B. Sipwise C5 configs overview

1. config.yml Overview

/etc/ngcp-config/config.yml is the main configuration YAML file used by Sipwise C5. After every changes it need to run the command ngcpcfg apply "my commit message" to apply changes (followed by ngcpcfg push in the PRO version to apply changes to sp2). The following is a brief description of the main variables contained into /etc/ngcp-config/config.yml file.

1.1. apps

This section contains parameters for the additional applications that may be activated on Sipwise C5.

apps:
  malicious_call: no
  • malicious_call: If set to yes, the Malicious Call Identification (MCID) application will be enabled.

1.2. asterisk

The following is the asterisk section:

asterisk:
  log:
    facility: local6
  rtp:
    maxport: 20000
    minport: 10000
  sip:
    bindport: 5070
    dtmfmode: rfc2833
  voicemail:
    enable: no
    fromstring: 'Voicemail server'
    greeting:
      busy_custom_greeting: '/home/user/file_no_extension'
      busy_overwrite_default: no
      busy_overwrite_subscriber: no
      unavail_custom_greeting: '/home/user/file_no_extension'
      unavail_overwrite_default: no
      unavail_overwrite_subscriber: no
    mailbody: 'You have received a new message from ${VM_CALLERID} in voicebox ${VM_MAILBOX} on ${VM_DATE}.'
    mailsubject: '[Voicebox] New message ${VM_MSGNUM} in voicebox ${VM_MAILBOX}'
    max_msg_length: 180
    maxgreet: 60
    maxmsg: 30
    maxsilence: 0
    min_msg_length: 3
    normalize_match: '^00|\+([1-9][0-9]+)$'
    normalize_replace: '$1'
    serveremail: voicebox@sip.sipwise.com
  • log.facility: rsyslog facility for asterisk log, defined in /etc/asterisk/logger.conf.
  • rtp.maxport: RTP maximum port used by asterisk.
  • rtp.minport: RTP minimum port used by asterisk.
  • sip.bindport: SIP asterisk internal bindport.
  • voicemail.greetings.*: set the audio file path for voicemail custom unavailable/busy greetings
  • voicemail.mailbody: Mail body for incoming voicemail.
  • voicemail.mailsubject: Mail subject for incoming voicemail.
  • voicemail.max_msg_length: Sets the maximum length of a voicemail message, in seconds.
  • voicemail.maxgreet: Sets the maximum length of voicemail greetings, in seconds.
  • voicemail.maxmsg: Sets the maximum number of messages that may be kept in any voicemail folder.
  • voicemail.min_msg_length: Sets the minimum length of a voicemail message, in seconds.
  • voicemail.maxsilence: Maxsilence defines how long Asterisk will wait for a contiguous period of silence before terminating an incoming call to voice mail. The default value is 0, which means the silence detector is disabled and the wait time is infinite.
  • voicemail.serveremail: Provides the email address from which voicemail notifications should be sent.
  • voicemail.normalize_match: Regular expression to match the From number for calls to voicebox.
  • voicemail.normalize_replace: Replacement string to return, in order to match an existing voicebox.

1.3. autoprov

The following is the autoprovisioning section:

autoprov:
  hardphone:
    skip_vendor_redirect: no
  server:
    bootstrap_port: 1445
    ca_certfile: '/etc/ngcp-config/ssl/client-auth-ca.crt'
    host: localhost
    port: 1444
    server_certfile: '/etc/ngcp-config/ssl/myserver.crt'
    server_keyfile: '/etc/ngcp-config/ssl/myserver.key'
    ssl_enabled: yes
  softphone:
    config_lockdown: 0
    webauth: 0
  • autoprov.skip_vendor_redirect: Skip phone vendor redirection to the vendor provisioning web site.

1.4. backuptools

The following is the backup tools section:

backuptools:
  cdrexport_backup:
    enable: no
  etc_backup:
    enable: no
  mail:
    address: noc@company.org
    error_subject: '[ngcp-backup] Problems detected during daily backup'
    log_subject: '[ngcp-backup] Daily backup report'
    send_errors: no
    send_log: no
  mysql_backup:
    enable: no
    exclude_dbs: 'syslog sipstats information_schema'
  rotate_days: 7
  storage_dir: '/ngcp-data/backup/ngcp_backup'
  temp_backup_dir: '/tmp/ngcp_backup'
  • backuptools.cdrexport_backup.enable: Enable backup of cdrexport (.csv) directory.
  • backuptools.etc_backup.enable: Enable backup of /etc/* directory.
  • backuptools.mail.address: Destination email address for backup emails.
  • backuptools.mail.error_subject: Subject for error emails.
  • backuptools.mail.log_subjetc: Subject for daily backup report.
  • backuptools.mail.send_error: Send daily backup error report.
  • backuptools.mail.send_log: Send daily backup log report.
  • backuptools.mysql_backup.enable: Enable daily mysql backup.
  • backuptools.mysql_backup.exclude_dbs: exclude mysql databases from backup.
  • backuptools.rotate_days: Number of days backup files should be kept. All files older than specified number of days are deleted from the storage directory.
  • backuptools.storage_dir: Storage directory of backups.
  • backuptools.storage_group: Name of the group that backup files should be owned by.
  • backuptools.storage_user: Name of the user that backup files should be owned by.
  • backuptools.temp_backup_dir: Temporary storage directory of backups.

1.5. cdrexport

The following is the cdr export section:

cdrexport:
  daily_folder: yes
  export_failed: no
  export_incoming: no
  exportpath: '/home/jail/home/cdrexport'
  full_names: yes
  monthly_folder: yes
  • cdrexport.daily_folder: Set yes if you want to create a daily folder for CDRs under the configured path.
  • cdrexport.export_failed: Export CDR for failed calls.
  • cdrexport.export_incoming: Export CDR for incoming calls.
  • cdrexport.exportpath: The path to store CDRs in .csv format.
  • cdrexport.full_names: Use full namen for CDRs instead of short ones.
  • cdrexport.monthly_folder: Set yes if you want to create a monthly folder (ex. 201301 for January 2013) for CDRs under configured path.

1.6. cleanuptools

The following is the cleanup tools section:

cleanuptools:
  acc_cleanup_days: 90
  archive_targetdir: '/ngcp-data/backups/cdr'
  binlog_days: 15
  cdr_archive_months: 2
  cdr_backup_months: 2
  cdr_backup_retro: 3
  compress: gzip
  delete_old_cdr_files:
    enable: no
    max_age_days: 30
    paths:
      -
        max_age_days: ~
        path: '/home/jail/home/*/20[0-9][0-9][0-9][0-9]/[0-9][0-9]'
        remove_empty_directories: yes
        wildcard: yes
      -
        max_age_days: ~
        path: '/home/jail/home/cdrexport/resellers/*/20[0-9][0-9][0-9][0-9]/[0-9][0-9]'
        remove_empty_directories: yes
        wildcard: yes
      -
        max_age_days: ~
        path: '/home/jail/home/cdrexport/system/20[0-9][0-9][0-9][0-9]/[0-9][0-9]'
        remove_empty_directories: yes
        wildcard: yes
  sql_batch: 10000
  trash_cleanup_days: 30
  • cleanuptools.acc_cleanup_days: CDR records in acc table in kamailio database will be deleted after this time
  • cleanuptools.binlog_days: Time after MySQL binlogs will be deleted.
  • cleanuptools.cdr_archive_months: How many months worth of records to keep in monthly CDR backup tables, instead of dumping them into archive files and dropping them from database.
  • cleanuptools.cdr_backup_months: How many months worth of records to keep in the current cdr table, instead of moving them into the monthly CDR backup tables.
  • cleanuptools.cdr_backup_retro: How many months to process for backups, going backwards in time and skipping cdr_backup_months months first, and store them in backup tables. Any older record will be left untouched.
  • cleanuptools.delete_old_cdr_files:

    • enable: Enable (yes) or disable (no) exported CDR cleanup.
    • max_age_days: Gives the expiration time of the exported CDR files in days. There is a general value which may be overridden by a local value provided at a specific path. The local value is valid for the particular path only.
    • paths: an array of path definitions

      • path: a path where CDR files are to be found and deleted; this may contain wildcard characters
      • wildcard: Enable (yes) or disable (no) using wildcards in the path
      • remove_empty_directories: Enable (yes) or disable (no) removing empty directories if those are found in the given path
      • max_age_days: the local expiration time value for files in the particular path
  • cleanuptools.sql_batch: How many records to process within a single SQL statement.
  • cleanuptools.trash_cleanup_days: Time after CDRs from acc_trash and acc_backup tables in kamailio database will be deleted.

For the description of cleanuptools please visit Cleanuptools Description Section 15.4, “Accounting Data (CDR) Cleanup” section of the handbook.

1.7. cluster_sets

The following is the cluster sets section:

cluster_sets:
  default:
    dispatcher_id: 50
  default_set: default
  type: central
  • cluster_sets.<label>: an arbitrary label of the cluster set; in the above example we have default
  • cluster_sets.<label>.dispatcher_id: a unique, numeric value that identifies a particular cluster set
  • cluster_sets.default_set: selects the default cluster set
  • cluster_sets.type: the type of cluster set; can be central or distributed

1.8. database

The following is the database section:

database:
  bufferpoolsize: 24768M
  • database.bufferpoolsize: Innodb_buffer_pool_size value in /etc/mysql/my.cnf

1.9. faxserver

The following is the fax server section:

faxserver:
  enable: yes
  fail_attempts: '3'
  fail_retry_secs: '60'
  mail_from: 'Sipwise C5 FaxServer <voipfax@ngcp.sipwise.local>'
  • faxserver.enable: yes/no to enable or disable ngcp-faxserver on the platform respectively.
  • faxserver.fail_attempts: Amount of attempts to send a fax after which it is marked as failed.
  • faxserver.fail_retry_secs: Amount of seconds to wait between "fail_attemts".
  • faxserver.mail_from: Sets the e-mail From Header for incoming fax.

