res_pjsip_diversion: implement support for History-Info
[asterisk/asterisk.git] / res / res_pjsip.c
1 /*
2  * Asterisk -- An open source telephony toolkit.
3  *
4  * Copyright (C) 2013, Digium, Inc.
5  *
6  * Mark Michelson <mmichelson@digium.com>
7  *
8  * See http://www.asterisk.org for more information about
9  * the Asterisk project. Please do not directly contact
10  * any of the maintainers of this project for assistance;
11  * the project provides a web site, mailing lists and IRC
12  * channels for your use.
13  *
14  * This program is free software, distributed under the terms of
15  * the GNU General Public License Version 2. See the LICENSE file
16  * at the top of the source tree.
17  */
18
19 #include "asterisk.h"
20
21 #include <pjsip.h>
22 /* Needed for SUBSCRIBE, NOTIFY, and PUBLISH method definitions */
23 #include <pjsip_simple.h>
24 #include <pjsip/sip_transaction.h>
25 #include <pj/timer.h>
26 #include <pjlib.h>
27 #include <pjmedia/errno.h>
28
29 #include "asterisk/res_pjsip.h"
30 #include "res_pjsip/include/res_pjsip_private.h"
31 #include "asterisk/linkedlists.h"
32 #include "asterisk/logger.h"
33 #include "asterisk/lock.h"
34 #include "asterisk/utils.h"
35 #include "asterisk/astobj2.h"
36 #include "asterisk/module.h"
37 #include "asterisk/serializer.h"
38 #include "asterisk/threadpool.h"
39 #include "asterisk/taskprocessor.h"
40 #include "asterisk/uuid.h"
41 #include "asterisk/sorcery.h"
42 #include "asterisk/file.h"
43 #include "asterisk/cli.h"
44 #include "asterisk/res_pjsip_cli.h"
45 #include "asterisk/test.h"
46 #include "asterisk/res_pjsip_presence_xml.h"
47 #include "asterisk/res_pjproject.h"
48
49 /*** MODULEINFO
50         <depend>pjproject</depend>
51         <depend>res_pjproject</depend>
52         <depend>res_sorcery_config</depend>
53         <depend>res_sorcery_memory</depend>
54         <depend>res_sorcery_astdb</depend>
55         <use type="module">res_statsd</use>
56         <support_level>core</support_level>
57  ***/
58
59 /*** DOCUMENTATION
60         <configInfo name="res_pjsip" language="en_US">
61                 <synopsis>SIP Resource using PJProject</synopsis>
62                 <configFile name="pjsip.conf">
63                         <configObject name="endpoint">
64                                 <synopsis>Endpoint</synopsis>
65                                 <description><para>
66                                         The <emphasis>Endpoint</emphasis> is the primary configuration object.
67                                         It contains the core SIP related options only, endpoints are <emphasis>NOT</emphasis>
68                                         dialable entries of their own. Communication with another SIP device is
69                                         accomplished via Addresses of Record (AoRs) which have one or more
70                                         contacts associated with them. Endpoints <emphasis>NOT</emphasis> configured to
71                                         use a <literal>transport</literal> will default to first transport found
72                                         in <filename>pjsip.conf</filename> that matches its type.
73                                         </para>
74                                         <para>Example: An Endpoint has been configured with no transport.
75                                         When it comes time to call an AoR, PJSIP will find the
76                                         first transport that matches the type. A SIP URI of <literal>sip:5000@[11::33]</literal>
77                                         will use the first IPv6 transport and try to send the request.
78                                         </para>
79                                         <para>If the anonymous endpoint identifier is in use an endpoint with the name
80                                         "anonymous@domain" will be searched for as a last resort. If this is not found
81                                         it will fall back to searching for "anonymous". If neither endpoints are found
82                                         the anonymous endpoint identifier will not return an endpoint and anonymous
83                                         calling will not be possible.
84                                         </para>
85                                 </description>
86                                 <configOption name="100rel" default="yes">
87                                         <synopsis>Allow support for RFC3262 provisional ACK tags</synopsis>
88                                         <description>
89                                                 <enumlist>
90                                                         <enum name="no" />
91                                                         <enum name="required" />
92                                                         <enum name="yes" />
93                                                 </enumlist>
94                                         </description>
95                                 </configOption>
96                                 <configOption name="aggregate_mwi" default="yes">
97                                         <synopsis>Condense MWI notifications into a single NOTIFY.</synopsis>
98                                         <description><para>When enabled, <replaceable>aggregate_mwi</replaceable> condenses message
99                                         waiting notifications from multiple mailboxes into a single NOTIFY. If it is disabled,
100                                         individual NOTIFYs are sent for each mailbox.</para></description>
101                                 </configOption>
102                                 <configOption name="allow">
103                                         <synopsis>Media Codec(s) to allow</synopsis>
104                                 </configOption>
105                                 <configOption name="codec_prefs_incoming_offer">
106                                         <synopsis>Codec negotiation prefs for incoming offers.</synopsis>
107                                         <description>
108                                                 <para>
109                                                         This is a string that describes how the codecs
110                                                         specified on an incoming SDP offer (pending) are reconciled with the codecs specified
111                                                         on an endpoint (configured) before being sent to the Asterisk core.
112                                                         The string actually specifies 4 <literal>name:value</literal> pair parameters
113                                                         separated by commas. Whitespace is ignored and they may be specified in any order.
