res_pjsip

pjsip.conf

[endpoint]

Endpoint

• 100rel - Allow support for RFC3262 provisional ACK tags
• aggregate_mwi - Condense MWI notifications into a single NOTIFY.
• allow - Media Codec(s) to allow
• codec_prefs_incoming_offer - Codec negotiation prefs for incoming offers.
• codec_prefs_outgoing_offer - Codec negotiation prefs for outgoing offers.
• codec_prefs_incoming_answer - Codec negotiation prefs for incoming answers.
• codec_prefs_outgoing_answer - Codec negotiation prefs for outgoing answers.
• allow_overlap - Enable RFC3578 overlap dialing support.
• overlap_context - Dialplan context to use for RFC3578 overlap dialing.
• aors - AoR(s) to be used with the endpoint

• auth - Authentication Object(s) associated with the endpoint

  Note

  Using the same auth section for inbound and outbound authentication is not recommended. There is a difference in meaning for an empty realm setting between inbound and outbound authentication uses. See the auth realm description for details.

• callerid - CallerID information for the endpoint

• callerid_privacy - Default privacy level
• callerid_tag - Internal id_tag for the endpoint
• context - Dialplan context for inbound sessions
• direct_media_glare_mitigation - Mitigation of direct media (re)INVITE glare
• direct_media_method - Direct Media method type
• trust_connected_line - Accept Connected Line updates from this endpoint
• send_connected_line - Send Connected Line updates to this endpoint
• connected_line_method - Connected line method type
• direct_media - Determines whether media may flow directly between endpoints.
• disable_direct_media_on_nat - Disable direct media session refreshes when NAT obstructs the media session
• disallow - Media Codec(s) to disallow
• dtmf_mode - DTMF mode

• media_address - IP address used in SDP for media handling

  Note

  Be aware that the external_media_address option, set in Transport configuration, can also affect the final media address used in the SDP.

• bind_rtp_to_media_address - Bind the RTP instance to the media_address

• force_rport - Force use of return port
• ice_support - Enable the ICE mechanism to help traverse NAT

• identify_by - Way(s) for the endpoint to be identified

  Note

  This option controls both how an endpoint is matched for incoming traffic and also how an AOR is determined if a registration occurs. You must list at least one method that also matches for AORs or the registration will fail.

• redirect_method - How redirects received from an endpoint are handled

• follow_redirect_methods - Follow 3XX redirect responses for the defined SIP methods.
• mailboxes - NOTIFY the endpoint when state changes for any of the specified mailboxes
• mwi_subscribe_replaces_unsolicited - An MWI subscribe will replace sending unsolicited NOTIFYs
• voicemail_extension - The voicemail extension to send in the NOTIFY Message-Account header
• moh_suggest - Default Music On Hold class

• outbound_auth - Authentication object(s) used for outbound requests

  Note

  Using the same auth section for inbound and outbound authentication is not recommended. There is a difference in meaning for an empty realm setting between inbound and outbound authentication uses. See the auth realm description for details.

• outbound_proxy - Full SIP URI of the outbound proxy used to send requests

• rewrite_contact - Allow Contact header to be rewritten with the source IP address-port
• rtp_ipv6 - Allow use of IPv6 for RTP traffic
• rtp_symmetric - Enforce that RTP must be symmetric
• send_diversion - Send the Diversion header, conveying the diversion information to the called user agent
• send_history_info - Send the History-Info header, conveying the diversion information to the called and calling user agents
• send_pai - Send the P-Asserted-Identity header
• send_rpid - Send the Remote-Party-ID header
• rpid_immediate - Immediately send connected line updates on unanswered incoming calls.
• tenantid - The tenant ID for this endpoint.
• timers_min_se - Minimum session timers expiration period
• timers - Session timers for SIP packets
• timers_sess_expires - Maximum session timer expiration period

• transport - Explicit transport configuration to use

  Note

  Not specifying a transport will select the first configured transport in pjsip.conf which is compatible with the URI we are trying to contact.

