;===============PJSIP.conf============= ;Global configuration parameters. Take great care in adding to global parameters and validate all changes made to assure they are not superceded by other options. [global] debug=yes disallow=h263 ;keep_alive_interval=15 ;//////////////////////// ;/// Transports //////// ;////////////////////// ;WebSecureSocket Transport Parameters [transport-wss] type=transport protocol=wss bind=0.0.0.0:443 ;Binding IP and PORT designation for WSS local_net=172.21.1.124/255.255.255.0 external_media_address=34.228.207.87 ;External Media IP to use external_signaling_address=34.228.207.87 ;External SIP IP address to use cert_file=/etc/asterisk/keys/star.pem ;Certificate file to use priv_key_file=/etc/asterisk/keys/star.key ;Private key file to use allow_reload=yes ;Allows for dynamic reloading for transport ;WebSocket Transport Parameters [transport-ws] type=transport protocol=ws bind=0.0.0.0:8088 ;Binding IP and PORT designation for WS ;local_net=172.21.1.124 local_net=172.21.1.124/255.255.255.0 ;Internal IP binding external_media_address=34.228.207.87 ;External Media IP to use external_signaling_address=34.228.207.87 ;External SIP IP address to use allow_reload=yes ;external_signaling_address: => If Asterisk V14.6 and if not set, BYE is not recieved by some some providers ; and contact=Private-IP however; if set to Public IP and Using a Proxy Server, ; then ACK is not sent in response to INVITE (200 OK) and contact=Public-IP, but ; Proxy Server needs the Private-IP, which is obtained by not the ; setting external_signaling_address; However, Asterisk V15.3 will not let us ; set the Contact to the Private-IP regardless of what we do. Setting rewrite_contact ; has no effect either way. (Bug?) ;TCP Transport Parameters [transport-tcp] type=transport protocol=tcp bind=0.0.0.0 ;local_net=172.21.1.124 ;Internal IP binding local_net=172.21.1.124/255.255.255.0 ;Internal IP binding external_media_address=34.228.207.87 ;External Media IP to use external_signaling_address=34.228.207.87 ;External SIP IP address to use allow_reload=yes ;Allows for dynamic reloading for transport ;UDP Transport Parameters [transport-udp] type=transport protocol=udp bind=0.0.0.0 ;local_net=172.21.1.124 ;Internal IP binding local_net=172.21.1.124/255.255.255.0 ;Internal IP binding external_media_address=34.228.207.87 ;External Media IP to use external_signaling_address=34.228.207.87 ;External SIP IP address to use allow_reload=yes ;Allows for dynamic reloading for transport ;TLS is not currently supported in our environment ;[transport-tls] ;type=transport ;protocol=tls ;bind=0.0.0.0:5061 ;cert_file=/etc/asterisk/keys/asterisk.crt ;priv_key_file=/etc/asterisk/keys/asterisk.key ;ca_list_file=/etc/asterisk/keys/ca.crt ;method=sslv23 ;This endpoint profile is designed to be used by all WebRTC related endpoints. This is used by the Agents logging in to the ACE Direct Agent portal as well as the Consumer Portal. [endpoint-webrtc](!) type=endpoint ;This declares the explicit type of contact that will use this profile transport=transport-wss ;This transport is declared to assure web secure sockets are used. context=from-internal disallow=all ;This prevents wanton codecs from entering our environment disallow=h263 ;Some providers send h263 as a priority codec, we can't allow this codec to enter our environment. allow=ulaw ;This is our preferred AUDIO codec allow=vp8 ;This is our preferred VIDEO codec allow=h264 ;This is our Secondary VIDEO codec (provider hard phones use h264) allow=t140 ;This allows Real Time Text force_avp=yes ;PJSIP will use the AVP, AVPF, SAVP, or SAVPF RTP profile for all media offers on outbound calls and media updates including those for DTLS-SRTP streams use_avpf=yes ;PJSIP will use the AVPF or SAVPF RTP profile for all media offers on outbound calls and media updates will decline media offers not using the AVPF or SAVPF profile media_encryption=dtls ;PJSIP will offer DTLS-SRTP, required for SIP WebRTC endpoints dtls_verify=fingerprint ;Verify that the provided peer certificate is valid dtls_fingerprint=SHA-1 ;This is the encryption