external.xml 4.8 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495
  1. <profile name="external">
  2. <!-- http://wiki.freeswitch.org/wiki/Sofia_Configuration_Files -->
  3. <!-- This profile is only for outbound registrations to providers -->
  4. <gateways>
  5. <X-PRE-PROCESS cmd="include" data="external/*.xml"/>
  6. </gateways>
  7. <aliases>
  8. <!--
  9. <alias name="outbound"/>
  10. <alias name="nat"/>
  11. -->
  12. </aliases>
  13. <domains>
  14. <domain name="all" alias="false" parse="true"/>
  15. </domains>
  16. <settings>
  17. <param name="debug" value="0"/>
  18. <!-- If you want FreeSWITCH to shutdown if this profile fails to load, uncomment the next line. -->
  19. <!-- <param name="shutdown-on-fail" value="true"/> -->
  20. <param name="sip-trace" value="no"/>
  21. <param name="sip-capture" value="no"/>
  22. <param name="rfc2833-pt" value="101"/>
  23. <!-- RFC 5626 : Send reg-id and sip.instance -->
  24. <!--<param name="enable-rfc-5626" value="true"/> -->
  25. <param name="sip-port" value="$${external_sip_port}"/>
  26. <param name="dialplan" value="XML"/>
  27. <param name="context" value="public"/>
  28. <param name="dtmf-duration" value="2000"/>
  29. <param name="inbound-codec-prefs" value="$${global_codec_prefs}"/>
  30. <param name="outbound-codec-prefs" value="$${outbound_codec_prefs}"/>
  31. <param name="hold-music" value="$${hold_music}"/>
  32. <param name="rtp-timer-name" value="soft"/>
  33. <!--<param name="enable-100rel" value="true"/>-->
  34. <!--<param name="disable-srv503" value="true"/>-->
  35. <!-- This could be set to "passive" -->
  36. <param name="local-network-acl" value="localnet.auto"/>
  37. <param name="manage-presence" value="false"/>
  38. <!-- used to share presence info across sofia profiles
  39. manage-presence needs to be set to passive on this profile
  40. if you want it to behave as if it were the internal profile
  41. for presence.
  42. -->
  43. <!-- Name of the db to use for this profile -->
  44. <!--<param name="dbname" value="share_presence"/>-->
  45. <!--<param name="presence-hosts" value="$${domain}"/>-->
  46. <!--<param name="force-register-domain" value="$${domain}"/>-->
  47. <!--all inbound reg will stored in the db using this domain -->
  48. <!--<param name="force-register-db-domain" value="$${domain}"/>-->
  49. <!-- ************************************************* -->
  50. <!--<param name="aggressive-nat-detection" value="true"/>-->
  51. <param name="inbound-codec-negotiation" value="generous"/>
  52. <param name="nonce-ttl" value="60"/>
  53. <param name="auth-calls" value="$${external_auth_calls}"/>
  54. <param name="inbound-late-negotiation" value="true"/>
  55. <!--
  56. DO NOT USE HOSTNAMES, ONLY IP ADDRESSES IN THESE SETTINGS!
  57. -->
  58. <param name="rtp-ip" value="$${external_rtp_ip}"/>
  59. <param name="sip-ip" value="$${external_sip_ip}"/>
  60. <param name="ext-rtp-ip" value="auto-nat"/>
  61. <param name="ext-sip-ip" value="auto-nat"/>
  62. <param name="rtp-timeout-sec" value="300"/>
  63. <param name="rtp-hold-timeout-sec" value="1800"/>
  64. <!--<param name="enable-3pcc" value="true"/>-->
  65. <!-- TLS: disabled by default, set to "true" to enable -->
  66. <param name="tls" value="$${external_ssl_enable}"/>
  67. <!-- Set to true to not bind on the normal sip-port but only on the TLS port -->
  68. <param name="tls-only" value="false"/>
  69. <!-- additional bind parameters for TLS -->
  70. <param name="tls-bind-params" value="transport=tls"/>
  71. <!-- Port to listen on for TLS requests. (5081 will be used if unspecified) -->
  72. <param name="tls-sip-port" value="$${external_tls_port}"/>
  73. <!-- Location of the agent.pem and cafile.pem ssl certificates (needed for TLS server) -->
  74. <param name="tls-cert-dir" value="$${external_ssl_dir}"/>
  75. <!-- Optionally set the passphrase password used by openSSL to encrypt/decrypt TLS private key files -->
  76. <param name="tls-passphrase" value=""/>
  77. <!-- Verify the date on TLS certificates -->
  78. <param name="tls-verify-date" value="true"/>
  79. <!-- TLS verify policy, when registering/inviting gateways with other servers (outbound) or handling inbound registration/invite requests how should we verify their certificate -->
  80. <!-- set to 'in' to only verify incoming connections, 'out' to only verify outgoing connections, 'all' to verify all connections, also 'subjects_in', 'subjects_out' and 'subjects_all' for subject validation. Multiple policies can be split with a '|' pipe -->
  81. <param name="tls-verify-policy" value="none"/>
  82. <!-- Certificate max verify depth to use for validating peer TLS certificates when the verify policy is not none -->
  83. <param name="tls-verify-depth" value="2"/>
  84. <!-- If the tls-verify-policy is set to subjects_all or subjects_in this sets which subjects are allowed, multiple subjects can be split with a '|' pipe -->
  85. <param name="tls-verify-in-subjects" value=""/>
  86. <!-- TLS version ("sslv23" (default), "tlsv1"). NOTE: Phones may not work with TLSv1 -->
  87. <param name="tls-version" value="$${sip_tls_version}"/>
  88. </settings>
  89. </profile>