forks
/
asterisk
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
asterisk/res/res_pjsip/pjsip_config.xml

2402 lines
111 KiB
XML
Raw Normal View History

v18.15.1
2023-05-25 18:45:57 +00:00
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE docs SYSTEM "appdocsxml.dtd">
<?xml-stylesheet type="text/xsl" href="appdocsxml.xslt"?>
<docs xmlns:xi="http://www.w3.org/2001/XInclude">
<configInfo name="res_pjsip" language="en_US">
<synopsis>SIP Resource using PJProject</synopsis>
<configFile name="pjsip.conf">
<configObject name="endpoint">
<synopsis>Endpoint</synopsis>
<description><para>
The <emphasis>Endpoint</emphasis> is the primary configuration object.
It contains the core SIP related options only, endpoints are <emphasis>NOT</emphasis>
dialable entries of their own. Communication with another SIP device is
accomplished via Addresses of Record (AoRs) which have one or more
contacts associated with them. Endpoints <emphasis>NOT</emphasis> configured to
use a <literal>transport</literal> will default to first transport found
in <filename>pjsip.conf</filename> that matches its type.
</para>
<para>Example: An Endpoint has been configured with no transport.
When it comes time to call an AoR, PJSIP will find the
first transport that matches the type. A SIP URI of <literal>sip:5000@[11::33]</literal>
will use the first IPv6 transport and try to send the request.
</para>
<para>If the anonymous endpoint identifier is in use an endpoint with the name
"anonymous@domain" will be searched for as a last resort. If this is not found
it will fall back to searching for "anonymous". If neither endpoints are found
the anonymous endpoint identifier will not return an endpoint and anonymous
calling will not be possible.
</para>
</description>
<configOption name="100rel" default="yes">
<synopsis>Allow support for RFC3262 provisional ACK tags</synopsis>
<description>
<enumlist>
<enum name="no" />
<enum name="required" />
<enum name="yes" />
</enumlist>
</description>
</configOption>
<configOption name="aggregate_mwi" default="yes">
<synopsis>Condense MWI notifications into a single NOTIFY.</synopsis>
<description><para>When enabled, <replaceable>aggregate_mwi</replaceable> condenses message
waiting notifications from multiple mailboxes into a single NOTIFY. If it is disabled,
individual NOTIFYs are sent for each mailbox.</para></description>
</configOption>
<configOption name="allow">
<synopsis>Media Codec(s) to allow</synopsis>
</configOption>
<configOption name="codec_prefs_incoming_offer">
<synopsis>Codec negotiation prefs for incoming offers.</synopsis>
<description>
<para>
This is a string that describes how the codecs
specified on an incoming SDP offer (pending) are reconciled with the codecs specified
on an endpoint (configured) before being sent to the Asterisk core.
The string actually specifies 4 <literal>name:value</literal> pair parameters
separated by commas. Whitespace is ignored and they may be specified in any order.
Note that this option is reserved for future functionality.
</para>
<para>
Parameters:
</para>
<enumlist>
<enum name="prefer: &lt; pending | configured &gt;">
<para>
</para>
<enumlist>
<enum name="pending"><para>The codec list from the caller. (default)</para></enum>
<enum name="configured"><para>The codec list from the endpoint.</para></enum>
</enumlist>
</enum>
<enum name="operation : &lt; intersect | only_preferred | only_nonpreferred &gt;">
<para>
</para>
<enumlist>
<enum name="intersect"><para>Only common codecs with the preferred codecs first. (default)</para></enum>
<enum name="only_preferred"><para>Use only the preferred codecs.</para></enum>
<enum name="only_nonpreferred"><para>Use only the non-preferred codecs.</para></enum>
</enumlist>
</enum>
<enum name="keep : &lt; all | first &gt;">
<para>
</para>
<enumlist>
<enum name="all"><para>After the operation, keep all codecs. (default)</para></enum>
<enum name="first"><para>After the operation, keep only the first codec.</para></enum>
</enumlist>
</enum>
<enum name="transcode : &lt; allow | prevent &gt;">
<para>
</para>
<enumlist>
<enum name="allow"><para>Allow transcoding. (default)</para></enum>
<enum name="prevent"><para>Prevent transcoding.</para></enum>
</enumlist>
</enum>
</enumlist>
<para>
</para>
<example>
codec_prefs_incoming_offer = prefer: pending, operation: intersect, keep: all, transcode: allow
</example>
<para>
Prefer the codecs coming from the caller. Use only the ones that are common.
keeping the order of the preferred list. Keep all codecs in the result. Allow transcoding.
</para>
</description>
</configOption>
<configOption name="codec_prefs_outgoing_offer">
<synopsis>Codec negotiation prefs for outgoing offers.</synopsis>
<description>
<para>
This is a string that describes how the codecs specified in the topology that
comes from the Asterisk core (pending) are reconciled with the codecs specified on an
endpoint (configured) when sending an SDP offer.
The string actually specifies 4 <literal>name:value</literal> pair parameters
separated by commas. Whitespace is ignored and they may be specified in any order.
Note that this option is reserved for future functionality.
</para>
<para>
Parameters:
</para>
<enumlist>
<enum name="prefer: &lt; pending | configured &gt;">
<para>
</para>
<enumlist>
<enum name="pending"><para>The codec list from the core. (default)</para></enum>
<enum name="configured"><para>The codec list from the endpoint.</para></enum>
</enumlist>
</enum>
<enum name="operation : &lt; union | intersect | only_preferred | only_nonpreferred &gt;">
<para>
</para>
<enumlist>
<enum name="union"><para>Merge the lists with the preferred codecs first. (default)</para></enum>
<enum name="intersect"><para>Only common codecs with the preferred codecs first. (default)</para></enum>
<enum name="only_preferred"><para>Use only the preferred codecs.</para></enum>
<enum name="only_nonpreferred"><para>Use only the non-preferred codecs.</para></enum>
</enumlist>
</enum>
<enum name="keep : &lt; all | first &gt;">
<para>
</para>
<enumlist>
<enum name="all"><para>After the operation, keep all codecs. (default)</para></enum>
<enum name="first"><para>After the operation, keep only the first codec.</para></enum>
</enumlist>
</enum>
<enum name="transcode : &lt; allow | prevent &gt;">
<para>
</para>
<enumlist>
<enum name="allow"><para>Allow transcoding. (default)</para></enum>
<enum name="prevent"><para>Prevent transcoding.</para></enum>
</enumlist>
</enum>
</enumlist>
<para>
</para>
<example>
codec_prefs_outgoing_offer = prefer: configured, operation: union, keep: first, transcode: prevent
</example>
<para>
Prefer the codecs coming from the endpoint. Merge them with the codecs from the core
keeping the order of the preferred list. Keep only the first one. No transcoding allowed.
</para>
</description>
</configOption>
<configOption name="codec_prefs_incoming_answer">
<synopsis>Codec negotiation prefs for incoming answers.</synopsis>
<description>
<para>
This is a string that describes how the codecs specified in an incoming SDP answer
(pending) are reconciled with the codecs specified on an endpoint (configured)
when receiving an SDP answer.
The string actually specifies 4 <literal>name:value</literal> pair parameters
separated by commas. Whitespace is ignored and they may be specified in any order.
Note that this option is reserved for future functionality.
</para>
<para>
Parameters:
</para>
<enumlist>
<enum name="prefer: &lt; pending | configured &gt;">
<para>
</para>
<enumlist>
<enum name="pending"><para>The codec list in the received SDP answer. (default)</para></enum>
<enum name="configured"><para>The codec list from the endpoint.</para></enum>
</enumlist>
</enum>
<enum name="operation : &lt; union | intersect | only_preferred | only_nonpreferred &gt;">
<para>
</para>
<enumlist>
<enum name="union"><para>Merge the lists with the preferred codecs first.</para></enum>
<enum name="intersect"><para>Only common codecs with the preferred codecs first. (default)</para></enum>
<enum name="only_preferred"><para>Use only the preferred codecs.</para></enum>
<enum name="only_nonpreferred"><para>Use only the non-preferred codecs.</para></enum>
</enumlist>
</enum>
<enum name="keep : &lt; all | first &gt;">
<para>
</para>
<enumlist>
<enum name="all"><para>After the operation, keep all codecs. (default)</para></enum>
<enum name="first"><para>After the operation, keep only the first codec.</para></enum>
</enumlist>
</enum>
<enum name="transcode : &lt; allow | prevent &gt;">
<para>
The transcode parameter is ignored when processing answers.
</para>
</enum>
</enumlist>
<para>
</para>
<example>
codec_prefs_incoming_answer = keep: first
</example>
<para>
Use the defaults but keep oinly the first codec.
</para>
</description>
</configOption>
<configOption name="codec_prefs_outgoing_answer">
<synopsis>Codec negotiation prefs for outgoing answers.</synopsis>
<description>
<para>
This is a string that describes how the codecs that come from the core (pending)
are reconciled with the codecs specified on an endpoint (configured)
when sending an SDP answer.
The string actually specifies 4 <literal>name:value</literal> pair parameters
separated by commas. Whitespace is ignored and they may be specified in any order.
Note that this option is reserved for future functionality.
</para>
<para>
Parameters:
</para>
<enumlist>
<enum name="prefer: &lt; pending | configured &gt;">
<para>
</para>
<enumlist>
<enum name="pending"><para>The codec list that came from the core. (default)</para></enum>
<enum name="configured"><para>The codec list from the endpoint.</para></enum>
</enumlist>
</enum>
<enum name="operation : &lt; union | intersect | only_preferred | only_nonpreferred &gt;">
<para>
</para>
<enumlist>
<enum name="union"><para>Merge the lists with the preferred codecs first.</para></enum>
<enum name="intersect"><para>Only common codecs with the preferred codecs first. (default)</para></enum>
<enum name="only_preferred"><para>Use only the preferred codecs.</para></enum>
<enum name="only_nonpreferred"><para>Use only the non-preferred codecs.</para></enum>
</enumlist>
</enum>
<enum name="keep : &lt; all | first &gt;">
<para>
</para>
<enumlist>
<enum name="all"><para>After the operation, keep all codecs. (default)</para></enum>
<enum name="first"><para>After the operation, keep only the first codec.</para></enum>
</enumlist>
</enum>
<enum name="transcode : &lt; allow | prevent &gt;">
<para>
The transcode parameter is ignored when processing answers.
</para>
</enum>
</enumlist>
<para>
</para>
<example>
codec_prefs_incoming_answer = keep: first
</example>
<para>
Use the defaults but keep oinly the first codec.
</para>
</description>
</configOption>
<configOption name="allow_overlap" default="yes">
<synopsis>Enable RFC3578 overlap dialing support.</synopsis>
</configOption>
<configOption name="aors">
<synopsis>AoR(s) to be used with the endpoint</synopsis>
<description><para>
List of comma separated AoRs that the endpoint should be associated with.
</para></description>
</configOption>
<configOption name="auth">
<synopsis>Authentication Object(s) associated with the endpoint</synopsis>
<description><para>
This is a comma-delimited list of <replaceable>auth</replaceable> sections defined
in <filename>pjsip.conf</filename> to be used to verify inbound connection attempts.
</para><para>
Endpoints without an authentication object
configured will allow connections without verification.</para>
<note><para>
Using the same auth section for inbound and outbound
authentication is not recommended. There is a difference in
meaning for an empty realm setting between inbound and outbound
authentication uses. See the auth realm description for details.