1.10. general

The following is the general section:

general:
  adminmail: adjust@example.org
  companyname: sipwise
  lang: en
  maintenance: no
  production: yes
  timezone: localtime
  • general.adminmail: Email address used by monit to send notifications to.
  • general.companyname: Label used in SNMPd configuration.
  • general.lang: Sets sounds language (e.g: de for German)
  • general.production: Label to hint self-check scripts about installation mode.
  • general.maintenance: maintenance mode necessary for safe upgrades.
  • general.timezone: Sipwise C5 Timezone

1.11. heartbeat

The following is the heartbeat section:

heartbeat:
  hb_watchdog:
    action_max: 5
    enable: yes
    interval: 10
    transition_max: 10
  pingnodes:
    - 10.60.1.1
    - 192.168.3.4
  • heartbeat.hb_watchdog.enable: Enable heartbeat watchdog in order to prevent and fix split brain scenario.
  • heartbeat.hb_watchdog.action_max: Max errors before taking any action.
  • heartbeat.hb_watchdog.interval: Interval in secs for the check.
  • heartbeat.hb_watchdog.transition_max: Max checks in transition state.
  • heartbeat.pingnodes: List of pingnodes for heartbeat. Minimum 2 entries, otherwise by default Sipwise C5 will set the default gateway and DNS servers as pingnodes.

1.12. intercept

The following is the legal intercept section:

intercept:
  enable: no
  • intercept.enable: Enable ngcp-voisniff for Lawful Interception (additional Sipwise C5 module).

1.13. kamailio

The following is the kamailio section:

kamailio:
  lb:
    cfgt: no
    debug:
      enable: no
      modules:
      - level: '1'
        name: core
      - level: '3'
        name: xlog
    debug_level: '1'
    dns:
      dns_sctp_pref: 1
      dns_tcp_pref: 1
      dns_tls_pref: 1
      dns_try_naptr: no
      dns_udp_pref: 1
      use_dns_cache: on
    external_sbc: []
    extra_sockets: ~
    max_forwards: '70'
    mem_log: '1'
    mem_summary: '12'
    max_inv_lifetime: '180000'
    nattest_exception_ips:
    - 1.2.3.4
    - 5.6.7.8
    pkg_mem: '16'
    port: '5060'
    remove_isup_body_from_replies: no
    sdp_line_filter:
      enable: no
      remove_line_startswith: []
    security:
      dos_ban_enable: yes
      dos_ban_time: '300'
      dos_reqs_density_per_unit: '50'
      dos_sampling_time_unit: '5'
      dos_whitelisted_ips: []
      dos_whitelisted_subnets: []
      failed_auth_attempts: '3'
      failed_auth_ban_enable: yes
      failed_auth_ban_time: '3600'
      topoh:
        enable: no
        mask_callid: no
        mask_ip: 127.0.0.8
      topos:
        enable: no
        redis_db: 24
    shm_mem: '64'
    skip_contact_alias_for_ua_when_tcp:
      enable: no
      user_agent_patterns: []
    start: yes
    strict_routing_safe: no
    syslog_options: yes
    tcp_children: 1
    tcp_max_connections: '2048'
    tls:
      enable: no
      port: '5061'
      sslcertfile: /etc/ngcp-config/ssl/myserver.crt
      sslcertkeyfile: /etc/ngcp-config/ssl/myserver.key
    udp_children: 1
  proxy:
    allow_info_method: no
    allow_msg_method: no
    allow_peer_relay: no
    allow_refer_method: no
    always_anonymize_from_user: no
    authenticate_bye: no
    block_useragents:
      action: reject
      enable: no
      mode: blacklist
      ua_patterns: []
    cf_depth_limit: '10'
    cfgt: no
    check_prev_forwarder_as_upn: no
    children: 1
    debug:
      enable: no
      modules:
      - level: '1'
        name: core
      - level: '3'
        name: xlog
    debug_level: '1'
    default_expires: '3600'
    default_expires_range: '30'
    dlg_timeout: '43200'
    early_rejects:
      block_admin:
        announce_code: '403'
        announce_reason: Blocked by Admin
      block_callee:
        announce_code: '403'
        announce_reason: Blocked by Callee
      block_caller:
        announce_code: '403'
        announce_reason: Blocked by Caller
      block_contract:
        announce_code: '403'
        announce_reason: Blocked by Contract
      block_in:
        announce_code: '403'
        announce_reason: Block in
      block_out:
        announce_code: '403'
        announce_reason: Blocked out
      block_override_pin_wrong:
        announce_code: '403'
        announce_reason: Incorrect Override PIN
      callee_busy:
        announce_code: '486'
        announce_reason: Busy Here
      callee_offline:
        announce_code: '480'
        announce_reason: Offline
      callee_tmp_unavailable:
        announce_code: '480'
        announce_reason: Temporarily Unavailable
      callee_tmp_unavailable_gp:
        announce_code: '480'
        announce_reason: Unavailable
      callee_tmp_unavailable_tm:
        announce_code: '408'
        announce_reason: Request Timeout
      callee_unknown:
        announce_code: '404'
        announce_reason: Not Found
      cf_loop:
        announce_code: '480'
        announce_reason: Unavailable
      emergency_invalid:
        announce_code: '404'
        announce_reason: Emergency code not available in this region
      emergency_unsupported:
        announce_code: '403'
        announce_reason: Emergency Calls Not Supported
      invalid_speeddial:
        announce_code: '484'
        announce_reason: Speed-Dial slot empty
      locked_in:
        announce_code: '403'
        announce_reason: Callee locked
      locked_out:
        announce_code: '403'
        announce_reason: Caller locked
      max_calls_in:
        announce_code: '486'
        announce_reason: Busy
      max_calls_out:
        announce_code: '403'
        announce_reason: Maximum parallel calls exceeded
      no_credit:
        announce_code: '402'
        announce_reason: Insufficient Credit
      peering_unavailable:
        announce_code: '503'
        announce_reason: PSTN Termination Currently Unavailable
      reject_vsc:
        announce_code: '403'
        announce_reason: VSC Forbidden
      relaying_denied:
        announce_code: '403'
        announce_reason: Relaying Denied
      unauth_caller_ip:
        announce_code: '403'
        announce_reason: Unauthorized IP detected
    emergency_priorization:
      enable: no
      register_fake_200: yes
      register_fake_expires: '3600'
      reject_code: '503'
      reject_reason: Temporary Unavailable
      retry_after: '3600'
    enum_suffix: e164.arpa.
    expires_range: '30'
    filter_100rel_from_supported: no
    filter_failover_response: 408|500|503
    foreign_domain_via_peer: no
    fritzbox:
      enable: no
      prefixes:
      - 0$avp(caller_ac)
      - $avp(caller_cc)$avp(caller_ac)
      - \+$avp(caller_cc)$avp(caller_ac)
      - 00$avp(caller_cc)$avp(caller_ac)
      special_numbers:
      - '112'
      - '110'
      - 118[0-9]{2}
    ignore_auth_realm: no
    ignore_subscriber_allowed_clis: no
    keep_original_to: no
    latency_limit_action: '100'
    latency_limit_db: '500'
    latency_log_level: '1'
    latency_runtime_action: 1000
    lnp:
      add_reply_headers:
        enable: no
        number: P-NGCP-LNP-Number
        status: P-NGCP-LNP-Status
      api:
        add_caller_cc_to_lnp_dst: no
        invalid_lnp_routing_codes:
        - ^EE00
        - ^DD00
        keepalive_interval: '3'
        lnp_request_blacklist: []
        lnp_request_whitelist: []
        port: '8991'
        reply_error_on_lnp_failure: no
        request_timeout: '1000'
        server: localhost
        tcap_field_fci: end.components.0.invoke.parameter
        tcap_field_lnp: ConnectArg.destinationRoutingAddress.0
        tcap_field_opcode: end.components.0.invoke.opCode
      enable: no
      skip_callee_lnp_lookup_from_any_peer: no
      type: api
    lookup_peer_destination_domain_for_pbx: no
    loop_detection:
      enable: no
      expire: '1'
      max: '5'
    max_expires: '43200'
    max_gw_lcr: '128'
    max_registrations_per_subscriber: '5'
    mem_log: '1'
    mem_summary: '12'
    min_expires: '60'
    nathelper:
      sipping_from: sip:pinger@sipwise.local
    nathelper_dbro: no
    natping_interval: '30'
    natping_processes: 1
    nonce_expire: '300'
    pbx:
      hunt_display_fallback_format: '[H %s]'
      hunt_display_fallback_indicator: $var(cloud_pbx_hg_ext)
      hunt_display_format: '[H %s]'
      hunt_display_indicator: $var(cloud_pbx_hg_displayname)
      hunt_display_maxlength: 8
      ignore_cf_when_hunting: no
      skip_busy_hg_members:
        enable: no
        redis_key_name: totaluser
    peer_probe:
      available_treshold: '1'
      enable: yes
      from_uri_domain: probe.ngcp.local
      from_uri_user: ping
      interval: '10'
      method: OPTIONS
      reply_codes: class=2;class=3;code=403;code=404;code=405
      timeout: '5'
      unavailable_treshold: '1'
    perform_peer_failover_on_tm_timeout: yes
    perform_peer_lcr: no
    pkg_mem: '32'
    port: '5062'
    presence:
      enable: yes
      max_expires: '3600'
      reginfo_domain: example.org
    proxy_lookup: no
    push:
      apns_alert: New call
      apns_sound: incoming_call.xaf
    report_mos: yes
    set_ruri_to_peer_auth_realm: no
    shm_mem: '125'
    start: yes
    store_recentcalls: no
    syslog_options: yes
    tcp_children: 1
    tm:
      fr_inv_timer: '180000'
      fr_timer: '9000'
      max_inv_lifetime: '180000'
    treat_600_as_busy: yes
    use_enum: no
    usrloc_dbmode: '1'
    voicebox_first_caller_cli: yes
  • kamailio.lb.cfgt: Enable/disable unit test config file execution tracing.
  • kamailio.lb.debug.enable: Enable per-module debug options.
  • kamailio.lb.debug.modules: List of modules to be traced with respective debug level.
  • kamailio.lb.debug_level: Default debug level for kamailio-lb.
  • kamailio.lb.dns.use_dns_cache: Enable/disable use of internal DNS cache.
  • kamailio.lb.dns.dns_udp_pref: Set preference for each protocol when doing NAPTR lookups.In order to use remote site preferences set all dns_*_pref to the same positive value (e.g. dns_udp_pref=1, dns_tcp_pref=1, dns_tls_pref=1, dns_sctp_pref=1). To completely ignore NAPTR records for a specific protocol, set the corresponding protocol preference to -1.
  • kamailio.lb.dns.dns_tcp_pref: See above.
  • kamailio.lb.dns.dns_tls_pref: See above.
  • kamailio.lb.dns.dns_sctp_pref: See above.
  • kamailio.lb.dns.dns_try_naptr: Enable NAPTR support according to RFC 3263.
  • kamailio.lb.external_sbc: SIP URI of external SBC used in the Via Route option of peering server.
  • kamailio.lb.extra_sockets: Add here extra sockets for Load Balancer.
  • kamailio.lb.max_forwards: Set the value for the Max Forwards SIP header for outgoing messages.
  • kamailio.lb.mem_log: Specifies on which log level the memory statistics will be logged.
  • kamailio.lb.mem_summary: Parameter to control printing of memory debugging information on exit or SIGUSR1 to log.
  • kamailio.lb.max_inv_lifetime: Set INVITE transaction timeout per the whole transaction if no final reply for an INVITE arrives after a provisional message was received (whole transaction ringing timeout). It has to be equals or greater than kamailio.proxy.tm.fr_inv_timer.
  • kamailio.lb.nattest_exception_ips: List of IPs that don’t need the NAT test.
  • kamailio.lb.shm_mem: Shared memory used by Kamailio Load Balancer.
  • kamailio.lb.pkg_mem: PKG memory used by Kamailio Load Balancer.
  • kamailio.lb.port: Default listen port.
  • kamailio.lb.remove_isup_body_from_replies: Enable/disable stripping of ISUP part from the message body.
  • kamailio.lb.sdp_line_filter.enable: Enable/Disable filter of SDP lines in all the SIP messages.
  • kamailio.lb.sdp_line_filter.remove_line_startswith: List of the SDP lines that should be removed. Attention: it removes all SDP attribute lines beginning with the listed strings in all media streams.
  • kamailio.lb.security.dos_ban_enable: Enable/Disable DoS Ban.
  • kamailio.lb.security.dos_ban_time: Sets the ban time.
  • kamailio.lb.security.dos_reqs_density_per_unit: Sets the requests density per unit (if we receive more then * lb.dos_reqs_density_per_unit within dos_sampling_time_unit the user will be banned).
  • kamailio.lb.security.dos_sampling_time_unit: Sets the DoS unit time.
  • kamailio.lb.security.dos_whitelisted_ips: Write here the whitelisted IPs.
  • kamailio.lb.security.dos_whitelisted_subnets: Write here the whitelisted IP subnets.
  • kamailio.lb.security.failed_auth_attempts: Sets how many authentication attempts allowed before ban.
  • kamailio.lb.security.failed_auth_ban_enable: Enable/Disable authentication ban.
  • kamailio.lb.security.failed_auth_ban_time: Sets how long a user/IP has be banned.
  • kamailio.lb.topoh.enable: Enable topology masking module (see the Topology Masking Mechanism Section 16.6.2, “Topology Masking Mechanism” subchapter for a detailed description).
  • kamailio.lb.topoh.mask_callid: if set to yes, the SIP Call-ID header will also be encoded.
  • kamailio.lb.topoh.mask_ip: an IP address that will be used to create valid SIP URIs, after encoding the real/original header content.
  • kamailio.lb.topos.enable: Enable topology hiding module (see the Topology Hiding Mechanism Section 16.6.3, “Topology Hiding Mechanism” subchapter for a detailed description).
  • kamailio.lb.topos.redis_db: A number of internal Redis DB used by the topology hiding module.
  • kamailio.lb.start: Enable/disable kamailio-lb service.
  • kamailio.lb.strict_routing_safe: Enable strict routing handle feature.
  • kamailio.lb.syslog_options: Enable/disable logging of SIP OPTIONS messages to kamailio-options-lb.log.
  • kamailio.lb.tcp_children: Number of TCP worker processes.
  • kamailio.lb.tcp_max_connections: Maximum number of open TCP connections.
  • kamailio.lb.tls.enable: Enable TLS socket.
  • kamailio.lb.tls.port: Set TLS listening port.
  • kamailio.lb.tls.sslcertificate: Path for the SSL certificate.
  • kamailio.lb.tls.sslcertkeyfile: Path for the SSL key file.
  • kamailio.lb.udp_children: Number of UDP worker processes.
  • kamailio.proxy.allow_info_method: Allow INFO method.
  • kamailio.proxy.allow_msg_method: Allow MESSAGE method.
  • kamailio.proxy.allow_peer_relay: Allow peer relay. Call coming from a peer that doesn’t match a local subscriber will try to go out again, matching the peering rules.
  • kamailio.proxy.allow_refer_method: Allow REFER method. Enable it with caution.
  • kamailio.proxy.always_anonymize_from_user: Enable anonymization of full From URI (as opposed to just From Display-name part by default), has same effect as enabling the preference anonymize_from_user for all peers.
  • kamailio.proxy.authenticate_bye: Enable BYE authentication.
  • kamailio.proxy.block_useragents.action: one of [drop, reject] - Whether to silently drop the request from matching User-Agent or reject with a 403 message.
  • kamailio.proxy.block_useragents.enable: Enable/disable the User-Agent blocking.
  • kamailio.proxy.block_useragents.mode: one of [whitelist, blacklist] - Sets the mode of ua_patterns list evaluation (whitelist: block requests coming from all but listed User-Agents, blacklist: block requests from all listed User-Agents).
  • kamailio.proxy.block_useragents.ua_patterns: List of User-Agent string patterns that trigger the block action.
  • kamailio.proxy.cf_depth_limit: CF loop detector. How many CF loops are allowed before drop the call.
  • kamailio.proxy.cfgt: Enable/disable unit test config file execution tracing.
  • kamailio.proxy.check_prev_forwarder_as_upn: Enable/disable validation of the forwarder’s number taken from the Diversion or History-Info header.
  • kamailio.proxy.children: Number of UDP worker processes.
  • kamailio.proxy.debug.enable: Enable per-module debug options.
  • kamailio.proxy.debug.modules: List of modules to be traced with respective debug level.
  • kamailio.proxy.debug_level: Default debug level for kamailio-proxy.
  • kamailio.proxy.default_expires: Default expires value in seconds for a new registration (for REGISTER messages that contains neither Expires HFs nor expires contact parameters).
  • kamailio.proxy.default_expires_range: This parameter specifies that the expiry used for the registration should be randomly chosen within default_expires_range seconds of the default_expires parameter.
  • kamailio.proxy.dlg_timeout: Dialog timeout in seconds (by default 43200 sec - 12 hours).
  • kamailio.proxy.early_rejects: Customize here the response codes and sound prompts for various reject scenarios. See the subchapter Configuring Early Reject Sound Sets Section 7.14.2, “Configuring Early Reject Sound Sets” for a detailed description.
  • kamailio.proxy.emergency_prioritization.enable: Enable an emergency mode support.
  • kamailio.proxy.emergency_prioritization.register_fake_200: When enabled, generates a fake 200 response to REGISTER from non-prioritized subscriber in emergency mode.
  • kamailio.proxy.emergency_prioritization.register_fake_expires: Expires value for the fake 200 response to REGISTER.
  • kamailio.proxy.emergency_prioritization.reject_code: Reject code for the non-emergency request.
  • kamailio.proxy.emergency_prioritization.reject_reason: Reject reason for the non-emergency request.
  • kamailio.proxy.emergency_prioritization.retry_after: Retry-After value when rejecting the non-emergency request.

    tip

    In order to learn about details of emergency priorization function of NGCP please refer to Section 7.7, “Emergency Priorization” part of the handbook.

