Skip to end of metadata
Go to start of metadata

SIP Resource using PJProject

This configuration documentation is for functionality provided by res_pjsip.

pjsip.conf

endpoint

Endpoint

Configuration Option Reference

Option Name

Type

Default Value

Regular Expression

Description

100rel

Custom

yes

false

Allow support for RFC3262 provisional ACK tags

aggregate_mwi

Boolean

yes

false

Condense MWI notifications into a single NOTIFY.

allow

Codec

 

false

Media Codec(s) to allow

allow_overlap

Boolean

yes

false

Enable RFC3578 overlap dialing support.

aors

String

 

false

AoR(s) to be used with the endpoint

auth

Custom

 

false

Authentication Object(s) associated with the endpoint

callerid

Custom

 

false

CallerID information for the endpoint

callerid_privacy

Custom

allowed_not_screened

false

Default privacy level

callerid_tag

Custom

 

false

Internal id_tag for the endpoint

context

String

default

false

Dialplan context for inbound sessions

direct_media_glare_mitigation

Custom

none

false

Mitigation of direct media (re)INVITE glare

direct_media_method

Custom

invite

false

Direct Media method type

connected_line_method

Custom

invite

false

Connected line method type

direct_media

Boolean

yes

false

Determines whether media may flow directly between endpoints.

disable_direct_media_on_nat

Boolean

no

false

Disable direct media session refreshes when NAT obstructs the media session

disallow

 

 

 

Media Codec(s) to disallow

dtmf_mode

Custom

rfc4733

false

DTMF mode

media_address

String

 

false

IP address used in SDP for media handling

bind_rtp_to_media_address

Boolean

no

false

Bind the RTP instance to the media_address

force_rport

Boolean

yes

false

Force use of return port

ice_support

Boolean

no

false

Enable the ICE mechanism to help traverse NAT

identify_by

Custom

username

false

Way(s) for Endpoint to be identified

redirect_method

Custom

user

false

How redirects received from an endpoint are handled

mailboxes

String

 

false

NOTIFY the endpoint when state changes for any of the specified mailboxes

mwi_subscribe_replaces_unsolicited

Boolean

no

false

An MWI subscribe will replace sending unsolicited NOTIFYs

voicemail_extension

Custom

 

false

The voicemail extension to send in the NOTIFY Message-Account header

moh_suggest

String

default

false

Default Music On Hold class

outbound_auth

Custom

 

false

Authentication object(s) used for outbound requests

outbound_proxy

String

 

false

Full SIP URI of the outbound proxy used to send requests

rewrite_contact

Boolean

no

false

Allow Contact header to be rewritten with the source IP address-port

rtp_ipv6

Boolean

no

false

Allow use of IPv6 for RTP traffic

rtp_symmetric

Boolean

no

false

Enforce that RTP must be symmetric

send_diversion

Boolean

yes

false

Send the Diversion header, conveying the diversion information to the called user agent

send_pai

Boolean

no

false

Send the P-Asserted-Identity header

send_rpid

Boolean

no

false

Send the Remote-Party-ID header

rpid_immediate

Boolean

no

false

Immediately send connected line updates on unanswered incoming calls.

timers_min_se

Unsigned Integer

90

false

Minimum session timers expiration period

timers

Custom

yes

false

Session timers for SIP packets

timers_sess_expires

Unsigned Integer

1800

false

Maximum session timer expiration period

transport

String

 

false

Desired transport configuration

trust_id_inbound

Boolean

no

false

Accept identification information received from this endpoint

trust_id_outbound

Boolean

no

false

Send private identification details to the endpoint.

type

None

 

false

Must be of type 'endpoint'.

use_ptime

Boolean

no

false

Use Endpoint's requested packetisation interval

use_avpf

Boolean

no

false

Determines whether res_pjsip will use and enforce usage of AVPF for this endpoint.

force_avp

Boolean

no

false

Determines whether res_pjsip will use and enforce usage of AVP, regardless of the RTP profile in use for this endpoint.

media_use_received_transport

Boolean

no

false

Determines whether res_pjsip will use the media transport received in the offer SDP in the corresponding answer SDP.

media_encryption

Custom

no

false

Determines whether res_pjsip will use and enforce usage of media encryption for this endpoint.

media_encryption_optimistic

Boolean

no

false

Determines whether encryption should be used if possible but does not terminate the session if not achieved.

g726_non_standard

Boolean

no

false

Force g.726 to use AAL2 packing order when negotiating g.726 audio

inband_progress

Boolean

no

false

Determines whether chan_pjsip will indicate ringing using inband progress.

call_group

Custom

 

false

The numeric pickup groups for a channel.

pickup_group

Custom

 

false

The numeric pickup groups that a channel can pickup.

named_call_group

Custom

 

false

The named pickup groups for a channel.

named_pickup_group

Custom

 

false

The named pickup groups that a channel can pickup.

device_state_busy_at

Unsigned Integer

0

false

The number of in-use channels which will cause busy to be returned as device state

t38_udptl

Boolean

no

false

Whether T.38 UDPTL support is enabled or not

t38_udptl_ec

Custom

none

false

T.38 UDPTL error correction method

t38_udptl_maxdatagram

Unsigned Integer

0

false

T.38 UDPTL maximum datagram size

fax_detect

Boolean

no

false

Whether CNG tone detection is enabled

fax_detect_timeout

Unsigned Integer

0

false

How long into a call before fax_detect is disabled for the call

t38_udptl_nat

Boolean

no

false

Whether NAT support is enabled on UDPTL sessions

t38_udptl_ipv6

Boolean

no

false

Whether IPv6 is used for UDPTL Sessions

tone_zone

String

 

false

Set which country's indications to use for channels created for this endpoint.

