...
Option Name | Type | Default Value | Regular Expression | Description |
|---|---|---|---|---|
| | | Allow support for RFC3262 provisional ACK tags | |
| | | Condense MWI notifications into a single NOTIFY. | |
| |
| | Media Codec(s) to allow |
| | | | Enable RFC3578 overlap dialing support. |
|
| | AoR(s) to be used with the endpoint | |
|
| | Authentication Object(s) associated with the endpoint | |
|
| | CallerID information for the endpoint | |
| | | Default privacy level | |
| |
| | Internal id_tag for the endpoint |
| | | | Dialplan context for inbound sessions |
| | | Mitigation of direct media (re)INVITE glare | |
| | | Direct Media method type | |
| | | | Accept Connected Line updates from this endpoint |
| | | | Send Connected Line updates to this endpoint |
| | | Connected line method type | |
| | | | Determines whether media may flow directly between endpoints. |
| | | | Disable direct media session refreshes when NAT obstructs the media session |
|
|
|
| Media Codec(s) to disallow |
| | | DTMF mode | |
|
| | IP address used in SDP for media handling | |
| | | Bind the RTP instance to the media_address | |
| | | | Force use of return port |
| | | | Enable the ICE mechanism to help traverse NAT |
| | | Way(s) for the endpoint to be identified | |
| | | How redirects received from an endpoint are handled | |
|
| | NOTIFY the endpoint when state changes for any of the specified mailboxes | |
| | | | An MWI subscribe will replace sending unsolicited NOTIFYs |
| |
| | The voicemail extension to send in the NOTIFY Message-Account header |
| | | | Default Music On Hold class |
|
| | Authentication object(s) used for outbound requests | |
| |
| | Full SIP URI of the outbound proxy used to send requests |
| | | Allow Contact header to be rewritten with the source IP address-port | |
| | | | Allow use of IPv6 for RTP traffic |
| | | | Enforce that RTP must be symmetric |
| | | | Send the Diversion header, conveying the diversion information to the called user agent |
| | | | Send the History-Info header, conveying the diversion information to the called and calling user agents |
| | | | Send the P-Asserted-Identity header |
| | | | Send the Remote-Party-ID header |
| | | Immediately send connected line updates on unanswered incoming calls. | |
| | | Minimum session timers expiration period | |
| | | Session timers for SIP packets | |
| | | Maximum session timer expiration period | |
|
| | Explicit transport configuration to use | |
| | | Accept identification information received from this endpoint | |
| | | Send private identification details to the endpoint. | |
| |
| | Must be of type 'endpoint'. |
| | | | Use Endpoint's requested packetization interval |
| | | Determines whether res_pjsip will use and enforce usage of AVPF for this endpoint. | |
| | | Determines whether res_pjsip will use and enforce usage of AVP, regardless of the RTP profile in use for this endpoint. | |
| | | Determines whether res_pjsip will use the media transport received in the offer SDP in the corresponding answer SDP. | |
| | | Determines whether res_pjsip will use and enforce usage of media encryption for this endpoint. | |
| | | Determines whether encryption should be used if possible but does not terminate the session if not achieved. | |
| | | Force g.726 to use AAL2 packing order when negotiating g.726 audio | |
| | | Determines whether chan_pjsip will indicate ringing using inband progress. | |
|
| | The numeric pickup groups for a channel. | |
|
| | The numeric pickup groups that a channel can pickup. | |
|
| | The named pickup groups for a channel. | |
|
| | The named pickup groups that a channel can pickup. | |
| | | The number of in-use channels which will cause busy to be returned as device state | |
| | | Whether T.38 UDPTL support is enabled or not | |
| | | T.38 UDPTL error correction method | |
| | | T.38 UDPTL maximum datagram size | |
| | | Whether CNG tone detection is enabled | |
| | | How long into a call before fax_detect is disabled for the call | |
| | | Whether NAT support is enabled on UDPTL sessions | |
| | | Whether IPv6 is used for UDPTL Sessions | |
| | | Bind the UDPTL instance to the media_adress | |
| |
| | Set which country's indications to use for channels created for this endpoint. |
| |
| | Set the default language to use for channels created for this endpoint. |