method dtmf_mode=auto ;Automatically select the DTMF mode to communicate with dtls_rekey=0 ;Interval at which to renegotiate the TLS session and rekey dtls_cert_file=/etc/asterisk/keys/asterisk.pem dtls_ca_file=/etc/asterisk/keys/ca.crt dtls_setup=actpass ice_support=yes ;This enables required STUN/ICE NAT tools for network traversal media_use_received_transport=yes ;Communicate back on the same transport method that was received rtp_symmetric=yes ;Send RTP traffic back on the same port it received it force_rport=yes ;Forces the use of Reflexive Ports rewrite_contact=yes ;Allow re-invites message_context=internal-im ;Extensions context to allow for SIP text messaging between endpoints rtcp_mux=yes ;RTCP muxing is currently being used in Chrome and WebRTC trust_id_inbound=yes ;Trust information being sent bind_rtp_to_media_address=34.228.207.87 ;Use this address to facilitate outbound RTP traffic rtp_keepalive=30 ;send a keepalive to prevent disconnects due to 'silent line' detection. send_pai=yes ; cjm-jan18 -- sends P-Asserted-Identity header ;qualify=yes ;Preiodically attempts to communicate with an endpoint to validate its status user_eq_phone=yes ; cjm-jan18 -- adds "user=phone" tag to heades in SDP ;steve-tests ;webrtc=yes ;If enabled, callee has no video when doing webrtc<=>webrtc call ;qualify_frequency=60 ;If enabled, call failed;Frequency by which to validate connected endpoint asymmetric_rtp_codec=no trust_id_outbound=yes ;line=yes [kamailio](!) type=endpoint context=from-internal transport=transport-tcp media_address=34.228.207.87 disallow=all allow=ulaw allow=vp8 allow=h264 allow=t140 direct_media=no force_rport=yes ;rewrite_contact: If this is set to no, Z calls have one-way video (no video on WebRTC client) ; If this is set to yes, WebRTC<=>WebRTC has no Video or One-Way Video (Sometimes). rewrite_contact=yes rtp_symmetric=yes force_avp=yes ice_support=yes use_avpf=yes dtmf_mode=auto ;rfc4733 ;encryption=yes media_encryption=dtls ; Determines whether res_pjsip will use and enforce dtls_verify=fingerprint ; Verify that the provided peer certificate is valid (default: "") dtls_fingerprint=SHA-1 dtls_rekey=0 ; Interval at which to renegotiate the TLS session and rekey dtls_cert_file=/etc/asterisk/keys/asterisk.pem dtls_ca_file=/etc/asterisk/keys/ca.crt dtls_setup=actpass rtcp_mux=yes trust_id_inbound=yes trust_id_outbound=yes media_use_received_transport=yes message_context=internal-im aors=kamailio timers=no ;steve-tests ;line=yes [kamailio](kamailio) aors=kamailio [kamailio] type=aor contact=sip:172.21.1.108:5060 [kamailio] type=identify ; Must be of type identify (default: "") endpoint=kamailio match=172.21.1.108 ;//////////////////// ;/// Auths ///////// ;////////////////// [auth-provider](!) type=auth auth_type= [auth-userpass](!) type=auth auth_type=userpass ;////////////////// ;/// AORs //////// ;//////////////// [aor-single-reg](!) type=aor remove_existing=yes max_contacts=1 ;maximum allowed contacts to be registered to an endpoint ;qualify_frequency=10 ;Frequency by which to validate connected endpoint minimum_expiration=60 ;Minimum time for a contact to expire default_expiration=120 ;default time for a contact to expire ;maximum_expiration=60 ;Maximum allowed time for a contact to expire [aor-tcp-reg](!) type=aor remove_existing=yes ;Removes existing contacts when a new contact is established max_contacts=5 ;Maximum allowed contacts ;///////////////////////////// ;//////// Extensions //////// ;/////////////////////////// ;===============EXTENSION 90001 [90001](endpoint-webrtc) auth=auth90001 aors=90001 [auth90001](auth-userpass) password=1qaz1qaz username=90001 [90001](aor-single-reg) contact=sip:90001@172.21.1.108:5060 ;================EXTENSION 90002 [90002](kamailio) auth=auth90002 aors=90002 [auth90002](auth-userpass) password=1qaz1qaz username=90002 [90002](aor-single-reg) contact=sip:90002@172.21.1.108:5060 ;================EXTENSION 90003 [90003](endpoint-webrtc) auth=auth90003 aors=90003 [auth90003](auth-userpass) password=1qaz1qaz username=90003 [90003](aor-single-reg) contact=sip:90003@172.21.1.108:5060