language

String

 

false

Set the default language to use for channels created for this endpoint.

one_touch_recording

Boolean

no

false

Determines whether one-touch recording is allowed for this endpoint.

record_on_feature

String

automixmon

false

The feature to enact when one-touch recording is turned on.

record_off_feature

String

automixmon

false

The feature to enact when one-touch recording is turned off.

rtp_engine

String

asterisk

false

Name of the RTP engine to use for channels created for this endpoint

allow_transfer

Boolean

yes

false

Determines whether SIP REFER transfers are allowed for this endpoint

user_eq_phone

Boolean

no

false

Determines whether a user=phone parameter is placed into the request URI if the user is determined to be a phone number

moh_passthrough

Boolean

no

false

Determines whether hold and unhold will be passed through using re-INVITEs with recvonly and sendrecv to the remote side

sdp_owner

String

-

false

String placed as the username portion of an SDP origin (o=) line.

sdp_session

String

Asterisk

false

String used for the SDP session (s=) line.

tos_audio

Custom

0

false

DSCP TOS bits for audio streams

tos_video

Custom

0

false

DSCP TOS bits for video streams

cos_audio

Unsigned Integer

0

false

Priority for audio streams

cos_video

Unsigned Integer

0

false

Priority for video streams

allow_subscribe

Boolean

yes

false

Determines if endpoint is allowed to initiate subscriptions with Asterisk.

sub_min_expiry

Unsigned Integer

0

false

The minimum allowed expiry time for subscriptions initiated by the endpoint.

from_user

Custom

 

false

Username to use in From header for requests to this endpoint.

mwi_from_user

String

 

false

Username to use in From header for unsolicited MWI NOTIFYs to this endpoint.

from_domain

String

 

false

Domain to user in From header for requests to this endpoint.

dtls_verify

Custom

no

false

Verify that the provided peer certificate is valid

dtls_rekey

Custom

0

false

Interval at which to renegotiate the TLS session and rekey the SRTP session

dtls_cert_file

Custom

 

false

Path to certificate file to present to peer

dtls_private_key

Custom

 

false

Path to private key for certificate file

dtls_cipher

Custom

 

false

Cipher to use for DTLS negotiation

dtls_ca_file

Custom

 

false

Path to certificate authority certificate

dtls_ca_path

Custom

 

false

Path to a directory containing certificate authority certificates

dtls_setup

Custom

 

false

Whether we are willing to accept connections, connect to the other party, or both.

dtls_fingerprint

Custom

 

false

Type of hash to use for the DTLS fingerprint in the SDP.

srtp_tag_32

Boolean

no

false

Determines whether 32 byte tags should be used instead of 80 byte tags.

set_var

Custom

 

false

Variable set on a channel involving the endpoint.

message_context

String

 

false

Context to route incoming MESSAGE requests to.

accountcode

String

 

false

An accountcode to set automatically on any channels created for this endpoint.

rtp_keepalive

Unsigned Integer

0

false

Number of seconds between RTP comfort noise keepalive packets.

rtp_timeout

Unsigned Integer

0

false

Maximum number of seconds without receiving RTP (while off hold) before terminating call.

rtp_timeout_hold

Unsigned Integer

0

false

Maximum number of seconds without receiving RTP (while on hold) before terminating call.

acl

Custom

 

false

List of IP ACL section names in acl.conf

deny

Custom

 

false

List of IP addresses to deny access from

permit

Custom

 

false

List of IP addresses to permit access from

contact_acl

Custom

 

false

List of Contact ACL section names in acl.conf

contact_deny

Custom

 

false

List of Contact header addresses to deny

contact_permit

Custom

 

false

List of Contact header addresses to permit

subscribe_context

String

 

false

Context for incoming MESSAGE requests.

contact_user

Custom

 

false

Force the user on the outgoing Contact header to this value.

asymmetric_rtp_codec

Boolean

no

false

Allow the sending and receiving RTP codec to differ

rtcp_mux

Boolean

no

false

Enable RFC 5761 RTCP multiplexing on the RTP port

refer_blind_progress

Boolean

yes

false

Whether to notifies all the progress details on blind transfer

notify_early_inuse_ringing

Boolean

no

false

Whether to notifies dialog-info 'early' on InUse&Ringing state

incoming_mwi_mailbox

String

 

false

Mailbox name to use when incoming MWI NOTIFYs are received

Configuration Option Descriptions

100rel
  • no
  • required
  • yes

aggregate_mwi

When enabled, aggregate_mwi condenses message waiting notifications from multiple mailboxes into a single NOTIFY. If it is disabled, individual NOTIFYs are sent for each mailbox.

aors

List of comma separated AoRs that the endpoint should be associated with.

auth

This is a comma-delimited list of auth sections defined in pjsip.conf to be used to verify inbound connection attempts.

Endpoints without an authentication object configured will allow connections without verification.

Note

Icon

Using the same auth section for inbound and outbound authentication is not recommended. There is a difference in meaning for an empty realm setting between inbound and outbound authentication uses. See the auth realm description for details.

callerid

Must be in the format Name <Number>, or only <Number>.

callerid_privacy
  • allowed_not_screened
  • allowed_passed_screen
  • allowed_failed_screen
  • allowed
  • prohib_not_screened
  • prohib_passed_screen
  • prohib_failed_screen
  • prohib
  • unavailable

direct_media_glare_mitigation

This setting attempts to avoid creating INVITE glare scenarios by disabling direct media reINVITEs in one direction thereby allowing designated servers (according to this option) to initiate direct media reINVITEs without contention and significantly reducing call setup time.