  • kamailio.proxy.enum_suffix: Sets ENUM suffix - don’t forget . (dot).
  • kamailio.proxy.expires_range: Set randomization of expires for REGISTER messages (similar to default_expires_range but applies to received expires value).
  • kamailio.proxy.filter_100rel_from_supported: Enable filtering of 100rel from Supported header, to disable PRACK.
  • kamailio.proxy.filter_failover_response: Specify the list of SIP responses that trigger a failover on the next available peering server.
  • kamailio.proxy.foreign_domain_via_peer: Enable/disable of routing of calls to foreign SIP URI via peering servers.
  • kamailio.proxy.fritzbox.enable: Enable detection for Fritzbox special numbers. Ex. Fritzbox add some prefix to emergency numbers.
  • kamailio.proxy.fritzbox.prefixes: Fritybox prefixes to check. Ex. 0$avp(caller_ac)
  • kamailio.proxy.fritzbox.special_numbers: Specifies Fritzbox special number patterns. They will be checked with the prefixes defined. Ex. 112, so the performed check will be sip:0$avp(caller_ac)112@ if prefix is 0$avp(caller_ac)
  • kamailio.proxy.ignore_auth_realm: Ignore SIP authentication realm.
  • kamailio.proxy.ignore_subscriber_allowed_clis: Set to yes to ignore the subscriber’s allowed_clis preference so that the User-Provided CLI is only checked against customer’s allowed_clis preference.
  • kamailio.proxy.latency_limit_action: Limit of runtime in ms for config actions. If a config action executed by cfg interpreter takes longer than this value, a message is printed in the logs.
  • kamailio.proxy.latency_limit_db: Limit of runtime in ms for DB queries. If a DB operation takes longer than this value, a warning is printed in the logs.
  • kamailio.proxy.latency_log_level: Log level to print the messages related to latency. Default is 1 (INFO).
  • kamailio.proxy.latency_runtime_action: Limit of runtime in ms for SIP message processing cycle. If the SIP message processing takes longer than this value, a warning is printed in the logs.
  • kamailio.proxy.keep_original_to: Not used now.
  • kamailio.proxy.lnp.add_reply_headers.enable: Enable/disable dedicated headers to be added after LNP lookup.
  • kamailio.proxy.lnp.add_reply_headers.number: Name of the header that will contain the LNP number.
  • kamailio.proxy.lnp.add_reply_headers.status: Name of the header that will contain the LNP return code (200 if OK, 500/480/… if an error/timeout is occurred).
  • kamailio.proxy.lnp.api.add_caller_cc_to_lnp_dst: Enable/disable adding of caller country code to LNP routing number of the result (no by default, LNP result in E.164 format is assumed).
  • kamailio.proxy.lnp.api.invalid_lnp_routing_codes [only for api type]: number matching pattern for routing numbers that represent invalid call destinations; an announcement is played in that case and the call is dropped.
  • kamailio.proxy.lnp.api.keepalive_interval: Not used now.
  • kamailio.proxy.lnp.api.lnp_request_whitelist [only for api type]: list of matching patterns of called numbers for which LNP lookup must be done.
  • kamailio.proxy.lnp.api.lnp_request_blacklist [only for api type]: list of matching patterns of called numbers for which LNP lookup must not be done.
  • kamailio.proxy.lnp.api.port: Not used now.
  • kamailio.proxy.lnp.api.reply_error_on_lnp_failure: Specifies whether platform should drop the call in case of LNP API server failure or continue routing the call to the original callee without LNP.
  • kamailio.proxy.lnp.api.request_timeout [only for api type]: timeout in milliseconds while Proxy waits for the response of an LNP query from Sipwise LNP daemon.
  • kamailio.proxy.lnp.api.server: Not used now.
  • kamailio.proxy.lnp.api.tcap_field_fci: path of the FCI INFO in the received tcap message
  • kamailio.proxy.lnp.api.tcap_field_lnp: path of the LNP NUMBER in the received tcap/inap message
  • kamailio.proxy.lnp.api.tcap_field_opcode: path of the FCI OPCODE in the received tcap message
  • kamailio.proxy.lnp.enable: Enable/disable LNP (local number portability) lookup during call setup.
  • kamailio.proxy.lnp.skip_callee_lnp_lookup_from_any_peer: if set to yes, the destination LNP lookup is skipped (has same effect as enabling preference skip_callee_lnp_lookup_from_any_peer for all peers).
  • kamailio.proxy.lnp.type: method of LNP lookup; valid values are: local (local LNP database) and api (LNP lookup through external gateways). PLEASE NOTE: the api type of LNP lookup is only available for Sipwise C5 PRO / CARRIER installations.
  • kamailio.proxy.lookup_peer_destination_domain_for_pbx: one of [yes, no, peer_host_name] - Sets the content of destination_domain CDR field for calls between CloudPBX subscribers. In case of no this field contains name of CloudPBX domain; yes: peer destination domain; peer_host_name: human-readable name of the peering server.
  • kamailio.proxy.loop_detection.enable: Enable the SIP loop detection based on the combination of SIP-URI, To and From header URIs.
  • kamailio.proxy.loop_detection.expire: Sampling interval in seconds for the incoming INVITE requests (by default 1 sec).
  • kamailio.proxy.loop_detection.max: Maximum allowed number of SIP requests with the same SIP-URI, To and From header URIs within sampling interval. Requests in excess of this limit will be rejected with 482 Loop Detected response.
  • kamailio.proxy.max_expires: Sets the maximum expires in seconds for registration.
  • kamailio.proxy.max_gw_lcr: Defines the maximum number of gateways in lcr_gw table
  • kamailio.proxy.max_registrations_per_subscriber: Sets the maximum registration per subscribers.
  • kamailio.proxy.mem_log: Specifies on which log level the memory statistics will be logged.
  • kamailio.proxy.mem_summary: Parameter to control printing of memory debugging information on exit or SIGUSR1 to log.
  • kamailio.proxy.min_expires: Sets the minimum expires in seconds for registration.
  • kamailio.proxy.nathelper.sipping_from: Set the From header in OPTIONS NAT ping.
  • kamailio.proxy.nathelper_dbro: Default is "no". This will be "yes" on CARRIER in order to activate the use of a read-only connection using LOCAL_URL
  • kamailio.proxy.natping_interval: Sets the NAT ping interval in seconds.
  • kamailio.proxy.natping_processes: Set the number of NAT ping worker processes.
  • kamailio.proxy.nonce_expire: Nonce expire time in seconds.
  • kamailio.proxy.pbx.hunt_display_fallback_format: Default is [H %s]. Sets the format of the hunt group indicator that is sent as initial part of the From Display Name when subscriber is called as a member of PBX hunt group if the preferred format defined by the hunt_display_format and hunt_display_indicator can not be used (as in the case of not provisioned subscriber settings). The %s part is replaced with the value of the hunt_display_fallback_indicator variable.
  • kamailio.proxy.pbx.hunt_display_fallback_indicator: The internal kamailio variable that sets the number or extension of the hunt group. Default is $var(cloud_pbx_hg_ext) which is populated during call routing with the extension of the hunt group.
  • kamailio.proxy.pbx.hunt_display_format: Default is [H %s]. Sets the format of hunt group indicator that is sent as initial part of the From Display Name when subscriber is called as a member of PBX hunt group. This is the preferred (default) indicator format with Display Name, where the %s part is replaced with the value of the hunt_display_indicator variable.
  • kamailio.proxy.pbx.hunt_display_indicator: The internal kamailio variable that contains the preferred identifier of the hunt group. Default is $var(cloud_pbx_hg_displayname) which is populated during call routing with the provisioned Display Name of the hunt group.
  • kamailio.proxy.pbx.hunt_display_maxlength: Default is 8. Sets the maximum length of the variable used as the part of hunt group indicator in Display Name. The characters beyond this limit are truncated in order for hunt group indicator and calling party information to fit on display of most phones.
  • kamailio.proxy.pbx.ignore_cf_when_hunting: Default is no. Whether to disregard all individual call forwards (CFU, CFB, CFT and CFNA) of PBX extensions when they are called via hunt groups. Note that call forwards configured to local services such as Voicebox or Conference are always skipped from group hunting.
  • kamailio.proxy.pbx.skip_busy_hg_members.enable: Default is no. Whether to skip the subscribers that have busy status when routing the calls to huntgroups.
  • kamailio.proxy.pbx.skip_busy_hg_members.redis_key_name: one of [totaluser, activeuser] - Sets the internal redis key name that contains the number of active calls for the user.
  • kamailio.proxy.peer_probe.enable: Enable the peer probing, must be also checked per individual peer in the panel/API.
  • kamailio.proxy.peer_probe.interval: Peer probe interval in seconds.
  • kamailio.proxy.peer_probe.timeout: Peer probe response wait timeout in seconds.
  • kamailio.proxy.peer_probe.reply_codes: Defines the response codes that are considered successful response to the configured probe request, e.g. class=2;class=3;code=403;code=404;code=405, with class defining a code range.
  • kamailio.proxy.peer_probe.unavailable_treshold: Defines after how many failed probes a peer is considered unavailable.
  • kamailio.proxy.peer_probe.available_treshold: Defines after how many successful probes a peer is considered available.
  • kamailio.proxy.peer_probe.from_uri_user: From-userpart for the probe requests.
  • kamailio.proxy.peer_probe.from_uri_domain From-hostpart for the probe requests.
  • kamailio.proxy.peer_probe.method: [OPTIONS|INFO] - Request method for probe request.

    tip

    You can find more information about peer probing configuration in Section 7.11.2, “Configuration of Peer Probing” of the handbook.

