cdd05e2706
(needs to be *BSD tested yet!) - removed old hostname based config of in/outbound interfaces - experimental feature: additional masquerading of UA registrered host parts of their SIP URL
132 lines
4.6 KiB
Plaintext
132 lines
4.6 KiB
Plaintext
#
|
|
# /etc/siproxd.conf - siproxd configuration file
|
|
#
|
|
# !! This is a sample file, adapt it to your needs before using it
|
|
#
|
|
# !! Strings MUST NOT contain spaces in between !!
|
|
#
|
|
|
|
######################################################################
|
|
# The interafce names of INBOUND and OUTBOUND interface.
|
|
#
|
|
if_inbound = eth0
|
|
if_outbound = ppp0
|
|
|
|
|
|
######################################################################
|
|
# Port to listen for incoming SIP messages.
|
|
# Access lists in the form: IP/mask (ex. 10.0.0.1/24)
|
|
# multiple entries may be separated by commas NO SPACES ARE ALLOWED!!
|
|
# Empty list means 'does not apply' - no filtering is done then.
|
|
# For *allow* lists this means: always allow, for *deny* lists that
|
|
# this means never deny.
|
|
#
|
|
# hosts_allow_reg: defines nets where we accept registrations from
|
|
# hosts_allow_sip: defines nets where we accept SIP traffic from
|
|
# hosts_deny_sip: defines nets where we deny SIP traffic from
|
|
#
|
|
# - The deny list takes precedence over the allow lists.
|
|
# - The allow_reg list imples also allowance for sip.
|
|
#
|
|
# Example for usage:
|
|
# local private net -> allow_reg list
|
|
# external nets (where we accept incoming calls from) -> allow_sip
|
|
#
|
|
#hosts_allow_reg = 192.168.1.8/24
|
|
#hosts_allow_sip = 123.45.0.0/16,123.46.0.0/16
|
|
#hosts_deny_sip = 10.0.0.0/8,11.0.0.0/8
|
|
|
|
|
|
######################################################################
|
|
# Access control.
|
|
# 5060 is usually the correct choise - don't change is unless you
|
|
# know what you're doing
|
|
#
|
|
sip_listen_port = 5060
|
|
|
|
|
|
######################################################################
|
|
# Shall we daemonize?
|
|
#
|
|
daemonize = 0
|
|
|
|
######################################################################
|
|
# Secure Enviroment settings:
|
|
# user: uid/gid to switch to after startup
|
|
# chrootjail: path to chroot to (chroot jail)
|
|
user = nobody
|
|
#chrootjail = /var/lib/siproxd/
|
|
|
|
######################################################################
|
|
# global switch to enable (1) or disable (0) the RTP proxy feature
|
|
#
|
|
rtp_proxy_enable = 1
|
|
|
|
######################################################################
|
|
# Port range where to allocate listen ports for incoming RTP traffic
|
|
# this should be a range that is not blocked by the firewall
|
|
#
|
|
rtp_port_low = 7070
|
|
rtp_port_high = 7080
|
|
|
|
######################################################################
|
|
# Timeout for RTP streams
|
|
# after this number of seconds, an RTP stream is considered dead
|
|
# and proxying it will be stopped.
|
|
#
|
|
rtp_timeout = 60
|
|
|
|
######################################################################
|
|
# Proxy authentication
|
|
# If proxy_auth_realm is defined (a string), clients will be forced
|
|
# to authenticate themselfes at the proxy (for registration only).
|
|
# To disable Authentication, simply comment out this line.
|
|
#
|
|
#proxy_auth_realm = Authentication_Realm
|
|
#
|
|
# the password to use (right now, only one global password for
|
|
# registration is supported -> same for all local clients)
|
|
#
|
|
#proxy_auth_passwd = password
|
|
#
|
|
# or use individual per user passwords stored ia file
|
|
#
|
|
#proxy_auth_pwfile = doc/siproxd_passwd.cfg
|
|
#
|
|
# 'proxy_auth_pwfile' has precedence over 'proxy_auth_passwd'
|
|
|
|
######################################################################
|
|
# Debug level... (setting to -1 will enable everything)
|
|
#
|
|
# DBCLASS_BABBLE 0x00000001 // babble (like entering/leaving func)
|
|
# DBCLASS_NET 0x00000002 // network
|
|
# DBCLASS_SIP 0x00000004 // SIP manipulations
|
|
# DBCLASS_REG 0x00000008 // Client registration
|
|
# DBCLASS_NOSPEC 0x00000010 // non specified class
|
|
# DBCLASS_PROXY 0x00000020 // proxy
|
|
# DBCLASS_DNS 0x00000040 // DNS stuff
|
|
# DBCLASS_NETTRAF 0x00000080 // network traffic
|
|
# DBCLASS_CONFIG 0x00000100 // configuration
|
|
# DBCLASS_RTP 0x00000200 // RTP proxy
|
|
# DBCLASS_ACCESS 0x00000400 // Access list evaluation
|
|
# DBCLASS_AUTH 0x00000800 // Authentication
|
|
#
|
|
debug_level = 0x00000000
|
|
|
|
######################################################################
|
|
# Mask feature (experimental)
|
|
#
|
|
# Some UAs will always use the host/ip they register to as
|
|
# host part in the registration record (which will be the inbound
|
|
# ip address / hostname of the proxy) and can not be told to register a
|
|
# different host (public IP address). This Mask feature allows to force
|
|
# such a UA to be masqueraded to a different host.
|
|
# -> Siemens SIP Phones seem to need this feature.
|
|
#
|
|
# mask_host=<inbound_ip/hostname>
|
|
# masked_host=<hostname_to_be_masqueraded_as>
|
|
#
|
|
# mask_host=<10.0.1.1> -- inbound IP address of proxy
|
|
# masked_host=<my.public.host> -- outbound hostname proxy
|
|
|