| | | | Determines whether one-touch recording is allowed for this endpoint. |
| | | The feature to enact when one-touch recording is turned on. | |
| | | The feature to enact when one-touch recording is turned off. | |
| | | | Name of the RTP engine to use for channels created for this endpoint |
| | | | Determines whether SIP REFER transfers are allowed for this endpoint |
| | | | Determines whether a user=phone parameter is placed into the request URI if the user is determined to be a phone number |
| | | | Determines whether hold and unhold will be passed through using re-INVITEs with recvonly and sendrecv to the remote side |
| | | | String placed as the username portion of an SDP origin (o=) line. |
| | | | String used for the SDP session (s=) line. |
| | | DSCP TOS bits for audio streams | |
| | | DSCP TOS bits for video streams | |
| | | Priority for audio streams | |
| | | Priority for video streams | |
| | | | Determines if endpoint is allowed to initiate subscriptions with Asterisk. |
| | | | The minimum allowed expiry time for subscriptions initiated by the endpoint. |
| |
| | Username to use in From header for requests to this endpoint. |
| |
| | Username to use in From header for unsolicited MWI NOTIFYs to this endpoint. |
| |
| | Domain to user in From header for requests to this endpoint. |
| | | Verify that the provided peer certificate is valid | |
| | | Interval at which to renegotiate the TLS session and rekey the SRTP session | |
| | | Whether or not to automatically generate an ephemeral X.509 certificate | |
|
| | Path to certificate file to present to peer | |
|
| | Path to private key for certificate file | |
|
| | Cipher to use for DTLS negotiation | |
|
| | Path to certificate authority certificate | |
|
| | Path to a directory containing certificate authority certificates | |
|
| | Whether we are willing to accept connections, connect to the other party, or both. | |
|
| | Type of hash to use for the DTLS fingerprint in the SDP. | |
| | | Determines whether 32 byte tags should be used instead of 80 byte tags. | |
|
| | Variable set on a channel involving the endpoint. | |
|
| | Context to route incoming MESSAGE requests to. | |
|
| | An accountcode to set automatically on any channels created for this endpoint. | |
| | | | Respond to a SIP invite with the single most preferred codec rather than advertising all joint codec capabilities. This limits the other side's codec choice to exactly what we prefer. |
| | | Number of seconds between RTP comfort noise keepalive packets. | |
| | | Maximum number of seconds without receiving RTP (while off hold) before terminating call. | |
| | | Maximum number of seconds without receiving RTP (while on hold) before terminating call. | |
|
| | List of IP ACL section names in acl.conf | |
|
| | List of IP addresses to deny access from | |
|
| | List of IP addresses to permit access from | |
|
| | List of Contact ACL section names in acl.conf | |
|
| | List of Contact header addresses to deny | |
|
| | List of Contact header addresses to permit | |
|
| | Context for incoming MESSAGE requests. | |
|
| | Force the user on the outgoing Contact header to this value. | |
| | | Allow the sending and receiving RTP codec to differ | |
| | | Enable RFC 5761 RTCP multiplexing on the RTP port | |
| | | Whether to notifies all the progress details on blind transfer | |
| | | Whether to notifies dialog-info 'early' on InUse&Ringing state | |
| | | The maximum number of allowed audio streams for the endpoint | |
| | | The maximum number of allowed video streams for the endpoint | |
| | | Enable RTP bundling | |
| | | Defaults and enables some options that are relevant to WebRTC | |
|
| | Mailbox name to use when incoming MWI NOTIFYs are received | |
| | | Follow SDP forked media when To tag is different | |
| | | Accept multiple SDP answers on non-100rel responses | |
| | | Suppress Q.850 Reason headers for this endpoint | |
| | | Do not forward 183 when it doesn't contain SDP | |
| | | Enable STIR/SHAKEN support on this endpoint | |
|
| | STIR/SHAKEN profile containing additional configuration options | |
| | | Skip authentication when receiving OPTIONS requests | |
|
| | Geolocation profile to apply to incoming calls | |
|
| | Geolocation profile to apply to outgoing calls |
Configuration Option Descriptions
...