A more detailed description of how this option functions can be found on the Asterisk wiki https://wiki.asterisk.org/wiki/display/AST/SIP+Direct+Media+Reinvite+Glare+Avoidance

  • none
  • outgoing
  • incoming

direct_media_method

Method for setting up Direct Media between endpoints.

  • invite
  • reinvite - Alias for the invite value.
  • update

connected_line_method

Method used when updating connected line information.

  • invite - When set to invite, check the remote's Allow header and if UPDATE is allowed, send UPDATE instead of INVITE to avoid SDP renegotiation. If UPDATE is not Allowed, send INVITE.
  • reinvite - Alias for the invite value.
  • update - If set to update, send UPDATE regardless of what the remote Allows.

dtmf_mode

This setting allows to choose the DTMF mode for endpoint communication.

  • rfc4733 - DTMF is sent out of band of the main audio stream. This supercedes the older RFC-2833 used within the older chan_sip.
  • inband - DTMF is sent as part of audio stream.
  • info - DTMF is sent as SIP INFO packets.
  • auto - DTMF is sent as RFC 4733 if the other side supports it or as INBAND if not.
  • auto_info - DTMF is sent as RFC 4733 if the other side supports it or as SIP INFO if not.

media_address

At the time of SDP creation, the IP address defined here will be used as the media address for individual streams in the SDP.

Note

Icon

Be aware that the external_media_address option, set in Transport configuration, can also affect the final media address used in the SDP.

bind_rtp_to_media_address

If media_address is specified, this option causes the RTP instance to be bound to the specified ip address which causes the packets to be sent from that address.

identify_by

Endpoints and aors can be identified in multiple ways. Currently, the supported options are username, which matches the endpoint or aor id based on the username and domain in the From header (or To header for aors), and auth_username, which matches the endpoint or aor id based on the username and realm in the Authentication header. In all cases, if an exact match on both username and domain/realm fails, the match will be retried with just the username.

Note

Icon

Identification by auth_username has some security considerations because an Authentication header is not present on the first message of a dialog when digest authentication is used. The client can't generate it until the server sends the challenge in a 401 response. Since Asterisk normally sends a security event when an incoming request can't be matched to an endpoint, using auth_username requires that the security event be deferred until a request is received with the Authentication header and only generated if the username doesn't result in a match. This may result in a delay before an attack is recognized. You can control how many unmatched requests are received from a single ip address before a security event is generated using the unidentified_request parameters in the "global" configuration object.

Note

Icon

Endpoints can also be identified by IP address; however, that method of identification is not handled by this configuration option. See the documentation for the identify configuration section for more details on that method of endpoint identification. If this option is set and an identify configuration section exists for the endpoint, then the endpoint can be identified in multiple ways.

  • username
  • auth_username

redirect_method

When a redirect is received from an endpoint there are multiple ways it can be handled. If this option is set to user the user portion of the redirect target is treated as an extension within the dialplan and dialed using a Local channel. If this option is set to uri_core the target URI is returned to the dialing application which dials it using the PJSIP channel driver and endpoint originally used. If this option is set to uri_pjsip the redirect occurs within chan_pjsip itself and is not exposed to the core at all. The uri_pjsip option has the benefit of being more efficient and also supporting multiple potential redirect targets. The con is that since redirection occurs within chan_pjsip redirecting information is not forwarded and redirection can not be prevented.

  • user
  • uri_core
  • uri_pjsip

mailboxes

Asterisk will send unsolicited MWI NOTIFY messages to the endpoint when state changes happen for any of the specified mailboxes. More than one mailbox can be specified with a comma-delimited string. app_voicemail mailboxes must be specified as mailbox@context; for example: mailboxes=6001@default. For mailboxes provided by external sources, such as through the res_external_mwi module, you must specify strings supported by the external system.

For endpoints that SUBSCRIBE for MWI, use the mailboxes option in your AOR configuration.

outbound_auth

This is a comma-delimited list of auth sections defined in pjsip.conf used to respond to outbound connection authentication challenges.

Note

Icon

Using the same auth section for inbound and outbound authentication is not recommended. There is a difference in meaning for an empty realm setting between inbound and outbound authentication uses. See the auth realm description for details.

rewrite_contact

On inbound SIP messages from this endpoint, the Contact header or an appropriate Record-Route header will be changed to have the source IP address and port. This option does not affect outbound messages sent to this endpoint. This option helps servers communicate with endpoints that are behind NATs. This option also helps reuse reliable transport connections such as TCP and TLS.

rpid_immediate

When enabled, immediately send 180 Ringing or 183 Progress response messages to the caller if the connected line information is updated before the call is answered. This can send a 180 Ringing response before the call has even reached the far end. The caller can start hearing ringback before the far end even gets the call. Many phones tend to grab the first connected line information and refuse to update the display if it changes. The first information is not likely to be correct if the call goes to an endpoint not under the control of this Asterisk box.

When disabled, a connected line update must wait for another reason to send a message with the connected line information to the caller before the call is answered. You can trigger the sending of the information by using an appropriate dialplan application such as Ringing.

timers_min_se

Minimium session timer expiration period. Time in seconds.

timers
  • no
  • yes
  • required
  • always
  • forced - Alias of always

timers_sess_expires

Maximium session timer expiration period. Time in seconds.

transport

This will set the desired transport configuration to send SIP data through.

Warning

Icon

Not specifying a transport will DEFAULT to the first configured transport in pjsip.conf which is valid for the URI we are trying to contact.