  Warning

  Transport configuration is not affected by reloads. In order to change transports, a full Asterisk restart is required

• trust_id_inbound - Accept identification information received from this endpoint

• trust_id_outbound - Send private identification details to the endpoint.
• type - Must be of type 'endpoint'.
• use_ptime - Use Endpoint's requested packetization interval
• use_avpf - Determines whether res_pjsip will use and enforce usage of AVPF for this endpoint.
• force_avp - Determines whether res_pjsip will use and enforce usage of AVP, regardless of the RTP profile in use for this endpoint.
• media_use_received_transport - Determines whether res_pjsip will use the media transport received in the offer SDP in the corresponding answer SDP.
• media_encryption - Determines whether res_pjsip will use and enforce usage of media encryption for this endpoint.
• media_encryption_optimistic - Determines whether encryption should be used if possible but does not terminate the session if not achieved.
• g726_non_standard - Force g.726 to use AAL2 packing order when negotiating g.726 audio
• inband_progress - Determines whether chan_pjsip will indicate ringing using inband progress.
• call_group - The numeric pickup groups for a channel.
• pickup_group - The numeric pickup groups that a channel can pickup.
• named_call_group - The named pickup groups for a channel.
• named_pickup_group - The named pickup groups that a channel can pickup.
• device_state_busy_at - The number of in-use channels which will cause busy to be returned as device state
• t38_udptl - Whether T.38 UDPTL support is enabled or not
• t38_udptl_ec - T.38 UDPTL error correction method
• t38_udptl_maxdatagram - T.38 UDPTL maximum datagram size
• fax_detect - Whether CNG tone detection is enabled
• fax_detect_timeout - How long into a call before fax_detect is disabled for the call
• t38_udptl_nat - Whether NAT support is enabled on UDPTL sessions
• t38_udptl_ipv6 - Whether IPv6 is used for UDPTL Sessions
• t38_bind_udptl_to_media_address - Bind the UDPTL instance to the media_adress
• tone_zone - Set which country's indications to use for channels created for this endpoint.
• language - Set the default language to use for channels created for this endpoint.
• one_touch_recording - Determines whether one-touch recording is allowed for this endpoint.

• record_on_feature - The feature to enact when one-touch recording is turned on.

  Note

  This setting has no effect if the endpoint's one_touch_recording option is disabled

• record_off_feature - The feature to enact when one-touch recording is turned off.

  Note

  This setting has no effect if the endpoint's one_touch_recording option is disabled

• rtp_engine - Name of the RTP engine to use for channels created for this endpoint

• allow_transfer - Determines whether SIP REFER transfers are allowed for this endpoint
• user_eq_phone - Determines whether a user=phone parameter is placed into the request URI if the user is determined to be a phone number
• moh_passthrough - Determines whether hold and unhold will be passed through using re-INVITEs with recvonly and sendrecv to the remote side
• sdp_owner - String placed as the username portion of an SDP origin (o=) line.
• sdp_session - String used for the SDP session (s=) line.
• tos_audio - DSCP TOS bits for audio streams
• tos_video - DSCP TOS bits for video streams
• cos_audio - Priority for audio streams
• cos_video - Priority for video streams
• allow_subscribe - Determines if endpoint is allowed to initiate subscriptions with Asterisk.
• sub_min_expiry - The minimum allowed expiry time for subscriptions initiated by the endpoint.
• from_user - Username to use in From header for requests to this endpoint.
• mwi_from_user - Username to use in From header for unsolicited MWI NOTIFYs to this endpoint.
• from_domain - Domain to use in From header for requests to this endpoint.
• dtls_verify - Verify that the provided peer certificate is valid
• dtls_rekey - Interval at which to renegotiate the TLS session and rekey the SRTP session
• dtls_auto_generate_cert - Whether or not to automatically generate an ephemeral X.509 certificate
• dtls_cert_file - Path to certificate file to present to peer
• dtls_private_key - Path to private key for certificate file
• dtls_cipher - Cipher to use for DTLS negotiation
• dtls_ca_file - Path to certificate authority certificate
• dtls_ca_path - Path to a directory containing certificate authority certificates
• dtls_setup - Whether we are willing to accept connections, connect to the other party, or both.
• dtls_fingerprint - Type of hash to use for the DTLS fingerprint in the SDP.
• srtp_tag_32 - Determines whether 32 byte tags should be used instead of 80 byte tags.
• set_var - Variable set on a channel involving the endpoint.
• message_context - Context to route incoming MESSAGE requests to.
• accountcode - An accountcode to set automatically on any channels created for this endpoint.