</para></note>
</description>
</configOption>
<configOption name="callerid">
<synopsis>CallerID information for the endpoint</synopsis>
<description><para>
Must be in the format <literal>Name &lt;Number&gt;</literal>,
or only <literal>&lt;Number&gt;</literal>.
</para></description>
</configOption>
<configOption name="callerid_privacy">
<synopsis>Default privacy level</synopsis>
<description>
<enumlist>
<enum name="allowed_not_screened" />
<enum name="allowed_passed_screen" />
<enum name="allowed_failed_screen" />
<enum name="allowed" />
<enum name="prohib_not_screened" />
<enum name="prohib_passed_screen" />
<enum name="prohib_failed_screen" />
<enum name="prohib" />
<enum name="unavailable" />
</enumlist>
</description>
</configOption>
<configOption name="callerid_tag">
<synopsis>Internal id_tag for the endpoint</synopsis>
</configOption>
<configOption name="context">
<synopsis>Dialplan context for inbound sessions</synopsis>
</configOption>
<configOption name="direct_media_glare_mitigation" default="none">
<synopsis>Mitigation of direct media (re)INVITE glare</synopsis>
<description>
<para>
This setting attempts to avoid creating INVITE glare scenarios
by disabling direct media reINVITEs in one direction thereby allowing
designated servers (according to this option) to initiate direct
media reINVITEs without contention and significantly reducing call
setup time.
</para>
<para>
A more detailed description of how this option functions can be found on
the Asterisk wiki https://wiki.asterisk.org/wiki/display/AST/SIP+Direct+Media+Reinvite+Glare+Avoidance
</para>
<enumlist>
<enum name="none" />
<enum name="outgoing" />
<enum name="incoming" />
</enumlist>
</description>
</configOption>
<configOption name="direct_media_method" default="invite">
<synopsis>Direct Media method type</synopsis>
<description>
<para>Method for setting up Direct Media between endpoints.</para>
<enumlist>
<enum name="invite" />
<enum name="reinvite">
<para>Alias for the <literal>invite</literal> value.</para>
</enum>
<enum name="update" />
</enumlist>
</description>
</configOption>
<configOption name="trust_connected_line">
<synopsis>Accept Connected Line updates from this endpoint</synopsis>
</configOption>
<configOption name="send_connected_line">
<synopsis>Send Connected Line updates to this endpoint</synopsis>
</configOption>
<configOption name="connected_line_method" default="invite">
<synopsis>Connected line method type</synopsis>
<description>
<para>Method used when updating connected line information.</para>
<enumlist>
<enum name="invite">
<para>When set to <literal>invite</literal>, check the remote's Allow header and
if UPDATE is allowed, send UPDATE instead of INVITE to avoid SDP
renegotiation. If UPDATE is not Allowed, send INVITE.</para>
</enum>
<enum name="reinvite">
<para>Alias for the <literal>invite</literal> value.</para>
</enum>
<enum name="update">
<para>If set to <literal>update</literal>, send UPDATE regardless of what the remote
Allows. </para>
</enum>
</enumlist>
</description>
</configOption>
<configOption name="direct_media" default="yes">
<synopsis>Determines whether media may flow directly between endpoints.</synopsis>
</configOption>
<configOption name="disable_direct_media_on_nat" default="no">
<synopsis>Disable direct media session refreshes when NAT obstructs the media session</synopsis>
</configOption>
<configOption name="disallow">
<synopsis>Media Codec(s) to disallow</synopsis>
</configOption>
<configOption name="dtmf_mode" default="rfc4733">
<synopsis>DTMF mode</synopsis>
<description>
<para>This setting allows to choose the DTMF mode for endpoint communication.</para>
<enumlist>
<enum name="rfc4733">
<para>DTMF is sent out of band of the main audio stream. This
supercedes the older <emphasis>RFC-2833</emphasis> used within
the older <literal>chan_sip</literal>.</para>
</enum>
<enum name="inband">
<para>DTMF is sent as part of audio stream.</para>
</enum>
<enum name="info">
<para>DTMF is sent as SIP INFO packets.</para>
</enum>
<enum name="auto">
<para>DTMF is sent as RFC 4733 if the other side supports it or as INBAND if not.</para>
</enum>
<enum name="auto_info">
<para>DTMF is sent as RFC 4733 if the other side supports it or as SIP INFO if not.</para>
</enum>
</enumlist>
</description>
</configOption>
<configOption name="media_address">
<synopsis>IP address used in SDP for media handling</synopsis>
<description><para>
At the time of SDP creation, the IP address defined here will be used as
the media address for individual streams in the SDP.
</para>
<note><para>
Be aware that the <literal>external_media_address</literal> option, set in Transport
configuration, can also affect the final media address used in the SDP.
</para></note>
</description>
</configOption>
<configOption name="bind_rtp_to_media_address">
<synopsis>Bind the RTP instance to the media_address</synopsis>
<description><para>
If media_address is specified, this option causes the RTP instance to be bound to the
specified ip address which causes the packets to be sent from that address.
</para>
</description>
</configOption>
<configOption name="force_rport" default="yes">
<synopsis>Force use of return port</synopsis>
</configOption>
<configOption name="ice_support" default="no">
<synopsis>Enable the ICE mechanism to help traverse NAT</synopsis>
</configOption>
<configOption name="identify_by">
<synopsis>Way(s) for the endpoint to be identified</synopsis>
<description>
<para>Endpoints and AORs can be identified in multiple ways. This
option is a comma separated list of methods the endpoint can be
identified.
</para>
<note><para>
This option controls both how an endpoint is matched for incoming
traffic and also how an AOR is determined if a registration
occurs. You must list at least one method that also matches for
AORs or the registration will fail.
</para></note>
<enumlist>
<enum name="username">
<para>Matches the endpoint or AOR ID based on the username
and domain in the From header (or To header for AORs). If
an exact match on both username and domain/realm fails, the
match is retried with just the username.
</para>
</enum>
<enum name="auth_username">
<para>Matches the endpoint or AOR ID based on the username
and realm in the Authentication header. If an exact match
on both username and domain/realm fails, the match is
retried with just the username.
</para>
<note><para>This method of identification has some security
considerations because an Authentication header is not
present on the first message of a dialog when digest
authentication is used. The client can't generate it until
the server sends the challenge in a 401 response. Since
Asterisk normally sends a security event when an incoming
request can't be matched to an endpoint, using this method
requires that the security event be deferred until a request
is received with the Authentication header and only
generated if the username doesn't result in a match. This
may result in a delay before an attack is recognized. You
can control how many unmatched requests are received from
a single ip address before a security event is generated
using the <literal>unidentified_request</literal>
parameters in the "global" configuration object.
</para></note>
</enum>
<enum name="ip">
<para>Matches the endpoint based on the source IP address.
</para>
<para>This method of identification is not configured here
but simply allowed by this configuration option. See the
documentation for the <literal>identify</literal>
configuration section for more details on this method of
endpoint identification.
</para>
</enum>
<enum name="header">
<para>Matches the endpoint based on a configured SIP header
value.
</para>
<para>This method of identification is not configured here
but simply allowed by this configuration option. See the
documentation for the <literal>identify</literal>
configuration section for more details on this method of
endpoint identification.
</para>
</enum>
</enumlist>
</description>
</configOption>
<configOption name="redirect_method">
<synopsis>How redirects received from an endpoint are handled</synopsis>
<description><para>
When a redirect is received from an endpoint there are multiple ways it can be handled.
If this option is set to <literal>user</literal> the user portion of the redirect target
is treated as an extension within the dialplan and dialed using a Local channel. If this option
is set to <literal>uri_core</literal> the target URI is returned to the dialing application
which dials it using the PJSIP channel driver and endpoint originally used. If this option is
set to <literal>uri_pjsip</literal> the redirect occurs within chan_pjsip itself and is not exposed
to the core at all. The <literal>uri_pjsip</literal> option has the benefit of being more efficient
and also supporting multiple potential redirect targets. The con is that since redirection occurs
within chan_pjsip redirecting information is not forwarded and redirection can not be
prevented.
</para>
<enumlist>
<enum name="user" />
<enum name="uri_core" />
<enum name="uri_pjsip" />
</enumlist>
</description>
</configOption>
<configOption name="mailboxes">
<synopsis>NOTIFY the endpoint when state changes for any of the specified mailboxes</synopsis>
<description><para>
Asterisk will send unsolicited MWI NOTIFY messages to the endpoint when state
changes happen for any of the specified mailboxes. More than one mailbox can be
specified with a comma-delimited string. app_voicemail mailboxes must be specified
as mailbox@context; for example: mailboxes=6001@default. For mailboxes provided by
external sources, such as through the res_mwi_external module, you must specify
strings supported by the external system.
</para><para>
For endpoints that SUBSCRIBE for MWI, use the <literal>mailboxes</literal> option in your AOR
configuration.
</para></description>
</configOption>
<configOption name="mwi_subscribe_replaces_unsolicited">
<synopsis>An MWI subscribe will replace sending unsolicited NOTIFYs</synopsis>
</configOption>
<configOption name="voicemail_extension">
<synopsis>The voicemail extension to send in the NOTIFY Message-Account header</synopsis>
</configOption>
<configOption name="moh_suggest" default="default">
<synopsis>Default Music On Hold class</synopsis>
</configOption>
<configOption name="outbound_auth">
<synopsis>Authentication object(s) used for outbound requests</synopsis>
<description><para>
This is a comma-delimited list of <replaceable>auth</replaceable>
sections defined in <filename>pjsip.conf</filename> used to respond
to outbound connection authentication challenges.</para>
<note><para>
Using the same auth section for inbound and outbound
authentication is not recommended. There is a difference in
meaning for an empty realm setting between inbound and outbound
authentication uses. See the auth realm description for details.
</para></note>
</description>
</configOption>
<configOption name="outbound_proxy">
<synopsis>Full SIP URI of the outbound proxy used to send requests</synopsis>
</configOption>
<configOption name="rewrite_contact">
<synopsis>Allow Contact header to be rewritten with the source IP address-port</synopsis>
<description><para>
On inbound SIP messages from this endpoint, the Contact header or an
appropriate Record-Route header will be changed to have the source IP
address and port. This option does not affect outbound messages sent to
this endpoint. This option helps servers communicate with endpoints
that are behind NATs. This option also helps reuse reliable transport
connections such as TCP and TLS.