Asterisk will send unsolicited MWI NOTIFY messages to the endpoint when state changes happen for any of the specified mailboxes. More than one mailbox can be specified with a comma-delimited string. app_voicemail mailboxes must be specified as [email protected]; for example: [email protected] For mailboxes provided by external sources, such as through the res_mwi_external _mwi module, you must specify strings supported by the external system.
...
When enabled the UDPTL stack will use IPv6.
| Anchor | ||||
|---|---|---|---|---|
|
t38_bind_udptl_to_media_address
If media_address is specified, this option causes the UDPTL instance to be bound to the specified ip address which causes the packets to be sent from that address.
| Anchor | ||||
|---|---|---|---|---|
|
...
This option only applies if media_encryption is set to dtls.
It can be one of the following values:
no- meaning no verification is done.fingerprint- meaning to verify the remote fingerprint.certificate- meaning to verify the remote certificate.yes- meaning to verify both the remote fingerprint and certificate.
| Anchor | ||||
|---|---|---|---|---|
|
...
Certain SS7 internetworking scenarios can result in a 183 to be generated for reasons other than early media. Forwarding this 183 can cause loss of ringback tone. This flag emulates the behavior of chan_sip and prevents these 183 responses from being forwarded.
| Anchor | ||||
|---|---|---|---|---|
|
stir_shaken
Enable STIR/SHAKEN support on this endpoint. On incoming INVITEs, the Identity header will be checked for validity. On outgoing INVITEs, an Identity header will be added.
| Anchor | ||||
|---|---|---|---|---|
|
stir_shaken_profile
A STIR/SHAKEN profile that is defined in stir_shaken.conf. Contains several options and rules used for STIR/SHAKEN.
| Anchor | ||||
|---|---|---|---|---|
|
allow_unauthenticated_options
RFC 3261 says that the response to an OPTIONS request MUST be the same had the request been an INVITE. Some UAs use OPTIONS requests like a 'ping' and the expectation is that they will return a 200 OK.
Enabling allow_unauthenticated_options will skip authentication of OPTIONS requests for the given endpoint.
There are security implications to enabling this setting as it can allow information disclosure to occur - specifically, if enabled, an external party could enumerate and find the endpoint name by sending OPTIONS requests and examining the responses.
| Anchor | ||||
|---|---|---|---|---|
|
geoloc_incoming_call_profile
This geolocation profile will be applied to all calls received by the channel driver from the remote endpoint before they're forwarded to the dialplan.
| Anchor | ||||
|---|---|---|---|---|
|
geoloc_outgoing_call_profile
This geolocation profile will be applied to all calls received by the channel driver from the dialplan before they're forwarded the remote endpoint.
auth
Authentication type
Configuration Option Reference
Option Name | Type | Default Value | Regular Expression | Description |
|---|---|---|---|---|
| | | Authentication type | |
| | | | Lifetime of a nonce associated with this authentication config. |
|
| | MD5 Hash used for authentication. | |
|
| | Plain text password used for authentication. | |
|
| | SIP realm for endpoint | |
| |
| | Must be 'auth' |
| |
| | Username to use for account |
...
This option specifies which of the password style config options should be read when trying to authenticate an endpoint inbound request. If set to userpass then we'll read from the 'password' option. For md5 we'll read from 'md5_cred'. The following values are valid:
md5userpass
| Info | ||
|---|---|---|
| ||
This setting only describes whether the password is in plain text or has been pre-hashed with MD5. It doesn't describe the acceptable digest algorithms we'll accept in a received challenge. |
| Anchor | ||||
|---|---|---|---|---|
|
...