Warning

Icon

Transport configuration is not affected by reloads. In order to change transports, a full Asterisk restart is required

trust_id_inbound

This option determines whether Asterisk will accept identification from the endpoint from headers such as P-Asserted-Identity or Remote-Party-ID header. This option applies both to calls originating from the endpoint and calls originating from Asterisk. If no, the configured Caller-ID from pjsip.conf will always be used as the identity for the endpoint.

trust_id_outbound

This option determines whether res_pjsip will send private identification information to the endpoint. If no, private Caller-ID information will not be forwarded to the endpoint. "Private" in this case refers to any method of restricting identification. Example: setting callerid_privacy to any prohib variation. Example: If trust_id_inbound is set to yes, the presence of a Privacy: id header in a SIP request or response would indicate the identification provided in the request is private.

use_avpf

If set to yes, res_pjsip will use the AVPF or SAVPF RTP profile for all media offers on outbound calls and media updates and will decline media offers not using the AVPF or SAVPF profile.

If set to no, res_pjsip will use the AVP or SAVP RTP profile for all media offers on outbound calls and media updates, and will decline media offers not using the AVP or SAVP profile.

force_avp

If set to yes, res_pjsip will use the AVP, AVPF, SAVP, or SAVPF RTP profile for all media offers on outbound calls and media updates including those for DTLS-SRTP streams.

If set to no, res_pjsip will use the respective RTP profile depending on configuration.

media_use_received_transport

If set to yes, res_pjsip will use the received media transport.

If set to no, res_pjsip will use the respective RTP profile depending on configuration.

media_encryption
  • no - res_pjsip will offer no encryption and allow no encryption to be setup.
  • sdes - res_pjsip will offer standard SRTP setup via in-SDP keys. Encrypted SIP transport should be used in conjunction with this option to prevent exposure of media encryption keys.
  • dtls - res_pjsip will offer DTLS-SRTP setup.

media_encryption_optimistic

This option only applies if media_encryption is set to sdes or dtls.

g726_non_standard

When set to "yes" and an endpoint negotiates g.726 audio then use g.726 for AAL2 packing order instead of what is recommended by RFC3551. Since this essentially replaces the underlying 'g726' codec with 'g726aal2' then 'g726aal2' needs to be specified in the endpoint's allowed codec list.

inband_progress

If set to yes, chan_pjsip will send a 183 Session Progress when told to indicate ringing and will immediately start sending ringing as audio.

If set to no, chan_pjsip will send a 180 Ringing when told to indicate ringing and will NOT send it as audio.

call_group

Can be set to a comma separated list of numbers or ranges between the values of 0-63 (maximum of 64 groups).

pickup_group

Can be set to a comma separated list of numbers or ranges between the values of 0-63 (maximum of 64 groups).

named_call_group

Can be set to a comma separated list of case sensitive strings limited by supported line length.

named_pickup_group

Can be set to a comma separated list of case sensitive strings limited by supported line length.

device_state_busy_at

When the number of in-use channels for the endpoint matches the devicestate_busy_at setting the PJSIP channel driver will return busy as the device state instead of in use.

t38_udptl

If set to yes T.38 UDPTL support will be enabled, and T.38 negotiation requests will be accepted and relayed.

t38_udptl_ec
  • none - No error correction should be used.
  • fec - Forward error correction should be used.
  • redundancy - Redundacy error correction should be used.

t38_udptl_maxdatagram

This option can be set to override the maximum datagram of a remote endpoint for broken endpoints.

fax_detect

This option can be set to send the session to the fax extension when a CNG tone is detected.

fax_detect_timeout

The option determines how many seconds into a call before the fax_detect option is disabled for the call. Setting the value to zero disables the timeout.

t38_udptl_nat

When enabled the UDPTL stack will send UDPTL packets to the source address of received packets.

t38_udptl_ipv6

When enabled the UDPTL stack will use IPv6.

record_on_feature

When an INFO request for one-touch recording arrives with a Record header set to "on", this feature will be enabled for the channel. The feature designated here can be any built-in or dynamic feature defined in features.conf.

Note

Icon

This setting has no effect if the endpoint's one_touch_recording option is disabled

record_off_feature

When an INFO request for one-touch recording arrives with a Record header set to "off", this feature will be enabled for the channel. The feature designated here can be any built-in or dynamic feature defined in features.conf.

Note

Icon

This setting has no effect if the endpoint's one_touch_recording option is disabled

tos_audio

See https://wiki.asterisk.org/wiki/display/AST/IP+Quality+of+Service for more information about QoS settings

tos_video

See https://wiki.asterisk.org/wiki/display/AST/IP+Quality+of+Service for more information about QoS settings

cos_audio

See https://wiki.asterisk.org/wiki/display/AST/IP+Quality+of+Service for more information about QoS settings

cos_video

See https://wiki.asterisk.org/wiki/display/AST/IP+Quality+of+Service for more information about QoS settings

dtls_verify

This option only applies if media_encryption is set to dtls.

dtls_rekey

This option only applies if media_encryption is set to dtls.

If this is not set or the value provided is 0 rekeying will be disabled.

dtls_cert_file

This option only applies if media_encryption is set to dtls.

dtls_private_key

This option only applies if media_encryption is set to dtls.

dtls_cipher

This option only applies if media_encryption is set to dtls.

Many options for acceptable ciphers. See link for more:

http://www.openssl.org/docs/apps/ciphers.html#CIPHER\_STRINGS

dtls_ca_file

This option only applies if media_encryption is set to dtls.

dtls_ca_path

This option only applies if media_encryption is set to dtls.

dtls_setup

This option only applies if media_encryption is set to dtls.

  • active - res_pjsip will make a connection to the peer.
  • passive - res_pjsip will accept connections from the peer.
  • actpass - res_pjsip will offer and accept connections from the peer.

dtls_fingerprint

This option only applies if media_encryption is set to dtls.