</para></description>
</configOption>
<configOption name="rtp_ipv6" default="no">
<synopsis>Allow use of IPv6 for RTP traffic</synopsis>
</configOption>
<configOption name="rtp_symmetric" default="no">
<synopsis>Enforce that RTP must be symmetric</synopsis>
</configOption>
<configOption name="send_diversion" default="yes">
<synopsis>Send the Diversion header, conveying the diversion
information to the called user agent</synopsis>
</configOption>
<configOption name="send_history_info" default="no">
<synopsis>Send the History-Info header, conveying the diversion
information to the called and calling user agents</synopsis>
</configOption>
<configOption name="send_pai" default="no">
<synopsis>Send the P-Asserted-Identity header</synopsis>
</configOption>
<configOption name="send_rpid" default="no">
<synopsis>Send the Remote-Party-ID header</synopsis>
</configOption>
<configOption name="rpid_immediate" default="no">
<synopsis>Immediately send connected line updates on unanswered incoming calls.</synopsis>
<description>
<para>When enabled, immediately send <emphasis>180 Ringing</emphasis>
or <emphasis>183 Progress</emphasis> response messages to the
caller if the connected line information is updated before
the call is answered. This can send a <emphasis>180 Ringing</emphasis>
response before the call has even reached the far end. The
caller can start hearing ringback before the far end even gets
the call. Many phones tend to grab the first connected line
information and refuse to update the display if it changes. The
first information is not likely to be correct if the call
goes to an endpoint not under the control of this Asterisk
box.</para>
<para>When disabled, a connected line update must wait for
another reason to send a message with the connected line
information to the caller before the call is answered. You can
trigger the sending of the information by using an appropriate
dialplan application such as <emphasis>Ringing</emphasis>.</para>
</description>
</configOption>
<configOption name="timers_min_se" default="90">
<synopsis>Minimum session timers expiration period</synopsis>
<description><para>
Minimum session timer expiration period. Time in seconds.
</para></description>
</configOption>
<configOption name="timers" default="yes">
<synopsis>Session timers for SIP packets</synopsis>
<description>
<enumlist>
<enum name="no" />
<enum name="yes" />
<enum name="required" />
<enum name="always" />
<enum name="forced"><para>Alias of always</para></enum>
</enumlist>
</description>
</configOption>
<configOption name="timers_sess_expires" default="1800">
<synopsis>Maximum session timer expiration period</synopsis>
<description><para>
Maximum session timer expiration period. Time in seconds.
</para></description>
</configOption>
<configOption name="transport">
<synopsis>Explicit transport configuration to use</synopsis>
<description>
<para>This will <emphasis>force</emphasis> the endpoint to use the
specified transport configuration to send SIP messages. You need
to already know what kind of transport (UDP/TCP/IPv4/etc) the
endpoint device will use.
</para>
<note><para>Not specifying a transport will select the first
configured transport in <filename>pjsip.conf</filename> which is
compatible with the URI we are trying to contact.
</para></note>
<warning><para>Transport configuration is not affected by reloads. In order to
change transports, a full Asterisk restart is required</para></warning>
</description>
</configOption>
<configOption name="trust_id_inbound" default="no">
<synopsis>Accept identification information received from this endpoint</synopsis>
<description><para>This option determines whether Asterisk will accept
identification from the endpoint from headers such as P-Asserted-Identity
or Remote-Party-ID header. This option applies both to calls originating from the
endpoint and calls originating from Asterisk. If <literal>no</literal>, the
configured Caller-ID from pjsip.conf will always be used as the identity for
the endpoint.</para></description>
</configOption>
<configOption name="trust_id_outbound" default="no">
<synopsis>Send private identification details to the endpoint.</synopsis>
<description><para>This option determines whether res_pjsip will send private
identification information to the endpoint. If <literal>no</literal>,
private Caller-ID information will not be forwarded to the endpoint.
"Private" in this case refers to any method of restricting identification.
Example: setting <replaceable>callerid_privacy</replaceable> to any
<literal>prohib</literal> variation.
Example: If <replaceable>trust_id_inbound</replaceable> is set to
<literal>yes</literal>, the presence of a <literal>Privacy: id</literal>
header in a SIP request or response would indicate the identification
provided in the request is private.</para></description>
</configOption>
<configOption name="type">
<synopsis>Must be of type 'endpoint'.</synopsis>
</configOption>
<configOption name="use_ptime" default="no">
<synopsis>Use Endpoint's requested packetization interval</synopsis>
</configOption>
<configOption name="use_avpf" default="no">
<synopsis>Determines whether res_pjsip will use and enforce usage of AVPF for this
endpoint.</synopsis>
<description><para>
If set to <literal>yes</literal>, res_pjsip will use the AVPF or SAVPF RTP
profile for all media offers on outbound calls and media updates and will
decline media offers not using the AVPF or SAVPF profile.
</para><para>
If set to <literal>no</literal>, res_pjsip will use the AVP or SAVP RTP
profile for all media offers on outbound calls and media updates, and will
decline media offers not using the AVP or SAVP profile.
</para></description>
</configOption>
<configOption name="force_avp" default="no">
<synopsis>Determines whether res_pjsip will use and enforce usage of AVP,
regardless of the RTP profile in use for this endpoint.</synopsis>
<description><para>
If set to <literal>yes</literal>, res_pjsip will use the AVP, AVPF, SAVP, or
SAVPF RTP profile for all media offers on outbound calls and media updates including
those for DTLS-SRTP streams.
</para><para>
If set to <literal>no</literal>, res_pjsip will use the respective RTP profile
depending on configuration.
</para></description>
</configOption>
<configOption name="media_use_received_transport" default="no">
<synopsis>Determines whether res_pjsip will use the media transport received in the
offer SDP in the corresponding answer SDP.</synopsis>
<description><para>
If set to <literal>yes</literal>, res_pjsip will use the received media transport.
</para><para>
If set to <literal>no</literal>, res_pjsip will use the respective RTP profile
depending on configuration.
</para></description>
</configOption>
<configOption name="media_encryption" default="no">
<synopsis>Determines whether res_pjsip will use and enforce usage of media encryption
for this endpoint.</synopsis>
<description>
<enumlist>
<enum name="no"><para>
res_pjsip will offer no encryption and allow no encryption to be setup.
</para></enum>
<enum name="sdes"><para>
res_pjsip will offer standard SRTP setup via in-SDP keys. Encrypted SIP
transport should be used in conjunction with this option to prevent
exposure of media encryption keys.
</para></enum>
<enum name="dtls"><para>
res_pjsip will offer DTLS-SRTP setup.
</para></enum>
</enumlist>
</description>
</configOption>
<configOption name="media_encryption_optimistic" default="no">
<synopsis>Determines whether encryption should be used if possible but does not terminate the
session if not achieved.</synopsis>
<description><para>
This option only applies if <replaceable>media_encryption</replaceable> is
set to <literal>sdes</literal> or <literal>dtls</literal>.
</para></description>
</configOption>
<configOption name="g726_non_standard" default="no">
<synopsis>Force g.726 to use AAL2 packing order when negotiating g.726 audio</synopsis>
<description><para>
When set to "yes" and an endpoint negotiates g.726 audio then use g.726 for AAL2
packing order instead of what is recommended by RFC3551. Since this essentially
replaces the underlying 'g726' codec with 'g726aal2' then 'g726aal2' needs to be
specified in the endpoint's allowed codec list.
</para></description>
</configOption>
<configOption name="inband_progress" default="no">
<synopsis>Determines whether chan_pjsip will indicate ringing using inband
progress.</synopsis>
<description><para>
If set to <literal>yes</literal>, chan_pjsip will send a 183 Session Progress
when told to indicate ringing and will immediately start sending ringing
as audio.
</para><para>
If set to <literal>no</literal>, chan_pjsip will send a 180 Ringing when told
to indicate ringing and will NOT send it as audio.
</para></description>
</configOption>
<configOption name="call_group">
<synopsis>The numeric pickup groups for a channel.</synopsis>
<description><para>
Can be set to a comma separated list of numbers or ranges between the values
of 0-63 (maximum of 64 groups).
</para></description>
</configOption>
<configOption name="pickup_group">
<synopsis>The numeric pickup groups that a channel can pickup.</synopsis>
<description><para>
Can be set to a comma separated list of numbers or ranges between the values
of 0-63 (maximum of 64 groups).
</para></description>
</configOption>
<configOption name="named_call_group">
<synopsis>The named pickup groups for a channel.</synopsis>
<description><para>
Can be set to a comma separated list of case sensitive strings limited by
supported line length.
</para></description>
</configOption>
<configOption name="named_pickup_group">
<synopsis>The named pickup groups that a channel can pickup.</synopsis>
<description><para>
Can be set to a comma separated list of case sensitive strings limited by
supported line length.
</para></description>
</configOption>
<configOption name="device_state_busy_at" default="0">
<synopsis>The number of in-use channels which will cause busy to be returned as device state</synopsis>
<description><para>
When the number of in-use channels for the endpoint matches the devicestate_busy_at setting the
PJSIP channel driver will return busy as the device state instead of in use.
</para></description>
</configOption>
<configOption name="t38_udptl" default="no">
<synopsis>Whether T.38 UDPTL support is enabled or not</synopsis>
<description><para>
If set to yes T.38 UDPTL support will be enabled, and T.38 negotiation requests will be accepted
and relayed.
</para></description>
</configOption>
<configOption name="t38_udptl_ec" default="none">
<synopsis>T.38 UDPTL error correction method</synopsis>
<description>
<enumlist>
<enum name="none"><para>
No error correction should be used.
</para></enum>
<enum name="fec"><para>
Forward error correction should be used.
</para></enum>
<enum name="redundancy"><para>
Redundancy error correction should be used.
</para></enum>
</enumlist>
</description>
</configOption>
<configOption name="t38_udptl_maxdatagram" default="0">
<synopsis>T.38 UDPTL maximum datagram size</synopsis>
<description><para>
This option can be set to override the maximum datagram of a remote endpoint for broken
endpoints.
</para></description>
</configOption>
<configOption name="fax_detect" default="no">
<synopsis>Whether CNG tone detection is enabled</synopsis>
<description><para>
This option can be set to send the session to the fax extension when a CNG tone is
detected.
</para></description>
</configOption>
<configOption name="fax_detect_timeout">
<synopsis>How long into a call before fax_detect is disabled for the call</synopsis>
<description><para>
The option determines how many seconds into a call before the
fax_detect option is disabled for the call. Setting the value
to zero disables the timeout.
</para></description>
</configOption>
<configOption name="t38_udptl_nat" default="no">
<synopsis>Whether NAT support is enabled on UDPTL sessions</synopsis>
<description><para>
When enabled the UDPTL stack will send UDPTL packets to the source address of
received packets.
</para></description>
</configOption>
<configOption name="t38_udptl_ipv6" default="no">
<synopsis>Whether IPv6 is used for UDPTL Sessions</synopsis>
<description><para>
When enabled the UDPTL stack will use IPv6.
</para></description>
</configOption>
<configOption name="t38_bind_udptl_to_media_address" default="no">
<synopsis>Bind the UDPTL instance to the media_adress</synopsis>
<description><para>
If media_address is specified, this option causes the UDPTL instance to be bound to
the specified ip address which causes the packets to be sent from that address.