Only used when auth_type is md5. As an alternative to specifying a plain text password, you can hash the username, realm and password together one time and place the hash value here. The input to the hash function must be in the following format:
<username>:<realm>:<password>
For incoming authentication (asterisk is the server), the realm must match either the realm set in this object or the default_realm set in in the global object.
For outgoing authentication (asterisk is the UAC), the realm must match what the server will be sending in their WWW-Authenticate header. It can't be blank unless you expect the server to be sending a blank realm in the header. You can't use pre-hashed passwords with a wildcard auth object. You can generate the hash with the following shell command:
$ echo -n "myname:myrealm:mypassword" | md5sum
Note the '-n'. You don't want a newline to be part of the hash.
| Anchor | ||||
|---|---|---|---|---|
|
...
| Anchor | ||||
|---|---|---|---|---|
|
realm
The treatment of this value depends upon how the authentication object is used.
When used as an inbound authentication object, the realm is sent as part of the challenge so the peer can know which key to use when responding. An empty value will use the global sectionFor incoming authentication (asterisk is the UAS), this is the realm to be sent on WWW-Authenticate headers. If not specified, the global object's default_realm value when issuing a challenge.When used as an outbound authentication object, the realm is matched with the received challenge realm to determine which authentication object to use when responding to the challenge. An empty value matches any challenging realm when determining which authentication object matches a received challenge will be used.
For outgoing authentication (asterisk is the UAC), this must either be the realm the server is expected to send, or left blank or contain a single '*' to automatically use the realm sent by the server. If you have multiple auth objects for an endpoint, the realm is also used to match the auth object to the realm the server sent.
| Info | ||
|---|---|---|
| ||
Using the same auth section for inbound and outbound authentication is not recommended. There is a difference in meaning for an empty realm setting between inbound and outbound authentication uses. |
| Info | ||
|---|---|---|
| ||
If more than one auth object with the same realm or more than one wildcard auth object associated to an endpoint, we can only use the first one of each defined on the endpoint. |
domain_alias
Domain Alias
Configuration Option Reference
...
Option Name | Type | Default Value | Regular Expression | Description |
|---|---|---|---|---|
| | | | Number of simultaneous Asynchronous Operations, can no longer be set, always set to 1 |
| |
| | IP Address and optional port to bind to for this transport |
| |
| | File containing a list of certificates to read (TLS ONLY, not WSS) |
| |
| | Path to directory containing a list of certificates to read (TLS ONLY, not WSS) |
|
| | Certificate file for endpoint (TLS ONLY, not WSS) | |
|
| | Preferred cryptography cipher names (TLS ONLY, not WSS) | |
| |
| | Domain the transport comes from |
|
| | External IP address to use in RTP handling | |
| |
| | External address for SIP signalling |
| | | | External port for SIP signalling |
|
| | Method of SSL transport (TLS ONLY, not WSS) | |
|
| | Network to consider local (used for NAT purposes). | |
| |
| | Password required for transport |
| |
| | Private key file (TLS ONLY, not WSS) |
| | | Protocol to use for SIP traffic | |
| |
| | Require client certificate (TLS ONLY, not WSS) |
| |
| | Must be of type 'transport'. |
| |
| | Require verification of client certificate (TLS ONLY, not WSS) |
| |
| | Require verification of server certificate (TLS ONLY, not WSS) |
| | | Enable TOS for the signalling sent over this transport | |
| | | Enable COS for the signalling sent over this transport | |
| | | The timeout (in milliseconds) to set on WebSocket connections. | |
| | | Allow this transport to be reloaded. | |
|
| | Allow use of wildcards in certificates (TLS ONLY) | |
| | | Use the same transport for outgoing requests as incoming ones. |
...
If a websocket connection accepts input slowly, the timeout for writes to it can be increased to keep it from being disconnected. Value is in milliseconds; default is 100 ms.
| Anchor | ||||
|---|---|---|---|---|
|
...
