehostport("voip-pbx.mydomain.com:5060"); forward(uri:host, uri:port); log(1, "LOG: User dialing PBX Gateway\n"); break; }; sl_send_reply("403", "Only registered users allowed"); break; }; sl_send_reply("404", "Location not found"); log(1, "LOG: Dial placed to unknown location\n"); break; }; route(1); break; }; } route[1] { lookup("aliases"); if (uri=~"[@:](192\.168\.|10\.|172\.(1[7-9]|2[0-9]|3[0-2])\.)" && !search("^Route:")) { sl_send_reply("479", "We don't forward to private IP addresses"); log(1, "LOG: Forward attempted to private IP address\n"); break; }; # If client or server known to be behind NAT, enable relay if (isflagset(6)) { force_rtp_proxy(); log(1, "LOG: forcing RTP Proxy\n"); }; # NAT processing of replies: apply to all transactions # (for example re-INVITEs from public to private # UA are hard to identify as NATed at the moment of # request processing); look at replies t_on_reply("1"); # loose-route processing if (loose_route()) { t_relay(); break; }; # forward to current uri now: use stateful forwarding: # use stateful forwarding - it works reliably even if # we forward from TCP to UDP if (!t_relay()) { sl_reply_error(); }; } onreply_route[1] { # NATed transaction? if (isflagset(6) && status=~"(183)|2[0-9][0-9]") { fix_nated_contact(); force_rtp_proxy(); log(1, "LOG: Fixed NATed contact, forced RTP PRoxy on reply\n"); # otherwise, it is a transaction behind a NAT and we # did not know at time of request processing? (RFC1918 contacts) } else if (nat_uac_test("1")) { fix_nated_contact(); }; }