</para></description>
</configOption>
<configOption name="tone_zone">
<synopsis>Set which country's indications to use for channels created for this endpoint.</synopsis>
</configOption>
<configOption name="language">
<synopsis>Set the default language to use for channels created for this endpoint.</synopsis>
</configOption>
<configOption name="one_touch_recording" default="no">
<synopsis>Determines whether one-touch recording is allowed for this endpoint.</synopsis>
<see-also>
<ref type="configOption">record_on_feature</ref>
<ref type="configOption">record_off_feature</ref>
</see-also>
</configOption>
<configOption name="record_on_feature" default="automixmon">
<synopsis>The feature to enact when one-touch recording is turned on.</synopsis>
<description>
<para>When an INFO request for one-touch recording arrives with a Record header set to "on", this
feature will be enabled for the channel. The feature designated here can be any built-in
or dynamic feature defined in features.conf.</para>
<note><para>This setting has no effect if the endpoint's one_touch_recording option is disabled</para></note>
</description>
<see-also>
<ref type="configOption">one_touch_recording</ref>
<ref type="configOption">record_off_feature</ref>
</see-also>
</configOption>
<configOption name="record_off_feature" default="automixmon">
<synopsis>The feature to enact when one-touch recording is turned off.</synopsis>
<description>
<para>When an INFO request for one-touch recording arrives with a Record header set to "off", this
feature will be enabled for the channel. The feature designated here can be any built-in
or dynamic feature defined in features.conf.</para>
<note><para>This setting has no effect if the endpoint's one_touch_recording option is disabled</para></note>
</description>
<see-also>
<ref type="configOption">one_touch_recording</ref>
<ref type="configOption">record_on_feature</ref>
</see-also>
</configOption>
<configOption name="rtp_engine" default="asterisk">
<synopsis>Name of the RTP engine to use for channels created for this endpoint</synopsis>
</configOption>
<configOption name="allow_transfer" default="yes">
<synopsis>Determines whether SIP REFER transfers are allowed for this endpoint</synopsis>
</configOption>
<configOption name="user_eq_phone" default="no">
<synopsis>Determines whether a user=phone parameter is placed into the request URI if the user is determined to be a phone number</synopsis>
</configOption>
<configOption name="moh_passthrough" default="no">
<synopsis>Determines whether hold and unhold will be passed through using re-INVITEs with recvonly and sendrecv to the remote side</synopsis>
</configOption>
<configOption name="sdp_owner" default="-">
<synopsis>String placed as the username portion of an SDP origin (o=) line.</synopsis>
</configOption>
<configOption name="sdp_session" default="Asterisk">
<synopsis>String used for the SDP session (s=) line.</synopsis>
</configOption>
<configOption name="tos_audio">
<synopsis>DSCP TOS bits for audio streams</synopsis>
<description><para>
See https://wiki.asterisk.org/wiki/display/AST/IP+Quality+of+Service for more information about QoS settings
</para></description>
</configOption>
<configOption name="tos_video">
<synopsis>DSCP TOS bits for video streams</synopsis>
<description><para>
See https://wiki.asterisk.org/wiki/display/AST/IP+Quality+of+Service for more information about QoS settings
</para></description>
</configOption>
<configOption name="cos_audio">
<synopsis>Priority for audio streams</synopsis>
<description><para>
See https://wiki.asterisk.org/wiki/display/AST/IP+Quality+of+Service for more information about QoS settings
</para></description>
</configOption>
<configOption name="cos_video">
<synopsis>Priority for video streams</synopsis>
<description><para>
See https://wiki.asterisk.org/wiki/display/AST/IP+Quality+of+Service for more information about QoS settings
</para></description>
</configOption>
<configOption name="allow_subscribe" default="yes">
<synopsis>Determines if endpoint is allowed to initiate subscriptions with Asterisk.</synopsis>
</configOption>
<configOption name="sub_min_expiry" default="60">
<synopsis>The minimum allowed expiry time for subscriptions initiated by the endpoint.</synopsis>
</configOption>
<configOption name="from_user">
<synopsis>Username to use in From header for requests to this endpoint.</synopsis>
</configOption>
<configOption name="mwi_from_user">
<synopsis>Username to use in From header for unsolicited MWI NOTIFYs to this endpoint.</synopsis>
</configOption>
<configOption name="from_domain">
<synopsis>Domain to user in From header for requests to this endpoint.</synopsis>
</configOption>
<configOption name="dtls_verify">
<synopsis>Verify that the provided peer certificate is valid</synopsis>
<description><para>
This option only applies if <replaceable>media_encryption</replaceable> is
set to <literal>dtls</literal>.
</para><para>
It can be one of the following values:
</para><enumlist>
<enum name="no"><para>
meaning no verification is done.
</para></enum>
<enum name="fingerprint"><para>
meaning to verify the remote fingerprint.
</para></enum>
<enum name="certificate"><para>
meaning to verify the remote certificate.
</para></enum>
<enum name="yes"><para>
meaning to verify both the remote fingerprint and certificate.
</para></enum>
</enumlist>
</description>
</configOption>
<configOption name="dtls_rekey">
<synopsis>Interval at which to renegotiate the TLS session and rekey the SRTP session</synopsis>
<description><para>
This option only applies if <replaceable>media_encryption</replaceable> is
set to <literal>dtls</literal>.
</para><para>
If this is not set or the value provided is 0 rekeying will be disabled.
</para></description>
</configOption>
<configOption name="dtls_auto_generate_cert" default="no">
<synopsis>Whether or not to automatically generate an ephemeral X.509 certificate</synopsis>
<description>
<para>
If enabled, Asterisk will generate an X.509 certificate for each DTLS session.
This option only applies if <replaceable>media_encryption</replaceable> is set
to <literal>dtls</literal>. This option will be automatically enabled if
<literal>webrtc</literal> is enabled and <literal>dtls_cert_file</literal> is
not specified.
</para>
</description>
</configOption>
<configOption name="dtls_cert_file">
<synopsis>Path to certificate file to present to peer</synopsis>
<description><para>
This option only applies if <replaceable>media_encryption</replaceable> is
set to <literal>dtls</literal>.
</para></description>
</configOption>
<configOption name="dtls_private_key">
<synopsis>Path to private key for certificate file</synopsis>
<description><para>
This option only applies if <replaceable>media_encryption</replaceable> is
set to <literal>dtls</literal>.
</para></description>
</configOption>
<configOption name="dtls_cipher">
<synopsis>Cipher to use for DTLS negotiation</synopsis>
<description><para>
This option only applies if <replaceable>media_encryption</replaceable> is
set to <literal>dtls</literal>.
</para>
<para>Many options for acceptable ciphers. See link for more:</para>
<para>http://www.openssl.org/docs/apps/ciphers.html#CIPHER_STRINGS
</para></description>
</configOption>
<configOption name="dtls_ca_file">
<synopsis>Path to certificate authority certificate</synopsis>
<description><para>
This option only applies if <replaceable>media_encryption</replaceable> is
set to <literal>dtls</literal>.
</para></description>
</configOption>
<configOption name="dtls_ca_path">
<synopsis>Path to a directory containing certificate authority certificates</synopsis>
<description><para>
This option only applies if <replaceable>media_encryption</replaceable> is
set to <literal>dtls</literal>.
</para></description>
</configOption>
<configOption name="dtls_setup">
<synopsis>Whether we are willing to accept connections, connect to the other party, or both.</synopsis>
<description>
<para>
This option only applies if <replaceable>media_encryption</replaceable> is
set to <literal>dtls</literal>.
</para>
<enumlist>
<enum name="active"><para>
res_pjsip will make a connection to the peer.
</para></enum>
<enum name="passive"><para>
res_pjsip will accept connections from the peer.
</para></enum>
<enum name="actpass"><para>
res_pjsip will offer and accept connections from the peer.
</para></enum>
</enumlist>
</description>
</configOption>
<configOption name="dtls_fingerprint">
<synopsis>Type of hash to use for the DTLS fingerprint in the SDP.</synopsis>
<description>
<para>
This option only applies if <replaceable>media_encryption</replaceable> is
set to <literal>dtls</literal>.
</para>
<enumlist>
<enum name="SHA-256"></enum>
<enum name="SHA-1"></enum>
</enumlist>
</description>
</configOption>
<configOption name="srtp_tag_32">
<synopsis>Determines whether 32 byte tags should be used instead of 80 byte tags.</synopsis>
<description><para>
This option only applies if <replaceable>media_encryption</replaceable> is
set to <literal>sdes</literal> or <literal>dtls</literal>.
</para></description>
</configOption>
<configOption name="set_var">
<synopsis>Variable set on a channel involving the endpoint.</synopsis>
<description><para>
When a new channel is created using the endpoint set the specified
variable(s) on that channel. For multiple channel variables specify
multiple 'set_var'(s).
</para></description>
</configOption>
<configOption name="message_context">
<synopsis>Context to route incoming MESSAGE requests to.</synopsis>
<description><para>
If specified, incoming MESSAGE requests will be routed to the indicated
dialplan context. If no <replaceable>message_context</replaceable> is
specified, then the <replaceable>context</replaceable> setting is used.
</para></description>
</configOption>
<configOption name="accountcode">
<synopsis>An accountcode to set automatically on any channels created for this endpoint.</synopsis>
<description><para>
If specified, any channel created for this endpoint will automatically
have this accountcode set on it.
</para></description>
</configOption>
<configOption name="preferred_codec_only" default="no">
<synopsis>Respond to a SIP invite with the single most preferred codec (DEPRECATED)</synopsis>
<description><para>Respond to a SIP invite with the single most preferred codec
rather than advertising all joint codec capabilities. This limits the other side's codec
choice to exactly what we prefer.</para>
<warning><para>This option has been deprecated in favor of
<literal>incoming_call_offer_pref</literal>. Setting both options is unsupported.</para>
</warning>
</description>
<see-also>
<ref type="configOption">incoming_call_offer_pref</ref>
</see-also>
</configOption>
<configOption name="incoming_call_offer_pref" default="local">
<synopsis>Preferences for selecting codecs for an incoming call.</synopsis>
<description>
<para>Based on this setting, a joint list of preferred codecs between those
received in an incoming SDP offer (remote), and those specified in the
endpoint's "allow" parameter (local) es created and is passed to the Asterisk
core. </para>
<note><para>This list will consist of only those codecs found in both lists.</para></note>
<enumlist>
<enum name="local"><para>
Include all codecs in the local list that are also in the remote list
preserving the local order. (default).
</para></enum>
<enum name="local_first"><para>
Include only the first codec in the local list that is also in the remote list.
</para></enum>
<enum name="remote"><para>
Include all codecs in the remote list that are also in the local list
preserving the remote order.
</para></enum>
<enum name="remote_first"><para>
Include only the first codec in the remote list that is also in the local list.
</para></enum>
</enumlist>
</description>
</configOption>
<configOption name="outgoing_call_offer_pref" default="remote_merge">
<synopsis>Preferences for selecting codecs for an outgoing call.</synopsis>
<description>
<para>Based on this setting, a joint list of preferred codecs between
those received from the Asterisk core (remote), and those specified in
the endpoint's "allow" parameter (local) is created and is used to create
the outgoing SDP offer.</para>
<enumlist>
<enum name="local"><para>
Include all codecs in the local list that are also in the remote list
preserving the local order.
</para></enum>
<enum name="local_merge"><para>
Include all codecs in the local list preserving the local order.
</para></enum>
<enum name="local_first"><para>
Include only the first codec in the local list.
</para></enum>
<enum name="remote"><para>
Include all codecs in the remote list that are also in the local list
preserving the remote order.
</para></enum>
<enum name="remote_merge"><para>
Include all codecs in the local list preserving the remote order. (default)
</para></enum>
<enum name="remote_first"><para>
Include only the first codec in the remote list that is also in the local list.
</para></enum>
</enumlist>
</description>
</configOption>
<configOption name="rtp_keepalive">
<synopsis>Number of seconds between RTP comfort noise keepalive packets.</synopsis>
<description><para>
At the specified interval, Asterisk will send an RTP comfort noise frame. This may
be useful for situations where Asterisk is behind a NAT or firewall and must keep
a hole open in order to allow for media to arrive at Asterisk.