  • kamailio.proxy.perform_peer_failover_on_tm_timeout: Specifies the failover behavior when maximum ring timeout (fr_inv_timer) has been reached. In case it is set to yes: failover to the next peer if any; in case of no stop trying other peers.
  • kamailio.proxy.perform_peer_lcr: Enable/Disable Least Cost Routing based on peering fees.
  • kamailio.proxy.pkg_mem: PKG memory used by Kamailio Proxy.
  • kamailio.proxy.shm_mem: Shared memory used by Kamailio Proxy.
  • kamailio.proxy.port: SIP listening port.
  • kamailio.proxy.presence.enable: Enable/disable presence feature
  • kamailio.proxy.presence.max_expires: Sets the maximum expires value for PUBLISH/SUBSCRIBE message. Defines expiration of the presentity record.
  • kamailio.proxy.presence.reginfo_domain: Set FQDN of Sipwise C5 domain used in callback for mobile push.
  • kamailio.proxy.push.apns_alert: Set the content of alert field towards APNS.
  • kamailio.proxy.push.apns_sound: Set the content of sound field towards APNS.
  • kamailio.proxy.report_mos: Enable MOS reporting in the log file.
  • kamailio.proxy.set_ruri_to_peer_auth_realm: Set R-URI using peer auth realm.
  • kamailio.proxy.start: Enable/disable kamailio-proxy service.
  • kamailio.proxy.store_recentcalls: Store recent calls to redis (used by Malicious Call Identification application).
  • kamailio.proxy.syslog_options: Enable/disable logging of SIP OPTIONS messages to kamailio-options-proxy.log.
  • kamailio.proxy.tcp_children: Number of TCP worker processes.
  • kamailio.proxy.tm.fr_inv_timer: Set INVITE transaction timeout per branch if no final reply for an INVITE arrives after a provisional message was received (branch ringing timeout).
  • kamailio.proxy.tm.fr_timer: Set INVITE transaction timeout if the destination is not responding with provisional response message.
  • kamailio.proxy.tm.max_inv_lifetime: Set INVITE transaction timeout per the whole transaction if no final reply for an INVITE arrives after a provisional message was received (whole transaction ringing timeout). It has to be equals or greater than kamailio.proxy.tm.fr_inv_timer.
  • kamailio.proxy.treat_600_as_busy: Enable the 6xx response handling according to RFC3261. When enabled, the 6xx response should stop the serial forking. Also, CFB will be triggered or busy prompt played as in case of 486 Busy response.
  • kamailio.proxy.use_enum: Enable/Disable ENUM feature.
  • kamailio.proxy.usrloc_dbmode: Set the mode of database usage for persistent contact storage.
  • kamailio.proxy.voicebox_first_caller_cli: When enabled the previous forwarder’s CLI will be used as caller CLI in case of chained Call Forwards.

1.14. ngcp-mediator

The following is the ngcp-mediator section:

mediator:
  interval: 10
  • mediator.interval: Running interval of ngcp-mediator.

1.15. modules

The following is the modules section:

modules:
  - enable: no
    name: dummy
    options: numdummies=2
  • modules: list of configs needed for load kernel modules on boot.
  • enable: Enable/disable loading of the specific module (yes/no)
  • name: kernel module name
  • options: kernel module options if needed

1.16. monitoring

The following is the check tools section:

monitoring:
  interval: 10
  retrospect_interval: 30
  threshold:
    cpu_idle_min: '0.1'
    disk_used_max: '0.9'
    kamailio_lb_shmem_min: '1048576'
    kamailio_proxy_shmem_min: '1048576'
    load_long_max: '2'
    load_medium_max: '2'
    load_short_max: '3'
    mem_used_max: 0.98
    mta_queue_len_max: '15'
    sip_responsiveness_max: '15'
    sslcert_timetoexpiry: '30'
    sslcert_whitelist: []
    swap_free_min: 0.02
  • monitoring.interval: The number of seconds between each data gathering iteration.
  • monitoring.restrospect_interval: The number of seconds to look into the past, when checking for the last value for a data point.
  • monitoring.threshold.cpu_idle_min: Sets the minimum value for CPU usage (0.1 means 10%).
  • monitoring.threshold.disk_used_max: Sets the maximun value for DISK usage (0.9 means 90%).
  • monitoring.threshold.kamailio_lb_shmem_min: Sets the minimum value for Kamailio lb share memory usage.
  • monitoring.threshold.kamailio_proxy_shmem_min: Sets the minimum value for Kamailio proxy share memory usage.
  • monitoring.threshold.load_long_max/load_long_max/load_short_max: Max values for load (long, short, medium term).
  • monitoring.threshold.mem_used_max: Sets the maximun value for memory usage (0.7 means 70%).
  • monitoring.threshold.mta_queue_len_max: Sets the maximum value for the MTA queue length.
  • monitoring.threshold.sip_responsiveness_max: Sets the maximum SIP responsiveness time timeout for the SIP options.
  • monitoring.threshold.sslcert_timetoexpiry: Sets the number of days before a SSL certificate expiry starts to warn.
  • monitoring.threshold.sslcert_whitelist: Sets a list of SSL certificate fingerprints to whitelist from the expiry check.
  • monitoring.threshold.swap_free_min: Sets the minimum value for free swap (0.5 means 50%).

1.17. nginx

The following is the nginx section:

nginx:
  status_port: 8081
  xcap_port: 1080
  • nginx.status_port: Status port used by nginx server
  • nginx.xcap_port: XCAP port used by nginx server

1.18. ntp

The following is the ntp server section:

ntp:
  servers:
    - 0.debian.pool.ntp.org
    - 1.debian.pool.ntp.org
    - 2.debian.pool.ntp.org
    - 3.debian.pool.ntp.org
  • ntp.servers: Define your NTP server list.

1.19. ossbss

The following is the ossbss section:

ossbss:
  apache:
    port: 2443
    proxyluport: 1080
    restapi:
      sslcertfile: '/etc/ngcp-panel/api_ssl/api_ca.crt'
      sslcertkeyfile: '/etc/ngcp-panel/api_ssl/api_ca.key'
    serveradmin: support@sipwise.com
    servername: "\"myserver\""
    ssl_enable: yes
    sslcertfile: '/etc/ngcp-config/ssl/myserver.crt'
    sslcertkeyfile: '/etc/ngcp-config/ssl/myserver.key'
  frontend: no
  htpasswd:
    -
      pass: '{SHA}w4zj3mxbmynIQ1jsUEjSkN2z2pk='
      user: ngcpsoap
  logging:
    apache:
      acc:
        facility: daemon
        identity: oss
        level: info
      err:
        facility: local7
        level: info
    ossbss:
      facility: local0
      identity: provisioning
      level: DEBUG
    web:
      facility: local0
      level: DEBUG
  provisioning:
    allow_ip_as_domain: 1
    allow_numeric_usernames: 0
    auto_allow_cli: 1
    carrier:
      account_distribution_function: roundrobin
      prov_distribution_function: roundrobin
    credit_warnings:
      -
        domain: example.com
        recipients:
          - nobody@example.com
        threshold: 1000
    faxpw_min_char: 0
    log_passwords: 0
    no_logline_truncate: 0
    pw_min_char: 6
    routing:
      ac_regex: '[1-9]\d{0,4}'
      cc_regex: '[1-9]\d{0,3}'
      sn_regex: '[1-9]\d+'
    tmpdir: '/tmp'
  • ossbss.frontend: Enable disable SOAP interface. Set value to fcgi to enable old SOAP interface.
  • ossbss.htpasswd: Sets the username and SHA hashed password for SOAP access. You can generate the password using the following command: htpasswd -nbs myuser mypassword.
  • ossbss.provisioning.allow_ip_as_domain: Allow or not allow IP address as SIP domain (0 is not allowed).
  • ossbss.provisioning.allow_numeric_usernames: Allow or not allow numeric SIP username (0 is not allowed).
  • ossbss.provisioning.faxpw_min_char: Minimum number of characters for fax passwords.
  • ossbss.provisioning.pw_min_char: Minimum number of characters for sip passwords.
  • ossbss.provisioning.log_password: Enable logging of passwords.
  • ossbss.provisioning.routing: Regexp for allowed AC (Area Code), CC (Country Code) and SN (Subscriber Number).

1.20. pbx (only with additional cloud PBX module installed)

The following is the PBX section:

pbx:
  bindport: 5085
  enable: no
  highport: 55000
  lowport: 50001
  media_processor_threads: 10
  session_processor_threads: 10
  xmlrpcport: 8095
  • pbx.enable: Enable Cloud PBX module.

1.21. prosody

The following is the prosody section:

prosody:
  ctrl_port: 5582
  log_level: info
  • prosody.ctrl_port: XMPP server control port.
  • prosody.log_level: Prosody loglevel.

