####### Global Parameters ######### log_level=6 log_stderror=no log_facility=LOG_LOCAL0 # Set up listeners listen=ws:eth0:8080 use_children 1 listen=wss:eth0:10443 use_children 1 listen=tls:eth0:5061 use_children 1 listen=udp:eth0:5060 use_children 1 ####### Modules Section ######## # set module path mpath="/usr/local/opensips/lib64/opensips/modules/" #### SIGNALING module loadmodule "signaling.so" #### StateLess module loadmodule "sl.so" #### Transaction Module loadmodule "tm.so" modparam("tm", "fr_timeout", 5) modparam("tm", "fr_inv_timeout", 30) modparam("tm", "restart_fr_on_each_reply", 0) modparam("tm", "onreply_avp_mode", 1) #### Record Route Module loadmodule "rr.so" modparam("rr", "append_fromtag", 0) #### MAX ForWarD module loadmodule "maxfwd.so" #### SIP MSG OPerationS module loadmodule "sipmsgops.so" #### FIFO Management Interface loadmodule "mi_fifo.so" modparam("mi_fifo", "fifo_name", "/tmp/opensips_fifo") modparam("mi_fifo", "fifo_mode", 0666) #### URI module loadmodule "uri.so" modparam("uri", "use_uri_table", 0) #### USeR LOCation module loadmodule "usrloc.so" modparam("usrloc", "nat_bflag", "NAT") modparam("usrloc", "db_mode", 0) #### REGISTRAR module loadmodule "registrar.so" #### RTPengine protocol loadmodule "rtpengine.so" modparam("rtpengine", "rtpengine_sock", "udp:82.199.64.147:60000") #### Nathelper protocol loadmodule "nathelper.so" modparam("registrar|nathelper", "received_avp", "$avp(rcv)") #### UDP protocol loadmodule "proto_udp.so" #### TLS protocol loadmodule "proto_tls.so" loadmodule "tls_mgm.so" #modparam("tls_mgm","verify_cert","0") #modparam("tls_mgm","require_cert","0") #modparam("tls_mgm","tls_method","TLSv1") #modparam("tls_mgm","certificate","/usr/local/opensips/tls_cnf/tls/rootCA/cacert.pem") #modparam("tls_mgm","private_key","/usr/local/opensips/tls_cnf/tls/rootCA/private/cakey.pem") #modparam("tls_mgm","ca_list","/usr/local/opensips/tls_cnf/tls/rootCA/cacert.pem") #modparam("tls_mgm","ca_dir","/usr/local/opensips/tls_cnf/tls/rootCA/") #### WebSocket and WebSocketSecure protocol loadmodule "proto_wss.so" loadmodule "proto_ws.so" # Certificate management #loadmodule "tls_mgm.so" #modparam("tls_mgm", "certificate","/etc/letsencrypt/live/acme.com/cert.pem") #modparam("tls_mgm", "private_key","/etc/letsencrypt/live/acme.com/privkey.pem") modparam("tls_mgm", "certificate","/usr/local/opensips/etc/opensips/tls/callflow/callflow.eu.crt.pem") modparam("tls_mgm", "private_key","/usr/local/opensips/etc/opensips/tls/callflow/callflow.eu.key.pem") modparam("tls_mgm", "require_cert","0") modparam("tls_mgm", "verify_cert","0") ####### Routing Logic ######## # main request routing logic route{ if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); exit; } if (has_totag()) { # sequential requests within a dialog should # take the path determined by record-routing if (loose_route()) { if (is_method("INVITE")) { # even if in most of the cases is useless, do RR for # re-INVITEs alos, as some buggy clients do change route set # during the dialog. record_route(); } # route it out to whatever destination was set by loose_route() # in $du (destination URI). route(relay); } else { if ( is_method("ACK") ) { if ( t_check_trans() ) { # non loose-route, but stateful ACK; must be an ACK after # a 487 or e.g. 404 from upstream server t_relay(); exit; } else { # ACK without matching transaction -> # ignore and discard exit; } } sl_send_reply("404","Not here"); } exit; } # CANCEL processing if (is_method("CANCEL")) { if (t_check_trans()) t_relay(); exit; } t_check_trans(); if (!is_method("REGISTER")) { if (from_uri!