</para></description>
</configOption>
<configOption name="rtp_timeout" default="0">
<synopsis>Maximum number of seconds without receiving RTP (while off hold) before terminating call.</synopsis>
<description><para>
This option configures the number of seconds without RTP (while off hold) before
considering a channel as dead. When the number of seconds is reached the underlying
channel is hung up. By default this option is set to 0, which means do not check.
</para></description>
</configOption>
<configOption name="rtp_timeout_hold" default="0">
<synopsis>Maximum number of seconds without receiving RTP (while on hold) before terminating call.</synopsis>
<description><para>
This option configures the number of seconds without RTP (while on hold) before
considering a channel as dead. When the number of seconds is reached the underlying
channel is hung up. By default this option is set to 0, which means do not check.
</para></description>
</configOption>
<configOption name="acl">
<synopsis>List of IP ACL section names in acl.conf</synopsis>
<description><para>
This matches sections configured in <literal>acl.conf</literal>. The value is
defined as a list of comma-delimited section names.
</para></description>
</configOption>
<configOption name="deny">
<synopsis>List of IP addresses to deny access from</synopsis>
<description><para>
The value is a comma-delimited list of IP addresses. IP addresses may
have a subnet mask appended. The subnet mask may be written in either
CIDR or dotted-decimal notation. Separate the IP address and subnet
mask with a slash ('/')
</para></description>
</configOption>
<configOption name="permit">
<synopsis>List of IP addresses to permit access from</synopsis>
<description><para>
The value is a comma-delimited list of IP addresses. IP addresses may
have a subnet mask appended. The subnet mask may be written in either
CIDR or dotted-decimal notation. Separate the IP address and subnet
mask with a slash ('/')
</para></description>
</configOption>
<configOption name="contact_acl">
<synopsis>List of Contact ACL section names in acl.conf</synopsis>
<description><para>
This matches sections configured in <literal>acl.conf</literal>. The value is
defined as a list of comma-delimited section names.
</para></description>
</configOption>
<configOption name="contact_deny">
<synopsis>List of Contact header addresses to deny</synopsis>
<description><para>
The value is a comma-delimited list of IP addresses. IP addresses may
have a subnet mask appended. The subnet mask may be written in either
CIDR or dotted-decimal notation. Separate the IP address and subnet
mask with a slash ('/')
</para></description>
</configOption>
<configOption name="contact_permit">
<synopsis>List of Contact header addresses to permit</synopsis>
<description><para>
The value is a comma-delimited list of IP addresses. IP addresses may
have a subnet mask appended. The subnet mask may be written in either
CIDR or dotted-decimal notation. Separate the IP address and subnet
mask with a slash ('/')
</para></description>
</configOption>
<configOption name="subscribe_context">
<synopsis>Context for incoming MESSAGE requests.</synopsis>
<description><para>
If specified, incoming SUBSCRIBE requests will be searched for the matching
extension in the indicated context.
If no <replaceable>subscribe_context</replaceable> is specified,
then the <replaceable>context</replaceable> setting is used.
</para></description>
</configOption>
<configOption name="contact_user" default="">
<synopsis>Force the user on the outgoing Contact header to this value.</synopsis>
<description><para>
On outbound requests, force the user portion of the Contact header to this value.
</para></description>
</configOption>
<configOption name="asymmetric_rtp_codec" default="no">
<synopsis>Allow the sending and receiving RTP codec to differ</synopsis>
<description><para>
When set to "yes" the codec in use for sending will be allowed to differ from
that of the received one. PJSIP will not automatically switch the sending one
to the receiving one.
</para></description>
</configOption>
<configOption name="rtcp_mux" default="no">
<synopsis>Enable RFC 5761 RTCP multiplexing on the RTP port</synopsis>
<description><para>
With this option enabled, Asterisk will attempt to negotiate the use of the "rtcp-mux"
attribute on all media streams. This will result in RTP and RTCP being sent and received
on the same port. This shifts the demultiplexing logic to the application rather than
the transport layer. This option is useful when interoperating with WebRTC endpoints
since they mandate this option's use.
</para></description>
</configOption>
<configOption name="refer_blind_progress" default="yes">
<synopsis>Whether to notifies all the progress details on blind transfer</synopsis>
<description><para>
Some SIP phones (Mitel/Aastra, Snom) expect a sip/frag "200 OK"
after REFER has been accepted. If set to <literal>no</literal> then asterisk
will not send the progress details, but immediately will send "200 OK".
</para></description>
</configOption>
<configOption name="notify_early_inuse_ringing" default="no">
<synopsis>Whether to notifies dialog-info 'early' on InUse&amp;Ringing state</synopsis>
<description><para>
Control whether dialog-info subscriptions get 'early' state
on Ringing when already INUSE.
</para></description>
</configOption>
<configOption name="max_audio_streams" default="1">
<synopsis>The maximum number of allowed audio streams for the endpoint</synopsis>
<description><para>
This option enforces a limit on the maximum simultaneous negotiated audio
streams allowed for the endpoint.
</para></description>
</configOption>
<configOption name="max_video_streams" default="1">
<synopsis>The maximum number of allowed video streams for the endpoint</synopsis>
<description><para>
This option enforces a limit on the maximum simultaneous negotiated video
streams allowed for the endpoint.
</para></description>
</configOption>
<configOption name="bundle" default="no">
<synopsis>Enable RTP bundling</synopsis>
<description><para>
With this option enabled, Asterisk will attempt to negotiate the use of bundle.
If negotiated this will result in multiple RTP streams being carried over the same
underlying transport. Note that enabling bundle will also enable the rtcp_mux option.
</para></description>
</configOption>
<configOption name="webrtc" default="no">
<synopsis>Defaults and enables some options that are relevant to WebRTC</synopsis>
<description><para>
When set to "yes" this also enables the following values that are needed in
order for basic WebRTC support to work: rtcp_mux, use_avpf, ice_support, and
use_received_transport. The following configuration settings also get defaulted
as follows:</para>
<para>media_encryption=dtls</para>
<para>dtls_auto_generate_cert=yes (if dtls_cert_file is not set)</para>
<para>dtls_verify=fingerprint</para>
<para>dtls_setup=actpass</para>
</description>
</configOption>
<configOption name="incoming_mwi_mailbox">
<synopsis>Mailbox name to use when incoming MWI NOTIFYs are received</synopsis>
<description><para>
If an MWI NOTIFY is received <emphasis>from</emphasis> this endpoint,
this mailbox will be used when notifying other modules of MWI status
changes. If not set, incoming MWI NOTIFYs are ignored.
</para></description>
</configOption>
<configOption name="follow_early_media_fork">
<synopsis>Follow SDP forked media when To tag is different</synopsis>
<description><para>
On outgoing calls, if the UAS responds with different SDP attributes
on subsequent 18X or 2XX responses (such as a port update) AND the
To tag on the subsequent response is different than that on the previous
one, follow it. This usually happens when the INVITE is forked to multiple
UASs and more than one sends an SDP answer.
</para>
<note><para>
This option must also be enabled in the <literal>system</literal>
section for it to take effect here.
</para></note>
</description>
</configOption>
<configOption name="accept_multiple_sdp_answers" default="no">
<synopsis>Accept multiple SDP answers on non-100rel responses</synopsis>
<description><para>
On outgoing calls, if the UAS responds with different SDP attributes
on non-100rel 18X or 2XX responses (such as a port update) AND the
To tag on the subsequent response is the same as that on the previous one,
process the updated SDP. This can happen when the UAS needs to change ports
for some reason such as using a separate port for custom ringback.
</para>
<note><para>
This option must also be enabled in the <literal>system</literal>
section for it to take effect here.
</para></note>
</description>
</configOption>
<configOption name="suppress_q850_reason_headers" default="no">
<synopsis>Suppress Q.850 Reason headers for this endpoint</synopsis>
<description><para>
Some devices can't accept multiple Reason headers and get confused
when both 'SIP' and 'Q.850' Reason headers are received. This
option allows the 'Q.850' Reason header to be suppressed.</para>
</description>
</configOption>
<configOption name="ignore_183_without_sdp" default="no">
<synopsis>Do not forward 183 when it doesn't contain SDP</synopsis>
<description><para>
Certain SS7 internetworking scenarios can result in a 183
to be generated for reasons other than early media. Forwarding
this 183 can cause loss of ringback tone. This flag emulates
the behavior of chan_sip and prevents these 183 responses from
being forwarded.</para>
</description>
</configOption>
<configOption name="stir_shaken" default="no">
<synopsis>Enable STIR/SHAKEN support on this endpoint</synopsis>
<description><para>
Enable STIR/SHAKEN support on this endpoint. On incoming INVITEs,
the Identity header will be checked for validity. On outgoing
INVITEs, an Identity header will be added.</para>
</description>
</configOption>
<configOption name="stir_shaken_profile" default="">
<synopsis>STIR/SHAKEN profile containing additional configuration options</synopsis>
<description><para>
A STIR/SHAKEN profile that is defined in stir_shaken.conf. Contains
several options and rules used for STIR/SHAKEN.</para>
</description>
</configOption>
<configOption name="allow_unauthenticated_options" default="no">
<synopsis>Skip authentication when receiving OPTIONS requests</synopsis>
<description><para>
RFC 3261 says that the response to an OPTIONS request MUST be the
same had the request been an INVITE. Some UAs use OPTIONS requests
like a 'ping' and the expectation is that they will return a
200 OK.</para>
<para>Enabling <literal>allow_unauthenticated_options</literal>
will skip authentication of OPTIONS requests for the given
endpoint.</para>
<para>There are security implications to enabling this setting as
it can allow information disclosure to occur - specifically, if
enabled, an external party could enumerate and find the endpoint
name by sending OPTIONS requests and examining the
responses.</para>
</description>
</configOption>
<configOption name="geoloc_incoming_call_profile" default="">
<synopsis>Geolocation profile to apply to incoming calls</synopsis>
<description><para>
This geolocation profile will be applied to all calls received
by the channel driver from the remote endpoint before they're
forwarded to the dialplan.
</para>
</description>
</configOption>
<configOption name="geoloc_outgoing_call_profile" default="">
<synopsis>Geolocation profile to apply to outgoing calls</synopsis>
<description><para>
This geolocation profile will be applied to all calls received
by the channel driver from the dialplan before they're forwarded
the remote endpoint.
</para>
</description>
</configOption>
</configObject>
<configObject name="auth">
<synopsis>Authentication type</synopsis>
<description><para>
Authentication objects hold the authentication information for use
by other objects such as <literal>endpoints</literal> or <literal>registrations</literal>.
This also allows for multiple objects to use a single auth object. See
the <literal>auth_type</literal> config option for password style choices.
</para></description>
<configOption name="auth_type" default="userpass">
<synopsis>Authentication type</synopsis>
<description><para>
This option specifies which of the password style config options should be read
when trying to authenticate an endpoint inbound request. If set to <literal>userpass</literal>
then we'll read from the 'password' option. For <literal>md5</literal> we'll read
from 'md5_cred'. If set to <literal>google_oauth</literal> then we'll read from the
refresh_token/oauth_clientid/oauth_secret fields. The following values are valid:
</para>
<enumlist>
<enum name="md5"/>
<enum name="userpass"/>
<enum name="google_oauth"/>
</enumlist>
<para>
</para>
<note>
<para>
This setting only describes whether the password is in
plain text or has been pre-hashed with MD5. It doesn't describe
the acceptable digest algorithms we'll accept in a received
challenge.
