[asterisk-commits] oej: trunk r216694 - /trunk/configs/sip.conf.sample
SVN commits to the Asterisk project
asterisk-commits at lists.digium.com
Mon Sep 7 07:41:10 CDT 2009
Author: oej
Date: Mon Sep 7 07:41:08 2009
New Revision: 216694
URL: http://svn.asterisk.org/svn-view/asterisk?view=rev&rev=216694
Log:
Update sip.conf.sample documentation, reorganize a bit
Modified:
trunk/configs/sip.conf.sample
Modified: trunk/configs/sip.conf.sample
URL: http://svn.asterisk.org/svn-view/asterisk/trunk/configs/sip.conf.sample?view=diff&rev=216694&r1=216693&r2=216694
==============================================================================
--- trunk/configs/sip.conf.sample (original)
+++ trunk/configs/sip.conf.sample Mon Sep 7 07:41:08 2009
@@ -141,40 +141,10 @@
;tlsenable=no ; Enable server for incoming TLS (secure) connections (default is no)
;tlsbindaddr=0.0.0.0 ; IP address for TLS server to bind to (0.0.0.0) binds to all interfaces)
; Optionally add a port number, 192.168.1.1:5063 (default is port 5061)
- ; Remember that the IP address must match the common name (hostname) in the
- ; certificate, so you don't want to bind a TLS socket to multiple IP addresses.
-
-;tlscertfile=</path/to/certificate.pem> ; Certificate file (*.pem only) to use for TLS connections
- ; default is to look for "asterisk.pem" in current directory
-
-;tlsprivatekey=</path/to/private.pem> ; Private key file (*.pem only) for TLS connections.
- ; If no tlsprivatekey is specified, tlscertfile is searched for
- ; for both public and private key.
-
-;tlscafile=</path/to/certificate>
-; If the server your connecting to uses a self signed certificate
-; you should have their certificate installed here so the code can
-; verify the authenticity of their certificate.
-
-;tlscadir=</path/to/ca/dir>
-; A directory full of CA certificates. The files must be named with
-; the CA subject name hash value.
-; (see man SSL_CTX_load_verify_locations for more info)
-
-;tlsdontverifyserver=[yes|no]
-; If set to yes, don't verify the servers certificate when acting as
-; a client. If you don't have the server's CA certificate you can
-; set this and it will connect without requiring tlscafile to be set.
-; Default is no.
-
-;tlscipher=<SSL cipher string>
-; A string specifying which SSL ciphers to use or not use
-; A list of valid SSL cipher strings can be found at:
-; http://www.openssl.org/docs/apps/ciphers.html#CIPHER_STRINGS
-;
-;tlsclientmethod=tlsv1 ; values include tlsv1, sslv3, sslv2.
- ; Specify protocol for outbound client connections.
- ; If left unspecified, the default is sslv2.
+ ; Remember that the DNS entry for the common name (server name) in the
+ ; certificate must point to the IP address you bind to,
+ ; so you don't want to bind a TLS socket to multiple IP addresses.
+
srvlookup=yes ; Enable DNS SRV lookups on outbound calls
; Note: Asterisk only uses the first host
@@ -204,21 +174,22 @@
;minexpiry=60 ; Minimum length of registrations/subscriptions (default 60)
;defaultexpiry=120 ; Default length of incoming/outgoing registration
;mwiexpiry=3600 ; Expiry time for outgoing MWI subscriptions
-;qualifyfreq=60 ; Qualification: How often to check for the
- ; host to be up in seconds
- ; Set to low value if you use low timeout for
- ; NAT of UDP sessions
+;qualifyfreq=60 ; Qualification: How often to check for the host to be up in seconds
+ ; Set to low value if you use low timeout for NAT of UDP sessions
+ ; Default: 60
;qualifygap=100 ; Number of milliseconds between each group of peers being qualified
+ ; Default: 100
;qualifypeers=1 ; Number of peers in a group to be qualified at the same time
+ ; Default: 1
;notifymimetype=text/plain ; Allow overriding of mime type in MWI NOTIFY
;buggymwi=no ; Cisco SIP firmware doesn't support the MWI RFC
; fully. Enable this option to not get error messages
; when sending MWI to phones with this bug.
;mwi_from=asterisk ; When sending MWI NOTIFY requests, use this setting in
; the From: header as the "name" portion. Also fill the
- ; "user" portion of the URI in the From: header with this
- ; value if no fromuser is set
- ; Default: empty
+ ; "user" portion of the URI in the From: header with this
+ ; value if no fromuser is set
+ ; Default: empty
;vmexten=voicemail ; dialplan extension to reach mailbox sets the
; Message-Account in the MWI notify message
; defaults to "asterisk"
@@ -253,7 +224,7 @@
; This may also be set for individual users/peers
;relaxdtmf=yes ; Relax dtmf handling
;trustrpid = no ; If Remote-Party-ID should be trusted
-;sendrpid = yes ; If Remote-Party-ID should be sent
+;sendrpid = yes ; If Remote-Party-ID should be sent (defaults to no)
;sendrpid = rpid ; Use the "Remote-Party-ID" header
; to send the identity of the remote party
; This is identical to sendrpid=yes
@@ -280,11 +251,6 @@
; The default user agent string also contains the Asterisk
; version. If you don't want to expose this, change the
; useragent string.