• preferred_codec_only - Respond to a SIP invite with the single most preferred codec (DEPRECATED)

  Warning

  This option has been deprecated in favor of incoming_call_offer_pref. Setting both options is unsupported.

• incoming_call_offer_pref - Preferences for selecting codecs for an incoming call.

  Note

  This list will consist of only those codecs found in both lists.

• outgoing_call_offer_pref - Preferences for selecting codecs for an outgoing call.

• rtp_keepalive - Number of seconds between RTP comfort noise keepalive packets.
• rtp_timeout - Maximum number of seconds without receiving RTP (while off hold) before terminating call.
• rtp_timeout_hold - Maximum number of seconds without receiving RTP (while on hold) before terminating call.
• acl - List of IP ACL section names in acl.conf
• deny - List of IP addresses to deny access from
• permit - List of IP addresses to permit access from
• contact_acl - List of Contact ACL section names in acl.conf
• contact_deny - List of Contact header addresses to deny
• contact_permit - List of Contact header addresses to permit
• subscribe_context - Context for incoming MESSAGE requests.
• contact_user - Force the user on the outgoing Contact header to this value.
• asymmetric_rtp_codec - Allow the sending and receiving RTP codec to differ
• rtcp_mux - Enable RFC 5761 RTCP multiplexing on the RTP port
• refer_blind_progress - Whether to notifies all the progress details on blind transfer
• notify_early_inuse_ringing - Whether to notifies dialog-info 'early' on InUse&Ringing state
• max_audio_streams - The maximum number of allowed audio streams for the endpoint
• max_video_streams - The maximum number of allowed video streams for the endpoint
• bundle - Enable RTP bundling
• webrtc - Defaults and enables some options that are relevant to WebRTC
• incoming_mwi_mailbox - Mailbox name to use when incoming MWI NOTIFYs are received

• follow_early_media_fork - Follow SDP forked media when To tag is different

  Note

  This option must also be enabled in the system section for it to take effect here.

• accept_multiple_sdp_answers - Accept multiple SDP answers on non-100rel responses

  Note

  This option must also be enabled in the system section for it to take effect here.

• suppress_q850_reason_headers - Suppress Q.850 Reason headers for this endpoint

• ignore_183_without_sdp - Do not forward 183 when it doesn't contain SDP
• stir_shaken - Enable STIR/SHAKEN support on this endpoint
• stir_shaken_profile - STIR/SHAKEN profile containing additional configuration options
• allow_unauthenticated_options - Skip authentication when receiving OPTIONS requests
• security_negotiation - The kind of security agreement negotiation to use. Currently, only mediasec is supported.
• security_mechanisms - List of security mechanisms supported.
• geoloc_incoming_call_profile - Geolocation profile to apply to incoming calls
• geoloc_outgoing_call_profile - Geolocation profile to apply to outgoing calls
• send_aoc - Send Advice-of-Charge messages

• suppress_moh_on_sendonly - Suppress playing MOH to party A if party B sends "sendonly" or "inactive" in an SDP

  Note

  This doesn't just apply to 183 responses. MOH will be suppressed when the attribute appears in any SDP received including INVITEs, re-INVITES, and other responses.