</para>
</note>
</description>
</configOption>
<configOption name="nonce_lifetime" default="32">
<synopsis>Lifetime of a nonce associated with this authentication config.</synopsis>
</configOption>
<configOption name="md5_cred" default="">
<synopsis>MD5 Hash used for authentication.</synopsis>
<description><para>
Only used when auth_type is <literal>md5</literal>.
As an alternative to specifying a plain text password,
you can hash the username, realm and password
together one time and place the hash value here.
The input to the hash function must be in the
following format:
</para>
<para>
</para>
<para>
&lt;username&gt;:&lt;realm&gt;:&lt;password&gt;
</para>
<para>
</para>
<para>
For incoming authentication (asterisk is the server),
the realm must match either the realm set in this object
or the <variable>default_realm</variable> set in in the
<replaceable>global</replaceable> object.
</para>
<para>
</para>
<para>
For outgoing authentication (asterisk is the UAC),
the realm must match what the server will be sending
in their WWW-Authenticate header. It can't be blank
unless you expect the server to be sending a blank
realm in the header. You can't use pre-hashed
passwords with a wildcard auth object.
You can generate the hash with the following shell
command:
</para>
<para>
</para>
<para>
$ echo -n "myname:myrealm:mypassword" | md5sum
</para>
<para>
</para>
<para>
Note the '-n'. You don't want a newline to be part
of the hash.
</para></description>
</configOption>
<configOption name="password">
<synopsis>Plain text password used for authentication.</synopsis>
<description><para>Only used when auth_type is <literal>userpass</literal>.</para></description>
</configOption>
<configOption name="refresh_token">
<synopsis>OAuth 2.0 refresh token</synopsis>
</configOption>
<configOption name="oauth_clientid">
<synopsis>OAuth 2.0 application's client id</synopsis>
</configOption>
<configOption name="oauth_secret">
<synopsis>OAuth 2.0 application's secret</synopsis>
</configOption>
<configOption name="realm" default="">
<synopsis>SIP realm for endpoint</synopsis>
<description><para>
For incoming authentication (asterisk is the UAS),
this is the realm to be sent on WWW-Authenticate
headers. If not specified, the <replaceable>global</replaceable>
object's <variable>default_realm</variable> will be used.
</para>
<para>
</para>
<para>
For outgoing authentication (asterisk is the UAC), this
must either be the realm the server is expected to send,
or left blank or contain a single '*' to automatically
use the realm sent by the server. If you have multiple
auth objects for an endpoint, the realm is also used to
match the auth object to the realm the server sent.
</para>
<para>
</para>
<note>
<para>
Using the same auth section for inbound and outbound
authentication is not recommended. There is a difference in
meaning for an empty realm setting between inbound and outbound
authentication uses.
</para>
</note>
<para>
</para>
<note>
<para>
If more than one auth object with the same realm or
more than one wildcard auth object associated to
an endpoint, we can only use the first one of
each defined on the endpoint.
</para>
</note>
</description>
</configOption>
<configOption name="type">
<synopsis>Must be 'auth'</synopsis>
</configOption>
<configOption name="username">
<synopsis>Username to use for account</synopsis>
</configOption>
</configObject>
<configObject name="domain_alias">
<synopsis>Domain Alias</synopsis>
<description><para>
Signifies that a domain is an alias. If the domain on a session is
not found to match an AoR then this object is used to see if we have
an alias for the AoR to which the endpoint is binding. This objects
name as defined in configuration should be the domain alias and a
config option is provided to specify the domain to be aliased.
</para></description>
<configOption name="type">
<synopsis>Must be of type 'domain_alias'.</synopsis>
</configOption>
<configOption name="domain">
<synopsis>Domain to be aliased</synopsis>
</configOption>
</configObject>
<configObject name="transport">
<synopsis>SIP Transport</synopsis>
<description><para>
<emphasis>Transports</emphasis>
</para>
<para>There are different transports and protocol derivatives
supported by <literal>res_pjsip</literal>. They are in order of
preference: UDP, TCP, and WebSocket (WS).</para>
<note><para>Changes to transport configuration in pjsip.conf will only be
effected on a complete restart of Asterisk. A module reload
will not suffice.</para></note>
</description>
<configOption name="async_operations" default="1">
<synopsis>Number of simultaneous Asynchronous Operations, can no longer be set, always set to 1</synopsis>
</configOption>
<configOption name="bind">
<synopsis>IP Address and optional port to bind to for this transport</synopsis>
</configOption>
<configOption name="ca_list_file">
<synopsis>File containing a list of certificates to read (TLS ONLY, not WSS)</synopsis>
</configOption>
<configOption name="ca_list_path">
<synopsis>Path to directory containing a list of certificates to read (TLS ONLY, not WSS)</synopsis>
</configOption>
<configOption name="cert_file">
<synopsis>Certificate file for endpoint (TLS ONLY, not WSS)</synopsis>
<description><para>
A path to a .crt or .pem file can be provided. However, only
the certificate is read from the file, not the private key.
The <literal>priv_key_file</literal> option must supply a
matching key file. The certificate file can be reloaded if
the filename in configuration remains unchanged.
</para></description>
</configOption>
<configOption name="cipher">
<synopsis>Preferred cryptography cipher names (TLS ONLY, not WSS)</synopsis>
<description>
<para>Comma separated list of cipher names or numeric equivalents.
Numeric equivalents can be either decimal or hexadecimal (0xX).
</para>
<para>There are many cipher names. Use the CLI command
<literal>pjsip list ciphers</literal> to see a list of cipher
names available for your installation. See link for more:</para>
<para>http://www.openssl.org/docs/apps/ciphers.html#CIPHER_SUITE_NAMES
</para>
</description>
</configOption>
<configOption name="domain">
<synopsis>Domain the transport comes from</synopsis>
</configOption>
<configOption name="external_media_address">
<synopsis>External IP address to use in RTP handling</synopsis>
<description><para>
When a request or response is sent out, if the destination of the
message is outside the IP network defined in the option <literal>localnet</literal>,
and the media address in the SDP is within the localnet network, then the
media address in the SDP will be rewritten to the value defined for
<literal>external_media_address</literal>.
</para></description>
</configOption>
<configOption name="external_signaling_address">
<synopsis>External address for SIP signalling</synopsis>
</configOption>
<configOption name="external_signaling_port" default="0">
<synopsis>External port for SIP signalling</synopsis>
</configOption>
<configOption name="method">
<synopsis>Method of SSL transport (TLS ONLY, not WSS)</synopsis>
<description>
<enumlist>
<enum name="default">
<para>The default as defined by PJSIP. This is currently TLSv1, but may change with future releases.</para>
</enum>
<enum name="unspecified">
<para>This option is equivalent to setting 'default'</para>
</enum>
<enum name="tlsv1" />
<enum name="tlsv1_1" />
<enum name="tlsv1_2" />
<enum name="sslv2" />
<enum name="sslv3" />
<enum name="sslv23" />
</enumlist>
</description>
</configOption>
<configOption name="local_net">
<synopsis>Network to consider local (used for NAT purposes).</synopsis>
<description><para>This must be in CIDR or dotted decimal format with the IP
and mask separated with a slash ('/').</para></description>
</configOption>
<configOption name="password">
<synopsis>Password required for transport</synopsis>
</configOption>
<configOption name="priv_key_file">
<synopsis>Private key file (TLS ONLY, not WSS)</synopsis>
<description><para>
A path to a key file can be provided. The private key file
can be reloaded if the filename in configuration remains
unchanged.
</para></description>
</configOption>
<configOption name="protocol" default="udp">
<synopsis>Protocol to use for SIP traffic</synopsis>
<description>
<enumlist>
<enum name="udp" />
<enum name="tcp" />
<enum name="tls" />
<enum name="ws" />
<enum name="wss" />
<enum name="flow" />
</enumlist>
</description>
</configOption>
<configOption name="require_client_cert" default="false">
<synopsis>Require client certificate (TLS ONLY, not WSS)</synopsis>
</configOption>
<configOption name="type">
<synopsis>Must be of type 'transport'.</synopsis>
</configOption>
<configOption name="verify_client" default="false">
<synopsis>Require verification of client certificate (TLS ONLY, not WSS)</synopsis>
</configOption>
<configOption name="verify_server" default="false">
<synopsis>Require verification of server certificate (TLS ONLY, not WSS)</synopsis>
</configOption>
<configOption name="tos" default="false">
<synopsis>Enable TOS for the signalling sent over this transport</synopsis>
<description>
<para>See <literal>https://wiki.asterisk.org/wiki/display/AST/IP+Quality+of+Service</literal>
for more information on this parameter.</para>
<note><para>This option does not apply to the <replaceable>ws</replaceable>
or the <replaceable>wss</replaceable> protocols.</para></note>
</description>
</configOption>
<configOption name="cos" default="false">
<synopsis>Enable COS for the signalling sent over this transport</synopsis>
<description>
<para>See <literal>https://wiki.asterisk.org/wiki/display/AST/IP+Quality+of+Service</literal>
for more information on this parameter.</para>
<note><para>This option does not apply to the <replaceable>ws</replaceable>
or the <replaceable>wss</replaceable> protocols.</para></note>
</description>
</configOption>
<configOption name="websocket_write_timeout" default="100">
<synopsis>The timeout (in milliseconds) to set on WebSocket connections.</synopsis>
<description>
<para>If a websocket connection accepts input slowly, the timeout
for writes to it can be increased to keep it from being disconnected.
Value is in milliseconds.</para>
</description>
</configOption>
<configOption name="allow_reload" default="no">
<synopsis>Allow this transport to be reloaded.</synopsis>
<description>
<para>Allow this transport to be reloaded when res_pjsip is reloaded.
This option defaults to "no" because reloading a transport may disrupt
in-progress calls.</para>
</description>
</configOption>
<configOption name="allow_wildcard_certs" default="false">
<synopsis>Allow use of wildcards in certificates (TLS ONLY)</synopsis>
<description>
<para>In combination with verify_server, when enabled allow use of wildcards,
i.e. '*.' in certs for common,and subject alt names of type DNS for TLS
transport types. Names must start with the wildcard. Partial wildcards, e.g.
'f*.example.com' and 'foo.*.com' are not allowed. As well, names only match
against a single level meaning '*.example.com' matches 'foo.example.com',
but not 'foo.bar.example.com'.
</para>
</description>
</configOption>
<configOption name="symmetric_transport" default="no">
<synopsis>Use the same transport for outgoing requests as incoming ones.</synopsis>
<description>
<para>When a request from a dynamic contact
comes in on a transport with this option set to 'yes',
the transport name will be saved and used for subsequent
outgoing requests like OPTIONS, NOTIFY and INVITE. It's
saved as a contact uri parameter named 'x-ast-txp' and will
display with the contact uri in CLI, AMI, and ARI output.
On the outgoing request, if a transport wasn't explicitly
set on the endpoint AND the request URI is not a hostname,
the saved transport will be used and the 'x-ast-txp'
parameter stripped from the outgoing packet.
</para>
</description>
</configOption>
</configObject>
<configObject name="contact">
<synopsis>A way of creating an aliased name to a SIP URI</synopsis>
<description><para>
Contacts are a way to hide SIP URIs from the dialplan directly.
They are also used to make a group of contactable parties when
in use with <literal>AoR</literal> lists.