1.22. pushd

The following is the pushd section:

pushd:
  apns:
    enable: yes
    endpoint: api.push.apple.com
    endpoint_port: 0
    extra_instances:
    - certificate: '/etc/ngcp-config/ssl/PushCallkitCert.pem'
      enable: yes
      key: '/etc/ngcp-config/ssl/PushCallkitKey.pem'
      type: callkit
    http2_jwt:
      ec_key: '/etc/ngcp-config/ssl/AuthKey_ABCDE12345.pem'
      ec_key_id: 'ABCDE12345'
      enable: yes
      issuer: 'VWXYZ67890'
      tls_certificate: ''
      tls_key: ''
      topic: 'com.example.appID'
    legacy:
      certificate: '/etc/ngcp-config/ssl/PushChatCert.pem'
      feedback_endpoint: feedback.push.apple.com
      feedback_interval: '3600'
      key: '/etc/ngcp-config/ssl/PushChatKey.pem'
    socket_timeout: 0
  domains:
  - apns:
      endpoint: api.push.apple.com
      extra_instances:
      - certificate: '/etc/ngcp-config/ssl/PushCallkitCert-example.com.pem'
        enable: no
        key: '/etc/ngcp-config/ssl/PushCallkitKey-example.com.pem''
        type: callkit
      http2_jwt:
        ec_key: '/etc/ngcp-config/ssl/AuthKey_54321EDCBA.pem'
        ec_key_id: '54321EDCBA'
        issuer: '09876ZYXWV'
        tls_certificate: ''
        tls_key: ''
        topic: 'com.example.otherAppID'
      legacy:
        certificate: '/etc/ngcp-config/ssl/PushChatCert-example.com.pem'
        feedback_endpoint: feedback.push.apple.com
        key: '/etc/ngcp-config/ssl/PushChatKey-example.com.pem'
    domain: example.com
    enable: yes
    gcm:
      key: 'google_api_key_for_example.com_here'
  enable: yes
  gcm:
    enable: yes
    key: 'google_api_key_here'
    priority:
      call: high
      groupchat: normal
      invite: normal
      message: normal
  muc:
    exclude: []
    force_persistent: 'true'
    owner_on_join: 'true'
  one_device_per_subscriber: no
  port: 45060
  processes: 4
  ssl: yes
  sslcertfile: /etc/ngcp-config/ssl/CAsigned.crt
  sslcertkeyfile: /etc/ngcp-config/ssl/CAsigned.key
  unique_device_ids: no
  • pushd.enable: Enable/Disable the Push Notification feature.
  • pushd.apns.enable: Enable/Disable Apple push notification.
  • pushd.apns.endpoint: API endpoint hostname or address. Should be one of api.push.apple.com or api.development.push.apple.com for the newer HTTP2/JWT based protocol, or one of gateway.push.apple.com or gateway.sandbox.push.apple.com for the legacy protocol.
  • pushd.apns.endpoint_port: API endpoint port. Normally 443 or alternatively 2197 for the newer HTTP2/JWT based protocol, or 2195 for the legacy protocol.
  • pushd.apns.legacy: Contains all options specific to the legacy APNS protocol. Ignored when HTTP2/JWT is in use.
  • pushd.apns.legacy.certificate: Specify the Apple certificate for push notification https requests from Sipwise C5 to an endpoint.
  • pushd.apns.legacy.key: Specify the Apple key for push notification https requests from Sipwise C5 to an endpoint.
  • pushd.apns.legacy.feedback_endpoint: Hostname or address of the APNS feedback service. Normally one of feedback.push.apple.com or feedback.sandbox.push.apple.com.
  • pushd.apns.legacy.feedback_interval: How often to poll the feedback service, in seconds.
  • pushd.apns.extra_instances: If the iOS app supports Callkit push notifications, they can be enabled here and the required separate certificate and key can be specified. Ignored if HTTP2/JWT is enabled.
  • pushd.http2_jwt: Contains all options specific to the newer HTTP2/JWT based APNS API protocol.
  • pushd.http2_jwt.ec_key: Name of file that contains the elliptic-curve (EC) cryptographic key provided by Apple, in PEM format.
  • pushd.http2_jwt.ec_key_id: 10-digit identification string of the EC key in use.
  • pushd.http2_jwt.enable: Master switch for the HTTP2/JWT based protocol. Disables the legacy protocol when enabled.
  • pushd.http2_jwt.issuer: Issuer string for the JWT token. Normally the 10-digit team ID string for which the EC key was issued.
  • pushd.http2_jwt.tls_certificate: Optional client certificate to use for the TLS connection.
  • pushd.http2_jwt.tls_key: Optional private key for the client certificate to use for the TLS connection.
  • pushd.http2_jwt.topic: Topic string for the JWT token. Normally the bundle ID for the iOS app.
  • pushd.gcm.enable: Enable/Disable Google push notification.
  • pushd.gcm.key: Specify the Google key for push notification https requests from Sipwise C5 to an endpoint.
  • pushd.domains: Supports a separate set of push configurations (API keys, certificates, etc) for all subscribers of the given domain.
  • pushd.muc.exclude: list of MUC room jids excluded from sending push notifications.
  • pushd.muc.force_persistent: Enable/Disable MUC rooms to be persistent. Needed for Sipwise C5 app to work with other clients.
  • pushd.muc.owner_on_join: Enable/Disable all MUC participants to be owners of the MUC room. Needed for Sipwise C5 app to work with other clients.
  • pushd.ssl: The security protocol Sipwise C5 uses for https requests from the app in the push notification process.
  • pushd.sslcertfile: The trusted certificate file purchased from a CA
  • pushd.sslcertkeyfile: The key file that purchased from a CA
  • pushd.unique_device_ids: Allows a subscriber to register the app and have the push notification enabled on more than one mobile device.

1.23. qos

The QoS section allows configuring the ToS (Type of Service) feature:

qos:
  tos_rtp: 184
  tos_sip: 184
  • qos.tos_rtp: a ToS value for RTP traffic.
  • qos.tos_sip: a ToS value for SIP traffic.
tip

The ToS byte includes both DSCP and ECN bits. So, specify the DSCP value multiplied by four (46x4=184) and, optionally, add the required ECN value to it (1, 2 or 3).

Set the rtpproxy.control_tos parameter higher than zero to enable ToS.

1.24. ngcp-rate-o-mat

The following is the ngcp-rate-o-mat section:

rateomat:
  enable: yes
  loopinterval: 10
  splitpeakparts: 0
  • rateomat.enable: Enable/Disable ngcp-rate-o-mat
  • rateomat.loopinterval: How long we shall sleep before looking for unrated CDRs again.
  • rateomat.splitpeakparts: Whether we should split CDRs on peaktime borders.

1.25. redis

The following is the redis section:

redis:
  database_amount: 16
  port: 6379
  syslog_ident: redis
  • redis.database_amout: Set the number of databases in redis. The default database is DB 0.
  • redis.port: Accept connections on the specified port, default is 6379
  • redis.syslog_ident: Specify the syslog identity.

1.26. reminder

The following is the reminder section:

reminder:
  retries: 2
  retry_time: 60
  sip_fromdomain: voicebox.sipwise.local
  sip_fromuser: reminder
  wait_time: 30
  weekdays: '2, 3, 4, 5, 6, 7'
  • reminder.retries: How many times the reminder feature have to try to call you.
  • reminder.retry_time: Seconds between retries.
  • reminder.wait_time: Seconds to wait for an answer.

1.27. rsyslog

The following is the rsyslog section:

rsyslog:
  elasticsearch:
    action:
      resumeretrycount: '-1'
    bulkmode: 'on'
    dynSearchIndex: 'on'
    enable: yes
    queue:
      dequeuebatchsize: 300
      size: 5000
      type: linkedlist
  external_address:
  external_log: 0
  external_loglevel: warning
  external_port: 514
  external_proto: udp
  ngcp_logs_preserve_days: 93
  • rsyslog.elasticsearch.enable: Enable/Disable Elasticsearch web interface
  • rsyslog.external_address: Set the remote rsyslog server.
  • rsyslog.ngcp_logs_preserve_days: Specify how many days to preserve old rotated log files in /var/log/ngcp/old path.

1.28. rtpproxy

The following is the rtp proxy section:

rtpproxy:
  allow_userspace_only: yes
  cdr_logging_facility: ''
  control_tos: 0
  delete_delay: 30
  dtls_passive: no
  enable: yes
  final_timeout: 0
  firewall_iptables_chain: ''
  graphite:
    interval: 600
    prefix: rtpengine.
    server: ''
  log_level: '6'
  maxport: '40000'
  minport: '30000'
  num_threads: 0
  prefer_bind_on_internal: no
  recording:
    enable: no
    mp3_bitrate: '48000'
    log_level: '6'
    nfs_host: 192.168.1.1
    nfs_remote_path: /var/recordings
    output_dir: /var/lib/rtpengine-recording
    output_format: wav
    output_mixed: yes
    output_single: yes
    resample: no
    resample_to: '16000'
    spool_dir: /var/spool/rtpengine
  rtcp_logging_facility: ''
  rtp_timeout: '60'
  rtp_timeout_onhold: '3600'
  • rtpproxy.allow_userspace_only: Enable/Disable the user space failover for rtpengine (yes means enable). By default rtpengine works in kernel space.
  • rtpproxy.cdr_logging_facility: If set, rtpengine will produce a CDR-like syslog line after each call finishes. Must be set to a valid syslog facility string (such as daemon or local0).
  • rtpproxy.control_tos: If higher than 0, the control messages port uses the configured ToS (Type of Service) bits. See the QoS section below for details.
  • rtpproxy.delete_delay: After a call finishes, rtpengine will wait this many seconds before cleaning up resources. Useful for possible late branched calls.
  • rtpproxy.dtls_passive: If enabled, rtpengine will always advertise itself as a passive role in DTLS setup. Useful in WebRTC scenarios if used behind NAT.
  • rtpproxy.final_timeout: If set, any calls lasting longer than this many seconds will be terminated, no matter the circumstances.
  • rtpproxy.firewall_iptables_chain: If set, rtpengine will create an iptables rule for each individual media port opened in this chain.
  • rtpproxy.graphite.interval: Interval in seconds between sending updates to the Graphite server.
  • rtpproxy.graphite.prefix: Graphite keys will be prefixed with this string. Must include a separator character (such as a trailing dot) if one should be used.
  • rtpproxy.graphite.server: Graphite server to send periodic statistics updates to. Disabled if set to an empty string. Must be in format IP:port or hostname:port.
  • rtpproxy.log_level: Verbosity of log messages. The default 6 logs everything except debug messages. Increase to 7 to log everything, or decrease to make logging more quiet.
  • rtpproxy.maxport: Maximum port used by rtpengine for RTP traffic.
  • rtpproxy.minport: Minimum port used by rtpengine for RTP traffic.
  • rtpproxy.num_threads: Number of worker threads to use. If set to 0, the number of CPU cores will be used.
  • rtpproxy.recording.enable: Enable support for call recording.
  • rtpproxy.recording.mp3_bitrate: If saving audio as MP3, bitrate of the output file.
  • rtpproxy.recording.log_level: Same as log_level above, but for the recording daemon.
  • rtpproxy.recording.nfs_host: Mount an NFS share from this host for storage.
  • rtpproxy.recording.nfs_remote_path: Remote path of the NFS share to mount.
  • rtpproxy.recording.output_dir: Local mount point for the NFS share.
  • rtpproxy.recording.output_format: Either wav for PCM output or mp3.
  • rtpproxy.recording.output_mixed: Create output audio files with all contributing audio streams mixed together.
  • rtpproxy.recording.output_single: Create separate audio files for each contributing audio stream.
  • rtpproxy.recording.resample: Resample all audio to a fixed bitrate (yes or no).
  • rtpproxy.recording.resample_to: If resampling is enabled, resample to this sample rate.
  • rtpproxy.recording.spool_dir: Local directory for temporary metadata file storage.
  • rtpproxy.rtcp_logging_facility: If set, rtpengine will write the contents of all received RTCP packets to syslog. Must be set to a valid syslog facility string (such as daemon or local0).
  • rtpproxy.rtp_timeout: Consider a call dead if no RTP is received for this long (60 seconds).
  • rtpproxy.rtp_timeout_onhold: Maximum limit in seconds for an onhold (1h).

1.29. security

The following is the security section. Usage of the firewall subsection is described in Section 16.2, “Firewalling”:

security:
  firewall:
    enable: no
    logging:
      days_kept: '7'
      enable: yes
      file: /var/log/firewall.log
      tag: NGCPFW
    nat_rules4: ~
    nat_rules6: ~
    policies:
      forward: DROP
      input: DROP
      output: ACCEPT
    rules4: ~
    rules6: ~
  • security.firewall.enable: Enable/disable iptables configuration and rule generation for IPv4 and IPv6 (default: no)
  • security.firewall.logging.days_kept: Number of days logfiles are kept on the system before being deleted (log files are rotated daily, default: 7)
  • security.firewall.logging.enable: Enables/disables logging of all packets dropped by Sipwise C5 firewall (default: yes)
  • security.firewall.logging.file: File firewall log messages go to (default: /var/log/firewall.log)
  • security.firewall.logging.tag: String prepended to all log messages (internally DROP is added to any tag indicating the action triggering the message, default: NGCPFW)
  • security.firewall.nat_rules4: Optional list of IPv4 firewall rules added to table nat using iptables-persistent syntax (default: undef)
  • security.firewall.nat_rules6: Optional list of IPv6 firewall rules added to table nat using iptables-persistent syntax (default: undef)
  • security.firewall.policies.forward: Default policy for iptables FORWARD chain (default: DROP)
  • security.firewall.policies.input: Default policy for iptables INPUT chain (default: DROP)
  • security.firewall.policies.output: Default policy for iptables OUTPUT chain (default: ACCEPT)
  • security.firewall.rules4: Optional list of IPv4 firewall rules added to table filter using iptables-persistent syntax (default: undef)
  • security.firewall.rules6: Optional list of IPv6 firewall rules added to table filter using iptables-persistent syntax (default: undef)

1.30. sems

The following is the SEMS section:

sems:
  bindport: 5080
  conference:
    enable: yes
    max_participants: 10
  debug: no
  highport: 50000
  lowport: 40001
  media_processor_threads: 10
  prepaid:
    enable: yes
  sbc:
    calltimer_enable: yes
    calltimer_max: 3600
    outbound_timeout: 6000
    profile:
    - custom_header: []
      name: ngcp
    - custom_header: []
      name: ngcp_cf
    sdp_filter:
      codecs: PCMA,PCMU,telephone-event
      enable: yes
      mode: whitelist
    session_timer:
      enable: yes
      max_timer: 7200
      min_timer: 90
      session_expires: 300
  session_processor_threads: 10
  vsc:
    block_override_code: 80
    cfb_code: 90
    cfna_code: 93
    cft_code: 92
    cfu_code: 72
    clir_code: 31
    directed_pickup_code: 99
    enable: yes
    park_code: 97
    reminder_code: 55
    speedial_code: 50
    unpark_code: 98
    voicemail_number: 2000
  xmlrpcport: 8090
  • sems.conference.enable: Enable/Disable conference feature.
  • sems.conference.max_participants: Sets the number of concurrent participant.
  • sems.highport: Maximum ports used by sems for RTP traffic.
  • sems.debug: Enable/Disable debug mode.
  • sems.lowport: Minimum ports used by sems for RTP traffic.
  • sems.prepaid.enable: Enable/Disable prepaid feature.
  • sems.sbc.calltimer_max: Set the default maximum call duration (used if otherwise is not defined by preference).
  • sems.sbc.outbound_timeout: Set INVITE transaction timeout if the destination is not responding with provisional response message.
  • sems.sbc.profile.name: Profile’s name where to add the custom headers in header_list config parameter. Supported values: ngcp and ngcp_cf.
  • sems.sbc.profile.custom_header: List of the custom headers that has to be whitelisted (default) by sems sbc in the corresponding profile.
  • sems.sbc.session_timer.enable: If set to "no" all session timer headers are stripped off without considering the session timer related configuration done via the web interface. If set to "yes" the system uses the subscriber/peer configurations values set on the web interface. If set to "transparent" no validation is performed on Session Timer headers, they are ignored by SEMS and therefore negotiated end-to-end.
  • sems.vsc.*: Define here the VSC codes.

1.31. sms

This section provides configuration of Short Message Service on the NGCP. Description of the SMS module is provided earlier in this handbook here Section 7.27, “SMS (Short Message Service) on Sipwise C5”.

In the below example you can see the default values of the configuration parameters.

sms:
  core:
    admin_port: '13000'
    smsbox_port: '13001'
  enable: no
  loglevel: '0'
  sendsms:
    max_parts_per_message: '5'
    port: '13002'
  smsc:
    dest_addr_npi: '1'
    dest_addr_ton: '1'
    enquire_link_interval: '58'
    host: 1.2.3.4
    id: default_smsc
    max_pending_submits: '10'
    no_dlr: yes
    password: password
    port: '2775'
    source_addr_npi: '1'
    source_addr_ton: '1'
    system_type: ''
    throughput: '5'
    transceiver_mode: '1'
    username: username
  • sms.core.admin_port: Port number of admin interface of SMS core module (running on LB nodes).
  • sms.core.smsbox_port: Port number used for internal communication between bearerbox module on LB nodes and smsbox module on PRX nodes. This is a listening port of the bearerbox module (running on LB nodes).
  • sms.enable: Set to yes if you want to enable SMS module.
  • sms.loglevel: Log level of SMS module; the default 0 will result in writing only the most important information into the log file.
  • sms.sendsms.max_parts_per_message: If the SM needs to be sent as concatenated SM, this parameter sets the max. number of parts for a single (logical) message.
  • sms.sendsms.port: Port number of smsbox module (running on PRX nodes).
  • sms.smsc. : Parameters of the connection to an SMSC

    • dest_addr_npi: Telephony numbering plan indicator for the SM destination, as defined by standards (e.g. 1 stands for E.164)
    • dest_addr_ton: Type of number for the SM destination, as defined by standards (e.g. 1 stands for "international" format)
    • enquire_link_interval: Interval of SMSC link status check in seconds
    • host: IP address of the SMSC
    • id: An arbitrary string for identification of the SMSC; may be used in log files and for routing SMs.
    • max_pending_submits: The maximum number of outstanding (i.e. not acknowledged) SMPP operations between Sipwise C5 and SMSC. As a guideline it is recommended that no more than 10 (default) SMPP messages are outstanding at any time.
    • no_dlr: Do not request delivery report; when sending an SM and this parameter is set to yes, Sipwise C5 will not request DR for the message(s). May be required for some particular SMSCs, in order to avoid "Incorrect status report request parameter usage" error messages from the SMSC.
    • password: This is the password used for authentication on the SMSC.
    • port: Port number of the SMSC where Sipwise C5 will connect to.
    • source_addr_npi: Telephony numbering plan indicator for the SM source, as defined by standards (e.g. 1 stands for E.164)
    • source_addr_ton: Type of number for the SM source, as defined by standards (e.g. 1 stands for "international" format)
    • system_type: Defines the SMSC client category in which Sipwise C5 belongs to; defaults to "VMA" (Voice Mail Alert) when no value is given. (No need to set any value)
    • throughput: The max. number of messages per second that Sipwise C5 will send towards the SMSC. (Value type: float)
    • transceiver_mode: If set to 1 (yes / true), Sipwise C5 will attempt to use a TRANSCEIVER mode connection to the SMSC. It uses the standard transmit port of the SMSC for receiving SMs too.
    • username: This is the username used for authentication on the SMSC.