[auth]

Authentication type

• auth_type - Authentication type
• username - Username to use for account
• password - Plain text password used for authentication.
• password_digest - One or more pre-computed hashes used for authentication.
• md5_cred - MD5 Hash used for authentication. (deprecated)
• supported_algorithms_uac - Comma separated list of algorithms to support when this auth is used as a UAC
• supported_algorithms_uas - Comma separated list of algorithms to support when this auth is used as a UAS
• refresh_token - OAuth 2.0 refresh token
• oauth_clientid - OAuth 2.0 application's client id
• oauth_secret - OAuth 2.0 application's secret

• realm - SIP realm for endpoint

  Note

  Using the same auth section for inbound and outbound authentication is not recommended. There is a difference in meaning for an empty realm setting between inbound and outbound authentication uses.

  Note

  If more than one auth object with the same realm or more than one wildcard auth object is associated to an endpoint, only the first one of each defined on the endpoint will be used.

• nonce_lifetime - Lifetime of a nonce associated with this authentication config.

• type - Must be 'auth'

[domain_alias]

Domain Alias

• type - Must be of type 'domain_alias'.
• domain - Domain to be aliased

[transport]

SIP Transport

• async_operations - Number of simultaneous Asynchronous Operations, can no longer be set, always set to 1
• bind - IP Address and optional port to bind to for this transport
• ca_list_file - File containing a list of certificates to read (TLS ONLY, not WSS)
• ca_list_path - Path to directory containing a list of certificates to read (TLS ONLY, not WSS)
• cert_file - Certificate file for endpoint (TLS ONLY, not WSS)
• cipher - Preferred cryptography cipher names (TLS ONLY, not WSS)
• domain - Domain the transport comes from
• external_media_address - External IP address to use in RTP handling
• external_signaling_address - External address for SIP signalling
• external_signaling_port - External port for SIP signalling
• method - Method of SSL transport (TLS ONLY, not WSS)
• local_net - Network to consider local (used for NAT purposes).
• password - Password required for transport
• priv_key_file - Private key file (TLS ONLY, not WSS)
• protocol - Protocol to use for SIP traffic
• require_client_cert - Require client certificate (TLS ONLY, not WSS)
• tcp_keepalive_enable - Enable TCP keepalive
• tcp_keepalive_idle_time - Idle time before the first TCP keepalive probe is sent
• tcp_keepalive_interval_time - Interval between TCP keepalive probes
• tcp_keepalive_probe_count - Maximum number of TCP keepalive probes
• type - Must be of type 'transport'.
• verify_client - Require verification of client certificate (TLS ONLY, not WSS)
• verify_server - Require verification of server certificate (TLS ONLY, not WSS)

• tos - Enable TOS for the signalling sent over this transport

  Note

  This option does not apply to the ws or the wss protocols.

• cos - Enable COS for the signalling sent over this transport

  Note

  This option does not apply to the ws or the wss protocols.

• websocket_write_timeout - The timeout (in milliseconds) to set on WebSocket connections.

• allow_reload - Allow this transport to be reloaded.
• allow_wildcard_certs - Allow use of wildcards in certificates (TLS ONLY)
• symmetric_transport - Use the same transport for outgoing requests as incoming ones.

[contact]

A way of creating an aliased name to a SIP URI

• type - Must be of type 'contact'.
• uri - SIP URI to contact peer
• expiration_time - Time to keep alive a contact
• qualify_frequency - Interval at which to qualify a contact
• qualify_timeout - Timeout for qualify
• qualify_2xx_only - Only qualify contact if OPTIONS request returns 2XX

• authenticate_qualify - Authenticates a qualify challenge response if needed

  Note

  This option does nothing as we will always complete the challenge response authentication if the qualify request is challenged.

• outbound_proxy - Outbound proxy used when sending OPTIONS request

• path - Stored Path vector for use in Route headers on outgoing requests.
• user_agent - User-Agent header from registration.
• endpoint - Endpoint name
• reg_server - Asterisk Server name
• via_addr - IP-address of the last Via header from registration.
• via_port - IP-port of the last Via header from registration.
• call_id - Call-ID header from registration.
• prune_on_boot - A contact that cannot survive a restart/boot.