-;sdpsession=Asterisk PBX ; Allows you to change the SDP session name string, (s=)
- ; Like the useragent parameter, the default user agent string
- ; also contains the Asterisk version.
-;sdpowner=root ; Allows you to change the username field in the SDP owner string, (o=)
- ; This field MUST NOT contain spaces
;promiscredir = no ; If yes, allows 302 or REDIR to non-local SIP address
; Note that promiscredir when redirects are made to the
; local system will cause loops since Asterisk is incapable
@@ -368,6 +334,38 @@
; If you have qualify on and the peer becomes unreachable
; this setting will enforce inactivation of the regexten
; extension for the peer
+;------------------------ TLS settings ------------------------------------------------------------
+;tlscertfile=</path/to/certificate.pem> ; Certificate file (*.pem format only) to use for TLS connections
+ ; default is to look for "asterisk.pem" in current directory
+
+;tlsprivatekey=</path/to/private.pem> ; Private key file (*.pem format only) for TLS connections.
+ ; If no tlsprivatekey is specified, tlscertfile is searched for
+ ; for both public and private key.
+
+;tlscafile=</path/to/certificate>
+; If the server your connecting to uses a self signed certificate
+; you should have their certificate installed here so the code can
+; verify the authenticity of their certificate.
+
+;tlscadir=</path/to/ca/dir>
+; A directory full of CA certificates. The files must be named with
+; the CA subject name hash value.
+; (see man SSL_CTX_load_verify_locations for more info)
+
+;tlsdontverifyserver=[yes|no]
+; If set to yes, don't verify the servers certificate when acting as
+; a client. If you don't have the server's CA certificate you can
+; set this and it will connect without requiring tlscafile to be set.
+; Default is no.
+
+;tlscipher=<SSL cipher string>
+; A string specifying which SSL ciphers to use or not use
+; A list of valid SSL cipher strings can be found at:
+; http://www.openssl.org/docs/apps/ciphers.html#CIPHER_STRINGS
+;
+;tlsclientmethod=tlsv1 ; values include tlsv1, sslv3, sslv2.
+ ; Specify protocol for outbound client connections.
+ ; If left unspecified, the default is sslv2.
;
;--------------------------- SIP timers ----------------------------------------------------
; These timers are used primarily in INVITE transactions.
@@ -420,6 +418,10 @@
;session-refresher=uas
;
;--------------------------- HASH TABLE SIZES ------------------------------------------------
+; Hash tables are used internally by the SIP driver to locate objects in memory.
+; For every incoming call, Asterisk will match properties of the call with in-memory
+; hash tables to locate a matching device, peer or user.
+;
; For maximum efficiency, adjust the following
; values to be slightly larger than the maximum number of in-memory objects (devices).
; Too large, and space is wasted. Too small, and things will run slower.
@@ -575,6 +577,7 @@
; 0 = continue forever, hammering the other server
; until it accepts the registration
; Default is 0 tries, continue forever
+
;----------------------------------------- OUTBOUND MWI SUBSCRIPTIONS -------------------------
; Asterisk can subscribe to receive the MWI from another SIP server and store it locally for retrieval
; by other phones.
@@ -692,22 +695,22 @@
; call directly between the endpoints instead of sending
; a re-INVITE).
+;directmedia=nonat ; An additional option is to allow media path redirection
+ ; (reinvite) but only when the peer where the media is being
+ ; sent is known to not be behind a NAT (as the RTP core can
+ ; determine it based on the apparent IP address the media
+ ; arrives from).
+
+;directmedia=update ; Yet a third option... use UPDATE for media path redirection,
+ ; instead of INVITE. This can be combined with 'nonat', as
+ ; 'directmedia=update,nonat'. It implies 'yes'.
+
;directrtpsetup=yes ; Enable the new experimental direct RTP setup. This sets up
; the call directly with media peer-2-peer without re-invites.
; Will not work for video and cases where the callee sends
; RTP payloads and fmtp headers in the 200 OK that does not match the
; callers INVITE. This will also fail if directmedia is enabled when
; the device is actually behind NAT.
-
-;directmedia=nonat ; An additional option is to allow media path redirection
- ; (reinvite) but only when the peer where the media is being
- ; sent is known to not be behind a NAT (as the RTP core can
- ; determine it based on the apparent IP address the media
- ; arrives from).
-
-;directmedia=update ; Yet a third option... use UPDATE for media path redirection,
- ; instead of INVITE. This can be combined with 'nonat', as
- ; 'directmedia=update,nonat'. It implies 'yes'.
;ignoresdpversion=yes ; By default, Asterisk will honor the session version
; number in SDP packets and will only modify the SDP
@@ -717,6 +720,12 @@
; for devices that send us non standard SDP packets
; (observed with Microsoft OCS). By default this option is
; off.
+
+;sdpsession=Asterisk PBX ; Allows you to change the SDP session name string, (s=)
+ ; Like the useragent parameter, the default user agent string
+ ; also contains the Asterisk version.
+;sdpowner=root ; Allows you to change the username field in the SDP owner string, (o=)
+ ; This field MUST NOT contain spaces
;----------------------------------------- REALTIME SUPPORT ------------------------
; For additional information on ARA, the Asterisk Realtime Architecture,
More information about the asterisk-commits
mailing list