Allow this transport to be reloaded when res_pjsip is reloaded. This option defaults to "no" because reloading a transport may disrupt in-progress calls.
| Anchor | ||||
|---|---|---|---|---|
|
allow_wildcard_certs
In combination with verify_server, when enabled allow use of wildcards, i.e. '.' in certs for common,and subject alt names of type DNS for TLS transport types. Names must start with the wildcard. Partial wildcards, e.g. 'f.example.com' and 'foo..com' are not allowed. As well, names only match against a single level meaning '.example.com' matches 'foo.example.com', but not 'foo.bar.example.com'.
| Anchor | ||||
|---|---|---|---|---|
|
...
Option Name | Type | Default Value | Regular Expression | Description |
|---|---|---|---|---|
| |
| | Must be of type 'contact'. |
| |
| | SIP URI to contact peer |
|
| | Time to keep alive a contact | |
| | | Interval at which to qualify a contact | |
| | | Timeout for qualify | |
| | | Authenticates a qualify challenge response if needed | |
|
| | Outbound proxy used when sending OPTIONS request | |
| |
| | Stored Path vector for use in Route headers on outgoing requests. |
|
| | User-Agent header from registration. | |
|
| | Endpoint name | |
|
| | Asterisk Server name | |
|
| | IP-address of the last Via header from registration. | |
| | | IP-port of the last Via header from registration. | |
|
| | Call-ID header from registration. | |
| | | A contact that cannot survive a restart/boot. |
...
Option Name | Type | Default Value | Regular Expression | Description |
|---|---|---|---|---|
|
| | Permanent contacts assigned to AoR | |
| | | | Default expiration time in seconds for contacts that are dynamically bound to an AoR. |
|
| | Allow subscriptions for the specified mailbox(es) | |
| |
| | The voicemail extension to send in the NOTIFY Message-Account header |
| | | Maximum time to keep an AoR | |
| | | Maximum number of contacts that can bind to an AoR | |
| | | Minimum keep alive time for an AoR | |
| | | Determines whether new contacts replace existing ones. | |
| | | Determines whether new contacts should replace unavailable ones. | |
| |
| | Must be of type 'aor'. |
| | | Interval at which to qualify an AoR | |
| | | Timeout for qualify | |
| | | Authenticates a qualify challenge response if needed | |
|
| | Outbound proxy used when sending OPTIONS request | |
| | | Enables Path support for REGISTER requests and Route support for other requests. |
...
This option applies when an external entity subscribes to an AoR for Message Waiting Indications. The mailboxes specified will be subscribed to. More than one mailbox can be specified with a comma-delimited string. app_voicemail mailboxes must be specified as [email protected]; for example: [email protected] For mailboxes provided by external sources, such as through the res_mwi_external _mwi module, you must specify strings supported by the external system.
...
| Info | ||
|---|---|---|
| ||
The rewrite_contact option registers the source address as the contact address to help with NAT and reusing connection oriented transports such as TCP and TLS. Unfortunately, refreshing a registration may register a different contact address and exceed max_contacts. The remove_existing option and remove_unavailable options can help by removing either the soonest to expire or unavailable contact(s) over max_contacts which is likely the old rewrite_contact contact source address being refreshed. |
...
| Info | ||
|---|---|---|
| ||
This should be set to |
| Anchor | ||||
|---|---|---|---|---|
|
remove_unavailable
The effect of this setting depends on the setting of remove_existing.
If remove_existing is set to no (default), setting remove_unavailable to yes will remove only unavailable contacts that exceed _max_contacts_to allow an incoming REGISTER to complete sucessfully.
If remove_existing is set to yes, setting remove_unavailable to yes will prioritize unavailable contacts for removal instead of just removing the contact that expires the soonest.
| Info | ||
|---|---|---|
| ||
See remove_existing and max_contacts for further information about how these 3 settings interact. |
| Anchor | ||||
|---|---|---|---|---|
|
...