</para></description>
<configOption name="type">
<synopsis>Must be of type 'contact'.</synopsis>
</configOption>
<configOption name="uri">
<synopsis>SIP URI to contact peer</synopsis>
</configOption>
<configOption name="expiration_time">
<synopsis>Time to keep alive a contact</synopsis>
<description><para>
Time to keep alive a contact. String style specification.
</para></description>
</configOption>
<configOption name="qualify_frequency" default="0">
<synopsis>Interval at which to qualify a contact</synopsis>
<description><para>
Interval between attempts to qualify the contact for reachability.
If <literal>0</literal> never qualify. Time in seconds.
</para></description>
</configOption>
<configOption name="qualify_timeout" default="3.0">
<synopsis>Timeout for qualify</synopsis>
<description><para>
If the contact doesn't respond to the OPTIONS request before the timeout,
the contact is marked unavailable.
If <literal>0</literal> no timeout. Time in fractional seconds.
</para></description>
</configOption>
<configOption name="authenticate_qualify">
<synopsis>Authenticates a qualify challenge response if needed</synopsis>
<description>
<para>If true and a qualify request receives a challenge response then
authentication is attempted before declaring the contact available.
</para>
<note><para>This option does nothing as we will always complete
the challenge response authentication if the qualify request is
challenged.
</para></note>
</description>
</configOption>
<configOption name="outbound_proxy">
<synopsis>Outbound proxy used when sending OPTIONS request</synopsis>
<description><para>
If set the provided URI will be used as the outbound proxy when an
OPTIONS request is sent to a contact for qualify purposes.
</para></description>
</configOption>
<configOption name="path">
<synopsis>Stored Path vector for use in Route headers on outgoing requests.</synopsis>
</configOption>
<configOption name="user_agent">
<synopsis>User-Agent header from registration.</synopsis>
<description><para>
The User-Agent is automatically stored based on data present in incoming SIP
REGISTER requests and is not intended to be configured manually.
</para></description>
</configOption>
<configOption name="endpoint">
<synopsis>Endpoint name</synopsis>
<description><para>
The name of the endpoint this contact belongs to
</para></description>
</configOption>
<configOption name="reg_server">
<synopsis>Asterisk Server name</synopsis>
<description><para>
Asterisk Server name on which SIP endpoint registered.
</para></description>
</configOption>
<configOption name="via_addr">
<synopsis>IP-address of the last Via header from registration.</synopsis>
<description><para>
The last Via header should contain the address of UA which sent the request.
The IP-address of the last Via header is automatically stored based on data present
in incoming SIP REGISTER requests and is not intended to be configured manually.
</para></description>
</configOption>
<configOption name="via_port">
<synopsis>IP-port of the last Via header from registration.</synopsis>
<description><para>
The IP-port of the last Via header is automatically stored based on data present
in incoming SIP REGISTER requests and is not intended to be configured manually.
</para></description>
</configOption>
<configOption name="call_id">
<synopsis>Call-ID header from registration.</synopsis>
<description><para>
The Call-ID header is automatically stored based on data present
in incoming SIP REGISTER requests and is not intended to be configured manually.
</para></description>
</configOption>
<configOption name="prune_on_boot">
<synopsis>A contact that cannot survive a restart/boot.</synopsis>
<description><para>
The option is set if the incoming SIP REGISTER contact is rewritten
on a reliable transport and is not intended to be configured manually.
</para></description>
</configOption>
</configObject>
<configObject name="aor">
<synopsis>The configuration for a location of an endpoint</synopsis>
<description><para>
An AoR is what allows Asterisk to contact an endpoint via res_pjsip. If no
AoRs are specified, an endpoint will not be reachable by Asterisk.
Beyond that, an AoR has other uses within Asterisk, such as inbound
registration.
</para><para>
An <literal>AoR</literal> is a way to allow dialing a group
of <literal>Contacts</literal> that all use the same
<literal>endpoint</literal> for calls.
</para><para>
This can be used as another way of grouping a list of contacts to dial
rather than specifying them each directly when dialing via the dialplan.
This must be used in conjunction with the <literal>PJSIP_DIAL_CONTACTS</literal>.
</para><para>
Registrations: For Asterisk to match an inbound registration to an endpoint,
the AoR object name must match the user portion of the SIP URI in the "To:"
header of the inbound SIP registration. That will usually be equivalent
to the "user name" set in your hard or soft phones configuration.
</para></description>
<configOption name="contact">
<synopsis>Permanent contacts assigned to AoR</synopsis>
<description><para>
Contacts specified will be called whenever referenced
by <literal>chan_pjsip</literal>.
</para><para>
Use a separate "contact=" entry for each contact required. Contacts
are specified using a SIP URI.
</para></description>
</configOption>
<configOption name="default_expiration" default="3600">
<synopsis>Default expiration time in seconds for contacts that are dynamically bound to an AoR.</synopsis>
</configOption>
<configOption name="mailboxes">
<synopsis>Allow subscriptions for the specified mailbox(es)</synopsis>
<description><para>This option applies when an external entity subscribes to an AoR
for Message Waiting Indications. The mailboxes specified will be subscribed to.
More than one mailbox can be specified with a comma-delimited string.
app_voicemail mailboxes must be specified as mailbox@context;
for example: mailboxes=6001@default. For mailboxes provided by external sources,
such as through the res_mwi_external module, you must specify strings supported by
the external system.
</para><para>
For endpoints that cannot SUBSCRIBE for MWI, you can set the <literal>mailboxes</literal> option in your
endpoint configuration section to enable unsolicited MWI NOTIFYs to the endpoint.
</para></description>
</configOption>
<configOption name="voicemail_extension">
<synopsis>The voicemail extension to send in the NOTIFY Message-Account header</synopsis>
</configOption>
<configOption name="maximum_expiration" default="7200">
<synopsis>Maximum time to keep an AoR</synopsis>
<description><para>
Maximum time to keep a peer with explicit expiration. Time in seconds.
</para></description>
</configOption>
<configOption name="max_contacts" default="0">
<synopsis>Maximum number of contacts that can bind to an AoR</synopsis>
<description><para>
Maximum number of contacts that can associate with this AoR. This value does
not affect the number of contacts that can be added with the "contact" option.
It only limits contacts added through external interaction, such as
registration.
</para>
<note><para>The <replaceable>rewrite_contact</replaceable> option
registers the source address as the contact address to help with
NAT and reusing connection oriented transports such as TCP and
TLS. Unfortunately, refreshing a registration may register a
different contact address and exceed
<replaceable>max_contacts</replaceable>. The
<replaceable>remove_existing</replaceable> and
<replaceable>remove_unavailable</replaceable> options can help by
removing either the soonest to expire or unavailable contact(s) over
<replaceable>max_contacts</replaceable> which is likely the
old <replaceable>rewrite_contact</replaceable> contact source
address being refreshed.
</para></note>
<note><para>This should be set to <literal>1</literal> and
<replaceable>remove_existing</replaceable> set to <literal>yes</literal> if you
wish to stick with the older <literal>chan_sip</literal> behaviour.
</para></note>
</description>
</configOption>
<configOption name="minimum_expiration" default="60">
<synopsis>Minimum keep alive time for an AoR</synopsis>
<description><para>
Minimum time to keep a peer with an explicit expiration. Time in seconds.
</para></description>
</configOption>
<configOption name="remove_existing" default="no">
<synopsis>Determines whether new contacts replace existing ones.</synopsis>
<description><para>
On receiving a new registration to the AoR should it remove enough
existing contacts not added or updated by the registration to
satisfy <replaceable>max_contacts</replaceable>? Any removed
contacts will expire the soonest.
</para>
<note><para>The <replaceable>rewrite_contact</replaceable> option
registers the source address as the contact address to help with
NAT and reusing connection oriented transports such as TCP and
TLS. Unfortunately, refreshing a registration may register a
different contact address and exceed
<replaceable>max_contacts</replaceable>. The
<replaceable>remove_existing</replaceable> option can help by
removing the soonest to expire contact(s) over
<replaceable>max_contacts</replaceable> which is likely the
old <replaceable>rewrite_contact</replaceable> contact source
address being refreshed.
</para></note>
<note><para>This should be set to <literal>yes</literal> and
<replaceable>max_contacts</replaceable> set to <literal>1</literal> if you
wish to stick with the older <literal>chan_sip</literal> behaviour.
</para></note>
</description>
</configOption>
<configOption name="remove_unavailable" default="no">
<synopsis>Determines whether new contacts should replace unavailable ones.</synopsis>
<description><para>
The effect of this setting depends on the setting of
<replaceable>remove_existing</replaceable>.</para>
<para>If <replaceable>remove_existing</replaceable> is set to
<literal>no</literal> (default), setting remove_unavailable to
<literal>yes</literal> will remove only unavailable contacts that exceed
<replaceable>max_contacts</replaceable> to allow an incoming
REGISTER to complete sucessfully.</para>
<para>If <replaceable>remove_existing</replaceable> is set to
<literal>yes</literal>, setting remove_unavailable to
<literal>yes</literal> will prioritize unavailable contacts for removal
instead of just removing the contact that expires the soonest.</para>
<note><para>See <replaceable>remove_existing</replaceable> and
<replaceable>max_contacts</replaceable> for further information about how
these 3 settings interact.
</para></note>
</description>
</configOption>
<configOption name="type">
<synopsis>Must be of type 'aor'.</synopsis>
</configOption>
<configOption name="qualify_frequency" default="0">
<synopsis>Interval at which to qualify an AoR</synopsis>
<description><para>
Interval between attempts to qualify the AoR for reachability.
If <literal>0</literal> never qualify. Time in seconds.
</para></description>
</configOption>
<configOption name="qualify_timeout" default="3.0">
<synopsis>Timeout for qualify</synopsis>
<description><para>
If the contact doesn't respond to the OPTIONS request before the timeout,
the contact is marked unavailable.
If <literal>0</literal> no timeout. Time in fractional seconds.
</para></description>
</configOption>
<configOption name="authenticate_qualify">
<synopsis>Authenticates a qualify challenge response if needed</synopsis>
<description>
<para>If true and a qualify request receives a challenge response then
authentication is attempted before declaring the contact available.
</para>
<note><para>This option does nothing as we will always complete
the challenge response authentication if the qualify request is
challenged.
</para></note>
</description>
</configOption>
<configOption name="outbound_proxy">
<synopsis>Outbound proxy used when sending OPTIONS request</synopsis>
<description><para>
If set the provided URI will be used as the outbound proxy when an
OPTIONS request is sent to a contact for qualify purposes.
</para></description>
</configOption>
<configOption name="support_path">
<synopsis>Enables Path support for REGISTER requests and Route support for other requests.</synopsis>
<description><para>
When this option is enabled, the Path headers in register requests will be saved
and its contents will be used in Route headers for outbound out-of-dialog requests
and in Path headers for outbound 200 responses. Path support will also be indicated
in the Supported header.
</para></description>
</configOption>
</configObject>
<configObject name="system">
<synopsis>Options that apply to the SIP stack as well as other system-wide settings</synopsis>
<description><para>
The settings in this section are global. In addition to being global, the values will
not be re-evaluated when a reload is performed. This is because the values must be set
before the SIP stack is initialized. The only way to reset these values is to either
restart Asterisk, or unload res_pjsip.so and then load it again.
</para></description>
<configOption name="timer_t1" default="500">
<synopsis>Set transaction timer T1 value (milliseconds).</synopsis>
<description><para>
Timer T1 is the base for determining how long to wait before retransmitting
requests that receive no response when using an unreliable transport (e.g. UDP).