  • SHA-256
  • SHA-1

srtp_tag_32

This option only applies if media_encryption is set to sdes or dtls.

set_var

When a new channel is created using the endpoint set the specified variable(s) on that channel. For multiple channel variables specify multiple 'set_var'(s).

message_context

If specified, incoming MESSAGE requests will be routed to the indicated dialplan context. If no message_context is specified, then the context setting is used.

accountcode

If specified, any channel created for this endpoint will automatically have this accountcode set on it.

rtp_keepalive

At the specified interval, Asterisk will send an RTP comfort noise frame. This may be useful for situations where Asterisk is behind a NAT or firewall and must keep a hole open in order to allow for media to arrive at Asterisk.

rtp_timeout

This option configures the number of seconds without RTP (while off hold) before considering a channel as dead. When the number of seconds is reached the underlying channel is hung up. By default this option is set to 0, which means do not check.

rtp_timeout_hold

This option configures the number of seconds without RTP (while on hold) before considering a channel as dead. When the number of seconds is reached the underlying channel is hung up. By default this option is set to 0, which means do not check.

acl

This matches sections configured in acl.conf. The value is defined as a list of comma-delimited section names.

deny

The value is a comma-delimited list of IP addresses. IP addresses may have a subnet mask appended. The subnet mask may be written in either CIDR or dotted-decimal notation. Separate the IP address and subnet mask with a slash ('/')

permit

The value is a comma-delimited list of IP addresses. IP addresses may have a subnet mask appended. The subnet mask may be written in either CIDR or dotted-decimal notation. Separate the IP address and subnet mask with a slash ('/')

contact_acl

This matches sections configured in acl.conf. The value is defined as a list of comma-delimited section names.

contact_deny

The value is a comma-delimited list of IP addresses. IP addresses may have a subnet mask appended. The subnet mask may be written in either CIDR or dotted-decimal notation. Separate the IP address and subnet mask with a slash ('/')

contact_permit

The value is a comma-delimited list of IP addresses. IP addresses may have a subnet mask appended. The subnet mask may be written in either CIDR or dotted-decimal notation. Separate the IP address and subnet mask with a slash ('/')

subscribe_context

If specified, incoming SUBSCRIBE requests will be searched for the matching extension in the indicated context. If no subscribe_context is specified, then the context setting is used.

contact_user

On outbound requests, force the user portion of the Contact header to this value.

asymmetric_rtp_codec

When set to "yes" the codec in use for sending will be allowed to differ from that of the received one. PJSIP will not automatically switch the sending one to the receiving one.

rtcp_mux

With this option enabled, Asterisk will attempt to negotiate the use of the "rtcp-mux" attribute on all media streams. This will result in RTP and RTCP being sent and received on the same port. This shifts the demultiplexing logic to the application rather than the transport layer. This option is useful when interoperating with WebRTC endpoints since they mandate this option's use.

refer_blind_progress

Some SIP phones (Mitel/Aastra, Snom) expect a sip/frag "200 OK" after REFER has been accepted. If set to no then asterisk will not send the progress details, but immediately will send "200 OK".

notify_early_inuse_ringing

Control whether dialog-info subscriptions get 'early' state on Ringing when already INUSE.

incoming_mwi_mailbox

If an MWI NOTIFY is received from this endpoint, this mailbox will be used when notifying other modules of MWI status changes. If not set, incoming MWI NOTIFYs are ignored.

auth

Authentication type

Configuration Option Reference

Option Name

Type

Default Value

Regular Expression

Description

auth_type

Custom

userpass

false

Authentication type

nonce_lifetime

Unsigned Integer

32

false

Lifetime of a nonce associated with this authentication config.

md5_cred

String

 

false

MD5 Hash used for authentication.

password

String

 

false

PlainText password used for authentication.

realm

String

 

false

SIP realm for endpoint

type

None

 

false

Must be 'auth'

username

String

 

false

Username to use for account

Configuration Option Descriptions

auth_type

This option specifies which of the password style config options should be read when trying to authenticate an endpoint inbound request. If set to userpass then we'll read from the 'password' option. For md5 we'll read from 'md5_cred'.

  • md5
  • userpass

md5_cred

Only used when auth_type is md5.

password

Only used when auth_type is userpass.

realm

The treatment of this value depends upon how the authentication object is used.

When used as an inbound authentication object, the realm is sent as part of the challenge so the peer can know which key to use when responding. An empty value will use the global section's default_realm value when issuing a challenge.

When used as an outbound authentication object, the realm is matched with the received challenge realm to determine which authentication object to use when responding to the challenge. An empty value matches any challenging realm when determining which authentication object matches a received challenge.

Note

Icon

Using the same auth section for inbound and outbound authentication is not recommended. There is a difference in meaning for an empty realm setting between inbound and outbound authentication uses.

domain_alias

Domain Alias

Configuration Option Reference

Option Name

Type

Default Value

Regular Expression

Description

type

None

 

false

Must be of type 'domain_alias'.

domain

String

 

false

Domain to be aliased

transport

SIP Transport

Configuration Option Reference

Option Name

Type

Default Value

Regular Expression

Description

async_operations

Unsigned Integer

1

false

Number of simultaneous Asynchronous Operations

bind

Custom

 

false

IP Address and optional port to bind to for this transport

ca_list_file

Custom

 

false

File containing a list of certificates to read (TLS ONLY)

ca_list_path

Custom

 

false

Path to directory containing a list of certificates to read (TLS ONLY)

cert_file

Custom

 

false

Certificate file for endpoint (TLS ONLY)

cipher

Custom

 

false

Preferred cryptography cipher names (TLS ONLY)

domain

String

 

false

Domain the transport comes from

external_media_address

String

 

false

External IP address to use in RTP handling

external_signaling_address

String

 

false

External address for SIP signalling

external_signaling_port

Unsigned Integer

0

false

External port for SIP signalling

method

Custom

 

false

Method of SSL transport (TLS ONLY)

local_net

Custom

 

false

Network to consider local (used for NAT purposes).