Option Name | Type | Default Value | Regular Expression | Description |
|---|---|---|---|---|
| | | Set transaction timer T1 value (milliseconds). | |
| | | Set transaction timer B value (milliseconds). | |
| | | | Use the short forms of common SIP header names. |
| | | | Initial number of threads in the res_pjsip threadpool. |
| | | | The amount by which the number of threads is incremented when necessary. |
| | | | Number of seconds before an idle thread should be disposed of. |
| | | | Maximum number of threads in the res_pjsip threadpool. A value of 0 indicates no maximum. |
| | | Disable automatic switching from UDP to TCP transports. | |
| | | Follow SDP forked media when To tag is different | |
| | | Follow SDP forked media when To tag is the same | |
| | | Disable the use of rport in outgoing requests. | |
| |
| | Must be of type 'system' UNLESS the object name is 'system'. |
...
| Info | ||
|---|---|---|
| ||
This option must also be enabled on endpoints that require this functionality. |
| Anchor | ||||
|---|---|---|---|---|
|
disable_rport
Remove "rport" parameter from the outgoing requests.
global
Options that apply globally to all SIP communications
...
Option Name | Type | Default Value | Regular Expression | Description |
|---|---|---|---|---|
| | | | Value used in Max-Forwards header for SIP requests. |
| | | | The interval (in seconds) to send keepalives to active connection-oriented transports. |
| | | | The interval (in seconds) to check for expired contacts. |
| | | Disable Multi Domain support | |
| | | | The maximum amount of time from startup that qualifies should be attempted on all contacts. If greater than the qualify_frequency for an aor, qualify_frequency will be used instead. |
| | | The number of seconds over which to accumulate unidentified requests. | |
| | | The number of unidentified requests from a single IP to allow. | |
| | | | The interval at which unidentified requests are older than twice the unidentified_request_period are pruned. |
| |
| | Must be of type 'global' UNLESS the object name is 'global'. |
| | | | Value used in User-Agent header for SIP requests and Server header for SIP responses. |
| |
| | When set, Asterisk will dynamically create and destroy a NoOp priority 1 extension for a given peer who registers or unregisters with us. |
| | | | Endpoint to use when sending an outbound request to a URI without a specified endpoint. |
| |
| | The voicemail extension to send in the NOTIFY Message-Account header if not specified on endpoint or aor |
| | | | Enable/Disable SIP debug logging. Valid options include yes, no, or a host address |
| | | The order by which endpoint identifiers are processed and checked. Identifier names are usually derived from and can be found in the endpoint identifier module itself (res_pjsip_endpoint_identifier_*). You can use the CLI command "pjsip show identifiers" to see the identifiers currently available. | |
| | | | When Asterisk generates an outgoing SIP request, the From header username will be set to this value if there is no better option (such as CallerID) to be used. |
| | | | When Asterisk generates a challenge, the digest realm will be set to this value if there is no better option (such as auth/realm) to be used. |
| | | MWI taskprocessor high water alert trigger level. | |
| | | MWI taskprocessor low water clear alert level. | |
| | | Enable/Disable sending unsolicited MWI to all endpoints on startup. | |
| | | Enable/Disable ignoring SIP URI user field options. | |
| | | Place caller-id information into Contact header | |
| | | | Enable sending AMI ContactStatus event when a device refreshes its registration. |
| | | Trigger scope for taskprocessor overloads | |
| | | | Advertise support for RFC4488 REFER subscription suppression |
| | | Allow 180 after 183 |
Configuration Option Descriptions
...
global- (default) Any taskprocessor overload will trigger.pjsip_only- Only pjsip taskprocessor overloads will trigger.none- No overload detection will be performed.Warning title Warning The "none" and "pjsip_only" options should be used with extreme caution and only to mitigate specific issues. Under certain conditions they could make things worse.
| Anchor | ||||
|---|---|---|---|---|
|
allow_sending_180_after_183
Allow Asterisk to send 180 Ringing to an endpoint after 183 Session Progress has been send. If disabled Asterisk will instead send only a 183 Session Progress to the endpoint. (default: "no")
Import Version
This documentation was imported from Asterisk Version GIT-16-daed5935c8e414