1.32. snmpd

The following is the snmpd section:

snmpd:
  agentx_timeout: 15
  communities:
    - name: public
      sources:
      - localhost
  trap_communities:
    - name: public
      targets:
      - localhost
  traps:
    if:
      link: '1'
    ucd:
      disk: '1'
      exec: '1'
      load: '1'
      process: '1'
      swap: '1'
  • snmpd.agentx_timeout: Sets the Agent X connection timeout, when communicating with a sub-agent (such as ngcp-snmp-agent).
  • snmpd.communities.\*: Sets the SNMP community and sources. Entries (i.e. the sources) for a community (like public in the example) are in a list of hashes format, each line starting with "-" and followed by the name and a list of source addresses.
  • snmpd.trap_communities.\*: Sets the SNMP TRAP community and destination for traps sent by NGCP. Format is the same as for snmpd.communities, but instead of sources it uses targets.
  • snmpd.traps.if.\*: Enables/disables the emision of SNMP IF MIB traps.
  • snmpd.traps.ucd.\*: Enables/disables the emision of SNMP UCD MIB traps.

1.33. snmptrapd

The following is the snmptrapd section:

snmptrapd:
  enable: no
  • snmptrapd.enable: Enable the snmptrap daemon.

1.34. snmpagent

The following is the SNMP Agent section:

snmpagent:
  daemonize: '1'
  debug: '0'
  retrospect_interval: 30
  traps:
    collective_check: '1'
    database: '1'
    ha_switchover: '1'
    peering: '1'
    process: '1'
  traps_origin: mgmt
  update_interval: '30'
  • daemonize: Enables/disables ngcp-snmp-agent daemonization.
  • debug: Enables/disables debug output.
  • retrospect_interval: Sets the interval the agent will use when looking into past fetched data.
  • traps.\*: Enables/disables emission of SNMP SIPWISE MIB traps.
  • traps_origin: Sets the trap emision origin mode. The values can be one of legacy, mgmt or distributed.
  • update_interval: Sets the interval in seconds used to update the fetched data.

1.35. sshd

The following is the sshd section:

sshd:
  listen_addresses:
    - 0.0.0.0
  • sshd: specify interface where SSHD should run on. By default sshd listens on all IPs found in network.yml with type ssh_ext. Unfortunately sshd can be limited to IPs only and not to interfaces. The current option makes it possible to specify allowed IPs (or all IPs with 0.0.0.0).

1.36. sudo

The following is in the sudo section:

sudo:
  logging: no
  max_log_sessions: 0
  • logging: enable/disable the I/O logging feature of sudo. See man page of sudoreplay(8).
  • max_log_sessions: when I/O logging is enabled, specifies how many log sessions per individual user sudo should keep before it starts overwriting old ones. The default 0 means no limit.

1.37. telegraf

The following is in the telegraf section:

telegraf:
  interval: ~
  • telegraf.interval: The number of seconds between each data gathering iteration, when the value is undefined, the code will fallback to use monitoring.interval.

1.38. ngcp-witnessd

The following is the ngcp-witnessd tool section:

witnessd:
  debug: '0'
  interval: ~
  gather:
    asr_ner_statistics: '1'
    ha_node_force: '0'
    ha_node_state: '1'
    mta_queue_len: '1'
    kamailio_concurrent_calls: '1'
    kamailio_dialog_active: '1'
    kamailio_dialog_early: '1'
    kamailio_dialog_incoming: '1'
    kamailio_dialog_local: '1'
    kamailio_dialog_outgoing: '1'
    kamailio_dialog_relay: '1'
    kamailio_shmem: '1'
    kamailio_usrloc_regdevices: '1'
    kamailio_usrloc_regusers: '1'
    peering_groups: '1'
    mpt_status: '0'
    mysql_global_status: '1'
    mysql_slave_status: '1'
    mysql_replicate_check_interval: '3600'
    mysql_replicate_check_tables:
    - accounting
    - billing
    - carrier
    - kamailio
    - ngcp
    - provisioning
    - prosody
    - rtcengine
    - stats
    mysql_replicate_ignore_tables:
    - accounting.acc_backup
    - accounting.acc_trash
    - kamailio.acc_backup
    - kamailio.acc_trash
    - ngcp.pt_checksums_sp1
    - ngcp.pt_checksums_sp2
    - ngcp.pt_checksums
    oss_provisioned_subscribers: '1'
    sip_responsiveness: '1'
    sip_stats_num_packets: '1'
    sip_stats_num_packets_perday: '1'
    sip_stats_partition_size: '1'
  • witnessd.interval: The number of seconds between each data gathering iteration, when the value is undefined, the code will fallback to use monitoring.interval.
  • witnessd.gather.asr_ner_statistics: Enable ASR/NER statistics data.
  • witnessd.gather.ha_node_force: Enable data gathering, even if the High-Availavility node status is not active.
  • witnessd.gather.ha_node_status: Enable High-Availabilty node status data.
  • witnessd.gather.kamailio_*: Enable Kamailio statistics data.
  • witnessd.gather.mpt_status: Enable MPT RAID status data.
  • witnessd.gather.mta_queue_len: Enable MTA (exim4) queue length data.
  • witnessd.gather.mysql_global_status: Enable global MySQL data.
  • witnessd.gather.mysql_slave_status: Enable salave (replication) MySQL data.
  • witnessd.gather.mysql_replicate_check_interval: MySQL replication check interval in seconds.
  • witnessd.gather.mysql_replicate_check_tables: List of tables that need to be checked for replication issues.
  • witnessd.gather.mysql_replicate_ignore_tables: List of tables that need to be ignored during replication check.
  • witnessd.gather.oss_provisioned_subscribers: Enable OSS provisioned subscribers count data.
  • witnessd.gather.sip_*: Enable SIP statistics data.

1.39. www_admin

The following is the WEB Admin interface (www_admin) section:

www_admin:
  ac_dial_prefix: 0
  apache:
    autoprov_port: 1444
  billing_features: 1
  callingcard_features: 0
  callthru_features: 0
  cc_dial_prefix: 00
  conference_features: 1
  contactmail: adjust@example.org
  dashboard:
    enable: 1
  default_admin_settings:
    call_data: 0
    is_active: 1
    is_master: 0
    read_only: 0
    show_passwords: 1
  domain:
    preference_features: 1
    rewrite_features: 1
    vsc_features: 0
  fastcgi_workers: 2
  fax_features: 1
  fees_csv:
    element_order:
      - source
      - destination
      - direction
      - zone
      - zone_detail
      - onpeak_init_rate
      - onpeak_init_interval
      - onpeak_follow_rate
      - onpeak_follow_interval
      - offpeak_init_rate
      - offpeak_init_interval
      - offpeak_follow_rate
      - offpeak_follow_interval
      - use_free_time
  http_admin:
    autoprov_port: 1444
    port: 1443
    serveradmin: support@sipwise.com
    servername: "\"myserver\""
    ssl_enable: yes
    sslcertfile: '/etc/ngcp-config/ssl/myserver.crt'
    sslcertkeyfile: '/etc/ngcp-config/ssl/myserver.key'
  http_csc:
    autoprov_bootstrap_port: 1445
    autoprov_port: 1444
    port: 443
    serveradmin: support@sipwise.com
    servername: "\"myserver\""
    ssl_enable: yes
    sslcertfile: '/etc/ngcp-config/ssl/myserver.crt'
    sslcertkeyfile: '/etc/ngcp-config/ssl/myserver.key'
  logging:
    apache:
      acc:
        facility: daemon
        identity: oss
        level: info
      err:
        facility: local7
        level: info
  peer:
    preference_features: 1
  peering_features: 1
  security:
    password_allow_recovery: 0
    password_max_length: 40
    password_min_length: 6
    password_musthave_digit: 0
    password_musthave_lowercase: 1
    password_musthave_specialchar: 0
    password_musthave_uppercase: 0
    password_sip_autogenerate: 0
    password_sip_expose_subadmin: 1
    password_web_autogenerate: 0
    password_web_expose_subadmin: 1
  speed_dial_vsc_presets:
    vsc:
      - '*0'
      - '*1'
      - '*2'
      - '*3'
      - '*4'
      - '*5'
      - '*6'
      - '*7'
      - '*8'
      - '*9'
  subscriber:
    auto_allow_cli: 0
    extension_features: 0
  voicemail_features: 1
  • www_admin.http_admin.*: Define the Administration interface and certificates.
  • www_admin.http_csc.*: Define the Customers interface and certificates.
  • www_admin.contactmail: Email to show in the GUI’s Error page.