password

String

 

false

Password required for transport

priv_key_file

Custom

 

false

Private key file (TLS ONLY)

protocol

Custom

udp

false

Protocol to use for SIP traffic

require_client_cert

Custom

 

false

Require client certificate (TLS ONLY)

type

Custom

 

false

Must be of type 'transport'.

verify_client

Custom

 

false

Require verification of client certificate (TLS ONLY)

verify_server

Custom

 

false

Require verification of server certificate (TLS ONLY)

tos

Custom

0

false

Enable TOS for the signalling sent over this transport

cos

Unsigned Integer

0

false

Enable COS for the signalling sent over this transport

websocket_write_timeout

Integer

100

false

The timeout (in milliseconds) to set on WebSocket connections.

allow_reload

Boolean

no

false

Allow this transport to be reloaded.

symmetric_transport

Boolean

no

false

Use the same transport for outgoing reqests as incoming ones.

Configuration Option Descriptions

cert_file

A path to a .crt or .pem file can be provided. However, only the certificate is read from the file, not the private key. The priv_key_file option must supply a matching key file.

cipher

Comma separated list of cipher names or numeric equivalents. Numeric equivalents can be either decimal or hexadecimal (0xX).

There are many cipher names. Use the CLI command pjsip list ciphers to see a list of cipher names available for your installation. See link for more:

http://www.openssl.org/docs/apps/ciphers.html#CIPHER\_SUITE\_NAMES

external_media_address

When a request or response is sent out, if the destination of the message is outside the IP network defined in the option localnet, and the media address in the SDP is within the localnet network, then the media address in the SDP will be rewritten to the value defined for external_media_address.

method
  • default - The default as defined by PJSIP. This is currently TLSv1, but may change with future releases.
  • unspecified - This option is equivalent to setting 'default'
  • tlsv1
  • sslv2
  • sslv3
  • sslv23

local_net

This must be in CIDR or dotted decimal format with the IP and mask separated with a slash ('/').

protocol
  • udp
  • tcp
  • tls
  • ws
  • wss

tos

See https://wiki.asterisk.org/wiki/display/AST/IP+Quality+of+Service for more information on this parameter.

Note

Icon

This option does not apply to the ws or the wss protocols.

cos

See https://wiki.asterisk.org/wiki/display/AST/IP+Quality+of+Service for more information on this parameter.

Note

Icon

This option does not apply to the ws or the wss protocols.

websocket_write_timeout

If a websocket connection accepts input slowly, the timeout for writes to it can be increased to keep it from being disconnected. Value is in milliseconds; default is 100 ms.

allow_reload

Allow this transport to be reloaded when res_pjsip is reloaded. This option defaults to "no" because reloading a transport may disrupt in-progress calls.

symmetric_transport

When a request from a dynamic contact comes in on a transport with this option set to 'yes', the transport name will be saved and used for subsequent outgoing requests like OPTIONS, NOTIFY and INVITE. It's saved as a contact uri parameter named 'x-ast-txp' and will display with the contact uri in CLI, AMI, and ARI output. On the outgoing request, if a transport wasn't explicitly set on the endpoint AND the request URI is not a hostname, the saved transport will be used and the 'x-ast-txp' parameter stripped from the outgoing packet.

contact

A way of creating an aliased name to a SIP URI

Configuration Option Reference

Option Name

Type

Default Value

Regular Expression

Description

type

None

 

false

Must be of type 'contact'.

uri

String

 

false

SIP URI to contact peer

expiration_time

Custom

 

false

Time to keep alive a contact

qualify_frequency

Unsigned Integer

0

false

Interval at which to qualify a contact

qualify_timeout

Double

3.0

false

Timeout for qualify

authenticate_qualify

Boolean

no

false

Authenticates a qualify request if needed

outbound_proxy

String

 

false

Outbound proxy used when sending OPTIONS request

path

String

 

false

Stored Path vector for use in Route headers on outgoing requests.

user_agent

String

 

false

User-Agent header from registration.

endpoint

String

 

false

Endpoint name

reg_server

String

 

false

Asterisk Server name

via_addr

String

 

false

IP-address of the last Via header from registration.

via_port

Unsigned Integer

0

false

IP-port of the last Via header from registration.

call_id

String

 

false

Call-ID header from registration.

prune_on_boot

Boolean

no

false

A contact that cannot survive a restart/boot.

Configuration Option Descriptions

expiration_time

Time to keep alive a contact. String style specification.

qualify_frequency

Interval between attempts to qualify the contact for reachability. If 0 never qualify. Time in seconds.

qualify_timeout

If the contact doesn't repond to the OPTIONS request before the timeout, the contact is marked unavailable. If 0 no timeout. Time in fractional seconds.

authenticate_qualify

If true and a qualify request receives a challenge or authenticate response authentication is attempted before declaring the contact available.

outbound_proxy

If set the provided URI will be used as the outbound proxy when an OPTIONS request is sent to a contact for qualify purposes.

user_agent

The User-Agent is automatically stored based on data present in incoming SIP REGISTER requests and is not intended to be configured manually.

endpoint

The name of the endpoint this contact belongs to

reg_server

Asterisk Server name on which SIP endpoint registered.

via_addr

The last Via header should contain the address of UA which sent the request. The IP-address of the last Via header is automatically stored based on data present in incoming SIP REGISTER requests and is not intended to be configured manually.

via_port

The IP-port of the last Via header is automatically stored based on data present in incoming SIP REGISTER requests and is not intended to be configured manually.

call_id

The Call-ID header is automatically stored based on data present in incoming SIP REGISTER requests and is not intended to be configured manually.