For more information on this timer, see RFC 3261, Section 17.1.1.1.
</para></description>
</configOption>
<configOption name="timer_b" default="32000">
<synopsis>Set transaction timer B value (milliseconds).</synopsis>
<description><para>
Timer B determines the maximum amount of time to wait after sending an INVITE
request before terminating the transaction. It is recommended that this be set
to 64 * Timer T1, but it may be set higher if desired. For more information on
this timer, see RFC 3261, Section 17.1.1.1.
</para></description>
</configOption>
<configOption name="compact_headers" default="no">
<synopsis>Use the short forms of common SIP header names.</synopsis>
</configOption>
<configOption name="threadpool_initial_size" default="0">
<synopsis>Initial number of threads in the res_pjsip threadpool.</synopsis>
</configOption>
<configOption name="threadpool_auto_increment" default="5">
<synopsis>The amount by which the number of threads is incremented when necessary.</synopsis>
</configOption>
<configOption name="threadpool_idle_timeout" default="60">
<synopsis>Number of seconds before an idle thread should be disposed of.</synopsis>
</configOption>
<configOption name="threadpool_max_size" default="0">
<synopsis>Maximum number of threads in the res_pjsip threadpool.
A value of 0 indicates no maximum.</synopsis>
</configOption>
<configOption name="disable_tcp_switch" default="yes">
<synopsis>Disable automatic switching from UDP to TCP transports.</synopsis>
<description><para>
Disable automatic switching from UDP to TCP transports if outgoing
request is too large. See RFC 3261 section 18.1.1.
</para></description>
</configOption>
<configOption name="follow_early_media_fork">
<synopsis>Follow SDP forked media when To tag is different</synopsis>
<description><para>
On outgoing calls, if the UAS responds with different SDP attributes
on subsequent 18X or 2XX responses (such as a port update) AND the
To tag on the subsequent response is different than that on the previous
one, follow it.
</para>
<note><para>
This option must also be enabled on endpoints that require
this functionality.
</para></note>
</description>
</configOption>
<configOption name="accept_multiple_sdp_answers">
<synopsis>Follow SDP forked media when To tag is the same</synopsis>
<description><para>
On outgoing calls, if the UAS responds with different SDP attributes
on non-100rel 18X or 2XX responses (such as a port update) AND the
To tag on the subsequent response is the same as that on the previous one,
process the updated SDP.
</para>
<note><para>
This option must also be enabled on endpoints that require
this functionality.
</para></note>
</description>
</configOption>
<configOption name="disable_rport" default="no">
<synopsis>Disable the use of rport in outgoing requests.</synopsis>
<description><para>
Remove "rport" parameter from the outgoing requests.
</para></description>
</configOption>
<configOption name="type">
<synopsis>Must be of type 'system' UNLESS the object name is 'system'.</synopsis>
</configOption>
</configObject>
<configObject name="global">
<synopsis>Options that apply globally to all SIP communications</synopsis>
<description><para>
The settings in this section are global. Unlike options in the <literal>system</literal>
section, these options can be refreshed by performing a reload.
</para></description>
<configOption name="max_forwards" default="70">
<synopsis>Value used in Max-Forwards header for SIP requests.</synopsis>
</configOption>
<configOption name="keep_alive_interval" default="90">
<synopsis>The interval (in seconds) to send keepalives to active connection-oriented transports.</synopsis>
</configOption>
<configOption name="contact_expiration_check_interval" default="30">
<synopsis>The interval (in seconds) to check for expired contacts.</synopsis>
</configOption>
<configOption name="disable_multi_domain" default="no">
<synopsis>Disable Multi Domain support</synopsis>
<description><para>
If disabled it can improve realtime performance by reducing the number of database requests.
</para></description>
</configOption>
<configOption name="max_initial_qualify_time" default="0">
<synopsis>The maximum amount of time from startup that qualifies should be attempted on all contacts.
If greater than the qualify_frequency for an aor, qualify_frequency will be used instead.</synopsis>
</configOption>
<configOption name="unidentified_request_period" default="5">
<synopsis>The number of seconds over which to accumulate unidentified requests.</synopsis>
<description><para>
If <literal>unidentified_request_count</literal> unidentified requests are received
during <literal>unidentified_request_period</literal>, a security event will be generated.
</para></description>
</configOption>
<configOption name="unidentified_request_count" default="5">
<synopsis>The number of unidentified requests from a single IP to allow.</synopsis>
<description><para>
If <literal>unidentified_request_count</literal> unidentified requests are received
during <literal>unidentified_request_period</literal>, a security event will be generated.
</para></description>
</configOption>
<configOption name="unidentified_request_prune_interval" default="30">
<synopsis>The interval at which unidentified requests are older than
twice the unidentified_request_period are pruned.</synopsis>
</configOption>
<configOption name="type">
<synopsis>Must be of type 'global' UNLESS the object name is 'global'.</synopsis>
</configOption>
<configOption name="user_agent" default="Asterisk &lt;Asterisk Version&gt;">
<synopsis>Value used in User-Agent header for SIP requests and Server header for SIP responses.</synopsis>
</configOption>
<configOption name="regcontext" default="">
<synopsis>When set, Asterisk will dynamically create and destroy a NoOp priority 1 extension for a given
peer who registers or unregisters with us.</synopsis>
</configOption>
<configOption name="default_outbound_endpoint" default="default_outbound_endpoint">
<synopsis>Endpoint to use when sending an outbound request to a URI without a specified endpoint.</synopsis>
</configOption>
<configOption name="default_voicemail_extension">
<synopsis>The voicemail extension to send in the NOTIFY Message-Account header if not specified on endpoint or aor</synopsis>
</configOption>
<configOption name="debug" default="no">
<synopsis>Enable/Disable SIP debug logging. Valid options include yes, no, or
a host address</synopsis>
</configOption>
<configOption name="endpoint_identifier_order">
<synopsis>The order by which endpoint identifiers are processed and checked.
Identifier names are usually derived from and can be found in the endpoint
identifier module itself (res_pjsip_endpoint_identifier_*).
You can use the CLI command "pjsip show identifiers" to see the
identifiers currently available.</synopsis>
<description>
<note><para>
One of the identifiers is "auth_username" which matches on the username in
an Authentication header. This method has some security considerations because an
Authentication header is not present on the first message of a dialog when
digest authentication is used. The client can't generate it until the server
sends the challenge in a 401 response. Since Asterisk normally sends a security
event when an incoming request can't be matched to an endpoint, using auth_username
requires that the security event be deferred until a request is received with
the Authentication header and only generated if the username doesn't result in a
match. This may result in a delay before an attack is recognized. You can control
how many unmatched requests are received from a single ip address before a security
event is generated using the unidentified_request parameters.
</para></note>
</description>
</configOption>
<configOption name="default_from_user" default="asterisk">
<synopsis>When Asterisk generates an outgoing SIP request, the From header username will be
set to this value if there is no better option (such as CallerID) to be
used.</synopsis>
</configOption>
<configOption name="default_realm" default="asterisk">
<synopsis>When Asterisk generates a challenge, the digest realm will be
set to this value if there is no better option (such as auth/realm) to be
used.</synopsis>
</configOption>
<configOption name="mwi_tps_queue_high" default="500">
<synopsis>MWI taskprocessor high water alert trigger level.</synopsis>
<description>
<para>On a heavily loaded system you may need to adjust the
taskprocessor queue limits. If any taskprocessor queue size
reaches its high water level then pjsip will stop processing
new requests until the alert is cleared. The alert clears
when all alerting taskprocessor queues have dropped to their
low water clear level.
</para>
</description>
</configOption>
<configOption name="mwi_tps_queue_low" default="-1">
<synopsis>MWI taskprocessor low water clear alert level.</synopsis>
<description>
<para>On a heavily loaded system you may need to adjust the
taskprocessor queue limits. If any taskprocessor queue size
reaches its high water level then pjsip will stop processing
new requests until the alert is cleared. The alert clears
when all alerting taskprocessor queues have dropped to their
low water clear level.
</para>
<note><para>Set to -1 for the low water level to be 90% of
the high water level.</para></note>
</description>
</configOption>
<configOption name="mwi_disable_initial_unsolicited" default="no">
<synopsis>Enable/Disable sending unsolicited MWI to all endpoints on startup.</synopsis>
<description>
<para>When the initial unsolicited MWI notification are
enabled on startup then the initial notifications
get sent at startup. If you have a lot of endpoints
(thousands) that use unsolicited MWI then you may
want to consider disabling the initial startup
notifications.
</para>
<para>When the initial unsolicited MWI notifications are
disabled on startup then the notifications will start
on the endpoint's next contact update.
</para>
</description>
</configOption>
<configOption name="ignore_uri_user_options">
<synopsis>Enable/Disable ignoring SIP URI user field options.</synopsis>
<description>
<para>If you have this option enabled and there are semicolons
in the user field of a SIP URI then the field is truncated
at the first semicolon. This effectively makes the semicolon
a non-usable character for PJSIP endpoint names, extensions,
and AORs. This can be useful for improving compatibility with
an ITSP that likes to use user options for whatever reason.
</para>
<example title="Sample SIP URI">
sip:1235557890;phone-context=national@x.x.x.x;user=phone
</example>
<example title="Sample SIP URI user field">
1235557890;phone-context=national
</example>
<example title="Sample SIP URI user field truncated">
1235557890
</example>
<note><para>The caller-id and redirecting number strings
obtained from incoming SIP URI user fields are always truncated
at the first semicolon.</para></note>
</description>
</configOption>
<configOption name="use_callerid_contact" default="no">
<synopsis>Place caller-id information into Contact header</synopsis>
<description><para>
This option will cause Asterisk to place caller-id information into
generated Contact headers.</para>
</description>
</configOption>
<configOption name="send_contact_status_on_update_registration" default="no">
<synopsis>Enable sending AMI ContactStatus event when a device refreshes its registration.</synopsis>
</configOption>
<configOption name="taskprocessor_overload_trigger">
<synopsis>Trigger scope for taskprocessor overloads</synopsis>
<description><para>
This option specifies the trigger the distributor will use for
detecting taskprocessor overloads. When it detects an overload condition,
the distrubutor will stop accepting new requests until the overload is
cleared.
</para>
<enumlist>
<enum name="global"><para>(default) Any taskprocessor overload will trigger.</para></enum>
<enum name="pjsip_only"><para>Only pjsip taskprocessor overloads will trigger.</para></enum>
<enum name="none"><para>No overload detection will be performed.</para></enum>
</enumlist>
<warning><para>
The "none" and "pjsip_only" options should be used
with extreme caution and only to mitigate specific issues.
Under certain conditions they could make things worse.
</para></warning>
</description>
</configOption>
<configOption name="norefersub" default="yes">
<synopsis>Advertise support for RFC4488 REFER subscription suppression</synopsis>
</configOption>
<configOption name="allow_sending_180_after_183" default="no">
<synopsis>Allow 180 after 183</synopsis>
<description><para>
Allow Asterisk to send 180 Ringing to an endpoint
after 183 Session Progress has been send.
If disabled Asterisk will instead send only a
183 Session Progress to the endpoint.
(default: "no")
</para>
</description>
</configOption>
</configObject>
</configFile>
</configInfo>
</docs>