=myself) { # if caller is not local, then called number must be local if (!uri==myself) { send_reply("403","Rely forbidden"); exit; } } } # preloaded route checking if (loose_route()) { xlog("L_ERR", "Attempt to route with preloaded Route's [$fu/$tu/$ru/$ci]"); if (!is_method("ACK")) sl_send_reply("403","Preload Route denied"); exit; } # record routing if (!is_method("REGISTER|MESSAGE")) record_route(); if (!uri==myself) { append_hf("P-hint: outbound\r\n"); route(relay); } # requests for my domain if (is_method("PUBLISH|SUBSCRIBE")) { sl_send_reply("503", "Service Unavailable"); exit; } # check if the clients are using WebSockets or WebSocketSecure if (proto == WS || proto == WSS) setflag(SRC_WS); # consider the client is behind NAT - always fix the contact fix_nated_contact(); if (is_method("REGISTER")) { # indicate that the client supports DTLS # so we know when he is called if (isflagset(SRC_WS)) setbflag(DST_WS); fix_nated_register(); if (!save("location")) sl_reply_error(); exit; } if ($rU==NULL) { # request with no Username in RURI sl_send_reply("484","Address Incomplete"); exit; } # do lookup with method filtering if (!lookup("location","m")) { t_newtran(); t_reply("404", "Not Found"); exit; } route(relay); } route[relay] { # for INVITEs enable some additional helper routes if (is_method("INVITE")) { t_on_branch("handle_nat"); t_on_reply("handle_nat"); } else if (is_method("BYE|CANCEL")) { rtpengine_delete(); } if (!t_relay()) { send_reply("500","Internal Error"); }; exit; } branch_route[handle_nat] { if (!is_method("INVITE") || !has_body("application/sdp")) return; if (isflagset(SRC_WS) && isbflagset(DST_WS)) $var(rtpengine_flags) = "ICE=force-relay DTLS=passive"; else if (isflagset(SRC_WS) && !isbflagset(DST_WS)) $var(rtpengine_flags) = "RTP/AVP replace-session-connection replace-origin ICE=remove"; else if (!isflagset(SRC_WS) && isbflagset(DST_WS)) $var(rtpengine_flags) = "UDP/TLS/RTP/SAVPF ICE=force"; else if (!isflagset(SRC_WS) && !isbflagset(DST_WS)) $var(rtpengine_flags) = "RTP/AVP replace-session-connection replace-origin ICE=remove"; xlog("L_ERR","rtpengine is called for offer with $var(rtpengine_flags)"); rtpengine_offer("$var(rtpengine_flags)"); } onreply_route[handle_nat] { fix_nated_contact(); if (!has_body("application/sdp")) return; if (isflagset(SRC_WS) && isbflagset(DST_WS)) $var(rtpengine_flags) = "ICE=force-relay DTLS=passive"; else if (isflagset(SRC_WS) && !isbflagset(DST_WS)) $var(rtpengine_flags) = "UDP/TLS/RTP/SAVPF ICE=force"; else if (!isflagset(SRC_WS) && isbflagset(DST_WS)) $var(rtpengine_flags) = "RTP/AVP replace-session-connection replace-origin ICE=remove"; else if (!isflagset(SRC_WS) && !isbflagset(DST_WS)) $var(rtpengine_flags) = "RTP/AVP replace-session-connection replace-origin ICE=remove"; xlog("L_ERR","johan rtpengine_answer is called with $var(rtpengine_flags)"); rtpengine_answer("$var(rtpengine_flags)"); }