prune_on_boot

The option is set if the incoming SIP REGISTER contact is rewritten on a reliable transport and is not intended to be configured manually.

aor

The configuration for a location of an endpoint

Configuration Option Reference

Option Name

Type

Default Value

Regular Expression

Description

contact

Custom

 

false

Permanent contacts assigned to AoR

default_expiration

Unsigned Integer

3600

false

Default expiration time in seconds for contacts that are dynamically bound to an AoR.

mailboxes

String

 

false

Allow subscriptions for the specified mailbox(es)

voicemail_extension

Custom

 

false

The voicemail extension to send in the NOTIFY Message-Account header

maximum_expiration

Unsigned Integer

7200

false

Maximum time to keep an AoR

max_contacts

Unsigned Integer

0

false

Maximum number of contacts that can bind to an AoR

minimum_expiration

Unsigned Integer

60

false

Minimum keep alive time for an AoR

remove_existing

Boolean

no

false

Determines whether new contacts replace existing ones.

type

None

 

false

Must be of type 'aor'.

qualify_frequency

Unsigned Integer

0

false

Interval at which to qualify an AoR

qualify_timeout

Double

3.0

false

Timeout for qualify

authenticate_qualify

Boolean

no

false

Authenticates a qualify request if needed

outbound_proxy

String

 

false

Outbound proxy used when sending OPTIONS request

support_path

Boolean

no

false

Enables Path support for REGISTER requests and Route support for other requests.

Configuration Option Descriptions

contact

Contacts specified will be called whenever referenced by chan_pjsip.

Use a separate "contact=" entry for each contact required. Contacts are specified using a SIP URI.

mailboxes

This option applies when an external entity subscribes to an AoR for Message Waiting Indications. The mailboxes specified will be subscribed to. More than one mailbox can be specified with a comma-delimited string. app_voicemail mailboxes must be specified as mailbox@context; for example: mailboxes=6001@default. For mailboxes provided by external sources, such as through the res_external_mwi module, you must specify strings supported by the external system.

For endpoints that cannot SUBSCRIBE for MWI, you can set the mailboxes option in your endpoint configuration section to enable unsolicited MWI NOTIFYs to the endpoint.

maximum_expiration

Maximium time to keep a peer with explicit expiration. Time in seconds.

max_contacts

Maximum number of contacts that can associate with this AoR. This value does not affect the number of contacts that can be added with the "contact" option. It only limits contacts added through external interaction, such as registration.

Note

Icon

The rewrite_contact option registers the source address as the contact address to help with NAT and reusing connection oriented transports such as TCP and TLS. Unfortunately, refreshing a registration may register a different contact address and exceed max_contacts. The remove_existing option can help by removing the soonest to expire contact(s) over max_contacts which is likely the old rewrite_contact contact source address being refreshed.

Note

Icon

This should be set to 1 and remove_existing set to yes if you wish to stick with the older chan_sip behaviour.

minimum_expiration

Minimum time to keep a peer with an explicit expiration. Time in seconds.

remove_existing

On receiving a new registration to the AoR should it remove enough existing contacts not added or updated by the registration to satisfy max_contacts? Any removed contacts will expire the soonest.

Note

Icon

The rewrite_contact option registers the source address as the contact address to help with NAT and reusing connection oriented transports such as TCP and TLS. Unfortunately, refreshing a registration may register a different contact address and exceed max_contacts. The remove_existing option can help by removing the soonest to expire contact(s) over max_contacts which is likely the old rewrite_contact contact source address being refreshed.

Note

Icon

This should be set to yes and max_contacts set to 1 if you wish to stick with the older chan_sip behaviour.

qualify_frequency

Interval between attempts to qualify the AoR for reachability. If 0 never qualify. Time in seconds.

qualify_timeout

If the contact doesn't repond to the OPTIONS request before the timeout, the contact is marked unavailable. If 0 no timeout. Time in fractional seconds.

authenticate_qualify

If true and a qualify request receives a challenge or authenticate response authentication is attempted before declaring the contact available.

outbound_proxy

If set the provided URI will be used as the outbound proxy when an OPTIONS request is sent to a contact for qualify purposes.

support_path

When this option is enabled, the Path headers in register requests will be saved and its contents will be used in Route headers for outbound out-of-dialog requests and in Path headers for outbound 200 responses. Path support will also be indicated in the Supported header.

system

Options that apply to the SIP stack as well as other system-wide settings

Configuration Option Reference

Option Name

Type

Default Value

Regular Expression

Description

timer_t1

Unsigned Integer

500

false

Set transaction timer T1 value (milliseconds).

timer_b

Unsigned Integer

32000

false

Set transaction timer B value (milliseconds).

compact_headers

Boolean

no

false

Use the short forms of common SIP header names.

threadpool_initial_size

Unsigned Integer

0

false

Initial number of threads in the res_pjsip threadpool.

threadpool_auto_increment

Unsigned Integer

5

false

The amount by which the number of threads is incremented when necessary.

threadpool_idle_timeout

Unsigned Integer

60

false

Number of seconds before an idle thread should be disposed of.

threadpool_max_size

Unsigned Integer

50

false

Maximum number of threads in the res_pjsip threadpool. A value of 0 indicates no maximum.

disable_tcp_switch

Boolean

yes

false

Disable automatic switching from UDP to TCP transports.

type

None

 

false

Must be of type 'system'.