[aor]

The configuration for a location of an endpoint

• contact - Permanent contacts assigned to AoR
• default_expiration - Default expiration time in seconds for contacts that are dynamically bound to an AoR.
• mailboxes - Allow subscriptions for the specified mailbox(es)
• voicemail_extension - The voicemail extension to send in the NOTIFY Message-Account header
• maximum_expiration - Maximum time to keep an AoR

• max_contacts - Maximum number of contacts that can bind to an AoR

  Note

  The rewrite_contact option registers the source address as the contact address to help with NAT and reusing connection oriented transports such as TCP and TLS. Unfortunately, refreshing a registration may register a different contact address and exceed max_contacts. The remove_existing and remove_unavailable options can help by removing either the soonest to expire or unavailable contact(s) over max_contacts which is likely the old rewrite_contact contact source address being refreshed.

  Note

  This should be set to 1 and remove_existing set to yes if you wish to stick with the older chan_sip behaviour.

• minimum_expiration - Minimum keep alive time for an AoR

• remove_existing - Determines whether new contacts replace existing ones.

  Note

  The rewrite_contact option registers the source address as the contact address to help with NAT and reusing connection oriented transports such as TCP and TLS. Unfortunately, refreshing a registration may register a different contact address and exceed max_contacts. The remove_existing option can help by removing the soonest to expire contact(s) over max_contacts which is likely the old rewrite_contact contact source address being refreshed.

  Note

  This should be set to yes and max_contacts set to 1 if you wish to stick with the older chan_sip behaviour.

• remove_unavailable - Determines whether new contacts should replace unavailable ones.

  Note

  See remove_existing and max_contacts for further information about how these 3 settings interact.

• type - Must be of type 'aor'.

• qualify_frequency - Interval at which to qualify an AoR
• qualify_timeout - Timeout for qualify
• qualify_2xx_only - Only qualify contact if OPTIONS request returns 2XX

• authenticate_qualify - Authenticates a qualify challenge response if needed

  Note

  This option does nothing as we will always complete the challenge response authentication if the qualify request is challenged.

• outbound_proxy - Outbound proxy used when sending OPTIONS request

• support_path - Enables Path support for REGISTER requests and Route support for other requests.

[system]

Options that apply to the SIP stack as well as other system-wide settings

• timer_t1 - Set transaction timer T1 value (milliseconds).
• timer_b - Set transaction timer B value (milliseconds).
• compact_headers - Use the short forms of common SIP header names.
• taskpool_minimum_size - Minimum number of taskprocessors in the res_pjsip taskpool.
• taskpool_initial_size - Initial number of taskprocessors in the res_pjsip taskpool.
• taskpool_auto_increment - The amount by which the number of taskprocessors is incremented when necessary.
• taskpool_idle_timeout - Number of seconds before an idle taskprocessor should be disposed of.
• taskpool_max_size - Maximum number of taskprocessors in the res_pjsip taskpool. A value of 0 indicates no maximum.
• threadpool_initial_size - Initial number of threads in the res_pjsip taskpool. Deprecated in favor of taskpool_initial_size.
• threadpool_auto_increment - The amount by which the number of threads is incremented when necessary. Deprecated in favor of taskpool_auto_increment.
• threadpool_idle_timeout - Number of seconds before an idle taskprocessor should be disposed of. Deprecated in favor of taskpool_idle_timeout.
• threadpool_max_size - Maximum number of taskprocessors in the res_pjsip taskpool. A value of 0 indicates no maximum. Deprecated in favor of taskpool_max_size.
• disable_tcp_switch - Disable automatic switching from UDP to TCP transports.

• follow_early_media_fork - Follow SDP forked media when To tag is different

  Note

  This option must also be enabled on endpoints that require this functionality.

• accept_multiple_sdp_answers - Follow SDP forked media when To tag is the same

  Note

  This option must also be enabled on endpoints that require this functionality.

• disable_rport - Disable the use of rport in outgoing requests.

• type - Must be of type 'system' UNLESS the object name is 'system'.

[global]

Options that apply globally to all SIP communications

• max_forwards - Value used in Max-Forwards header for SIP requests.
• keep_alive_interval - The interval (in seconds) to send keepalives to active connection-oriented transports.
• contact_expiration_check_interval - The interval (in seconds) to check for expired contacts.
• disable_multi_domain - Disable Multi Domain support
• max_initial_qualify_time - The maximum amount of time from startup that qualifies should be attempted on all contacts. If greater than the qualify_frequency for an aor, qualify_frequency will be used instead.
• unidentified_request_period - The number of seconds over which to accumulate unidentified requests.
• unidentified_request_count - The number of unidentified requests from a single IP to allow.
• unidentified_request_prune_interval - The interval at which unidentified requests are older than twice the unidentified_request_period are pruned.
• type - Must be of type 'global' UNLESS the object name is 'global'.
• user_agent - Value used in User-Agent header for SIP requests and Server header for SIP responses.
• regcontext - When set, Asterisk will dynamically create and destroy a NoOp priority 1 extension for a given peer who registers or unregisters with us.
• default_outbound_endpoint - Endpoint to use when sending an outbound request to a URI without a specified endpoint.
• default_voicemail_extension - The voicemail extension to send in the NOTIFY Message-Account header if not specified on endpoint or aor
• debug - Enable/Disable SIP debug logging. Valid options include yes, no, or a host address

• endpoint_identifier_order - The order by which endpoint identifiers are processed and checked. Identifier names are usually derived from and can be found in the endpoint identifier module itself (res_pjsip_endpoint_identifier_*). You can use the CLI command "pjsip show identifiers" to see the identifiers currently available.

  Note

  One of the identifiers is "auth_username" which matches on the username in an Authentication header. This method has some security considerations because an Authentication header is not present on the first message of a dialog when digest authentication is used. The client can't generate it until the server sends the challenge in a 401 response. Since Asterisk normally sends a security event when an incoming request can't be matched to an endpoint, using auth_username requires that the security event be deferred until a request is received with the Authentication header and only generated if the username doesn't result in a match. This may result in a delay before an attack is recognized. You can control how many unmatched requests are received from a single ip address before a security event is generated using the unidentified_request parameters.

• default_from_user - When Asterisk generates an outgoing SIP request, the From header username will be set to this value if there is no better option (such as CallerID) to be used.

• default_realm - When Asterisk generates a challenge, the digest realm will be set to this value if there is no better option (such as auth/realm) to be used.
• mwi_tps_queue_high - MWI taskprocessor high water alert trigger level.

• mwi_tps_queue_low - MWI taskprocessor low water clear alert level.

  Note

  Set to -1 for the low water level to be 90% of the high water level.

• mwi_disable_initial_unsolicited - Enable/Disable sending unsolicited MWI to all endpoints on startup.

• ignore_uri_user_options - Enable/Disable ignoring SIP URI user field options.

  Note

  The caller-id and redirecting number strings obtained from incoming SIP URI user fields are always truncated at the first semicolon.

• use_callerid_contact - Place caller-id information into Contact header

• send_contact_status_on_update_registration - Enable sending AMI ContactStatus event when a device refreshes its registration.

• taskprocessor_overload_trigger - Trigger scope for taskprocessor overloads

  Warning

  The "none" and "pjsip_only" options should be used with extreme caution and only to mitigate specific issues. Under certain conditions they could make things worse.

• norefersub - Advertise support for RFC4488 REFER subscription suppression

• allow_sending_180_after_183 - Allow 180 after 183
• all_codecs_on_empty_reinvite - If we should return all codecs on re-INVITE without SDP
• default_auth_algorithms_uas - List of default authentication algorithms to support when Asterisk is UAS
• default_auth_algorithms_uac - List of default authentication algorithms to support when Asterisk is UAC