Configuration Option Descriptions

timer_t1

Timer T1 is the base for determining how long to wait before retransmitting requests that receive no response when using an unreliable transport (e.g. UDP). For more information on this timer, see RFC 3261, Section 17.1.1.1.

timer_b

Timer B determines the maximum amount of time to wait after sending an INVITE request before terminating the transaction. It is recommended that this be set to 64 * Timer T1, but it may be set higher if desired. For more information on this timer, see RFC 3261, Section 17.1.1.1.

disable_tcp_switch

Disable automatic switching from UDP to TCP transports if outgoing request is too large. See RFC 3261 section 18.1.1.

global

Options that apply globally to all SIP communications

Configuration Option Reference

Option Name

Type

Default Value

Regular Expression

Description

max_forwards

Unsigned Integer

70

false

Value used in Max-Forwards header for SIP requests.

keep_alive_interval

Unsigned Integer

0

false

The interval (in seconds) to send keepalives to active connection-oriented transports.

contact_expiration_check_interval

Unsigned Integer

30

false

The interval (in seconds) to check for expired contacts.

disable_multi_domain

Boolean

no

false

Disable Multi Domain support

max_initial_qualify_time

Unsigned Integer

0

false

The maximum amount of time from startup that qualifies should be attempted on all contacts. If greater than the qualify_frequency for an aor, qualify_frequency will be used instead.

unidentified_request_period

Unsigned Integer

5

false

The number of seconds over which to accumulate unidentified requests.

unidentified_request_count

Unsigned Integer

5

false

The number of unidentified requests from a single IP to allow.

unidentified_request_prune_interval

Unsigned Integer

30

false

The interval at which unidentified requests are older than twice the unidentified_request_period are pruned.

type

None

 

false

Must be of type 'global'.

user_agent

String

Asterisk PBX GIT-14-e01e83d4fc

false

Value used in User-Agent header for SIP requests and Server header for SIP responses.

regcontext

String

 

false

When set, Asterisk will dynamically create and destroy a NoOp priority 1 extension for a given peer who registers or unregisters with us.

default_outbound_endpoint

String

default_outbound_endpoint

false

Endpoint to use when sending an outbound request to a URI without a specified endpoint.

default_voicemail_extension

String

 

false

The voicemail extension to send in the NOTIFY Message-Account header if not specified on endpoint or aor

debug

String

no

false

Enable/Disable SIP debug logging. Valid options include yes

no or a host address

endpoint_identifier_order

String

ip,username,anonymous

false

The order by which endpoint identifiers are processed and checked. Identifier names are usually derived from and can be found in the endpoint identifier module itself (res_pjsip_endpoint_identifier_*). You can use the CLI command "pjsip show identifiers" to see the identifiers currently available.

default_from_user

String

asterisk

false

When Asterisk generates an outgoing SIP request, the From header username will be set to this value if there is no better option (such as CallerID) to be used.

default_realm

String

asterisk

false

When Asterisk generates a challenge, the digest realm will be set to this value if there is no better option (such as auth/realm) to be used.

mwi_tps_queue_high

Unsigned Integer

500

false

MWI taskprocessor high water alert trigger level.

mwi_tps_queue_low

Integer

-1

false

MWI taskprocessor low water clear alert level.

mwi_disable_initial_unsolicited

Boolean

no

false

Enable/Disable sending unsolicited MWI to all endpoints on startup.

ignore_uri_user_options

Boolean

no

false

Enable/Disable ignoring SIP URI user field options.

Configuration Option Descriptions

disable_multi_domain

If disabled it can improve realtime performace by reducing number of database requsts.

unidentified_request_period

If unidentified_request_count unidentified requests are received during unidentified_request_period, a security event will be generated.

unidentified_request_count

If unidentified_request_count unidentified requests are received during unidentified_request_period, a security event will be generated.

endpoint_identifier_order

Note

Icon

One of the identifiers is "auth_username" which matches on the username in an Authentication header. This method has some security considerations because an Authentication header is not present on the first message of a dialog when digest authentication is used. The client can't generate it until the server sends the challenge in a 401 response. Since Asterisk normally sends a security event when an incoming request can't be matched to an endpoint, using auth_username requires that the security event be deferred until a request is received with the Authentication header and only generated if the username doesn't result in a match. This may result in a delay before an attack is recognized. You can control how many unmatched requests are received from a single ip address before a security event is generated using the unidentified_request parameters.

mwi_tps_queue_high

On a heavily loaded system you may need to adjust the taskprocessor queue limits. If any taskprocessor queue size reaches its high water level then pjsip will stop processing new requests until the alert is cleared. The alert clears when all alerting taskprocessor queues have dropped to their low water clear level.

mwi_tps_queue_low

On a heavily loaded system you may need to adjust the taskprocessor queue limits. If any taskprocessor queue size reaches its high water level then pjsip will stop processing new requests until the alert is cleared. The alert clears when all alerting taskprocessor queues have dropped to their low water clear level.

Note

Icon

Set to -1 for the low water level to be 90% of the high water level.

mwi_disable_initial_unsolicited

When the initial unsolicited MWI notification are enabled on startup then the initial notifications get sent at startup. If you have a lot of endpoints (thousands) that use unsolicited MWI then you may want to consider disabling the initial startup notifications.

When the initial unsolicited MWI notifications are disabled on startup then the notifications will start on the endpoint's next contact update.

ignore_uri_user_options

If you have this option enabled and there are semicolons in the user field of a SIP URI then the field is truncated at the first semicolon. This effectively makes the semicolon a non-usable character for PJSIP endpoint names, extensions, and AORs. This can be useful for improving compatability with an ITSP that likes to use user options for whatever reason.

Example: Sample SIP URI
Example: Sample SIP URI user field
Example: Sample SIP URI user field truncated

Note

Icon

The caller-id and redirecting number strings obtained from incoming SIP URI user fields are always truncated at the first semicolon.

Import Version

This documentation was imported from Asterisk Version GIT-14-e01e83d4fc

  • No labels