114
115                                                 </para>
116                                                 <para>
117                                                         Parameters:
118                                                 </para>
119                                                 <enumlist>
120                                                         <enum name="prefer: &lt; pending | configured &gt;">
121                                                                 <para>
122                                                                 </para>
123                                                                 <enumlist>
124                                                                         <enum name="pending"><para>The codec list from the caller. (default)</para></enum>
125                                                                         <enum name="configured"><para>The codec list from the endpoint.</para></enum>
126                                                                 </enumlist>
127                                                         </enum>
128                                                         <enum name="operation : &lt; intersect | only_preferred | only_nonpreferred &gt;">
129                                                                 <para>
130                                                                 </para>
131                                                                 <enumlist>
132                                                                         <enum name="intersect"><para>Only common codecs with the preferred codecs first. (default)</para></enum>
133                                                                         <enum name="only_preferred"><para>Use only the preferred codecs.</para></enum>
134                                                                         <enum name="only_nonpreferred"><para>Use only the non-preferred codecs.</para></enum>
135                                                                 </enumlist>
136                                                         </enum>
137                                                         <enum name="keep : &lt; all | first &gt;">
138                                                                 <para>
139                                                                 </para>
140                                                                 <enumlist>
141                                                                         <enum name="all"><para>After the operation, keep all codecs. (default)</para></enum>
142                                                                         <enum name="first"><para>After the operation, keep only the first codec.</para></enum>
143                                                                 </enumlist>
144                                                         </enum>
145                                                         <enum name="transcode : &lt; allow | prevent &gt;">
146                                                                 <para>
147                                                                 </para>
148                                                                 <enumlist>
149                                                                         <enum name="allow"><para>Allow transcoding. (default)</para></enum>
150                                                                         <enum name="prevent"><para>Prevent transcoding.</para></enum>
151                                                                 </enumlist>
152                                                         </enum>
153                                                 </enumlist>
154                                                 <para>
155                                                 </para>
156                                                 <example>
157                                                         codec_prefs_incoming_offer = prefer: pending, operation: intersect, keep: all, transcode: allow
158                                                 </example>
159                                                 <para>
160                                                         Prefer the codecs coming from the caller.  Use only the ones that are common.
161                                                         keeping the order of the preferred list. Keep all codecs in the result. Allow transcoding.
162                                                 </para>
163                                         </description>
164                                 </configOption>
165                                 <configOption name="codec_prefs_outgoing_offer">
166                                         <synopsis>Codec negotiation prefs for outgoing offers.</synopsis>
167                                         <description>
168                                                 <para>
169                                                         This is a string that describes how the codecs specified in the topology that
170                                                         comes from the Asterisk core (pending) are reconciled with the codecs specified on an
171                                                         endpoint (configured) when sending an SDP offer.
172                                                         The string actually specifies 4 <literal>name:value</literal> pair parameters
173                                                         separated by commas. Whitespace is ignored and they may be specified in any order.
174
175                                                 </para>
176                                                 <para>
177                                                         Parameters:
178                                                 </para>
179                                                 <enumlist>
180                                                         <enum name="prefer: &lt; pending | configured &gt;">
181                                                                 <para>
182                                                                 </para>
183                                                                 <enumlist>
184                                                                         <enum name="pending"><para>The codec list from the core. (default)</para></enum>
185                                                                         <enum name="configured"><para>The codec list from the endpoint.</para></enum>
186                                                                 </enumlist>
187                                                         </enum>
188                                                         <enum name="operation : &lt; union | intersect | only_preferred | only_nonpreferred &gt;">
189                                                                 <para>
190                                                                 </para>
191                                                                 <enumlist>
192                                                                         <enum name="union"><para>Merge the lists with the preferred codecs first. (default)</para></enum>
193                                                                         <enum name="intersect"><para>Only common codecs with the preferred codecs first. (default)</para></enum>
194                                                                         <enum name="only_preferred"><para>Use only the preferred codecs.</para></enum>
195                                                                         <enum name="only_nonpreferred"><para>Use only the non-preferred codecs.</para></enum>
196                                                                 </enumlist>
197                                                         </enum>
198                                                         <enum name="keep : &lt; all | first &gt;">
199                                                                 <para>
200                                                                 </para>
201                                                                 <enumlist>
202                                                                         <enum name="all"><para>After the operation, keep all codecs. (default)</para></enum>
203                                                                         <enum name="first"><para>After the operation, keep only the first codec.</para></enum>
204                                                                 </enumlist>
205                                                         </enum>
206                                                         <enum name="transcode : &lt; allow | prevent &gt;">
207                                                                 <para>
208                                                                 </para>
209                                                                 <enumlist>
210                                                                         <enum name="allow"><para>Allow transcoding. (default)</para></enum>
211                                                                         <enum name="prevent"><para>Prevent transcoding.</para></enum>
212                                                                 </enumlist>
213                                                         </enum>
214                                                 </enumlist>
215                                                 <para>
216                                                 </para>
217                                                 <example>
218                                                 codec_prefs_outgoing_offer = prefer: configured, operation: union, keep: first, transcode: prevent
219                                                 </example>
220                                                 <para>
221                                                 Prefer the codecs coming from the endpoint.  Merge them with the codecs from the core
222                                                 keeping the order of the preferred list. Keep only the first one. No transcoding allowed.
223                                                 </para>
224                                         </description>
225                                 </configOption>
226                                 <configOption name="codec_prefs_incoming_answer">
227                                         <synopsis>Codec negotiation prefs for incoming answers.</synopsis>
228                                         <description>
229                                                 <para>
230                                                         This is a string that describes how the codecs specified in an incoming SDP answer
231                                                         (pending) are reconciled with the codecs specified on an endpoint (configured)
232                                                         when receiving an SDP answer.
233                                                         The string actually specifies 4 <literal>name:value</literal> pair parameters
234                                                         separated by commas. Whitespace is ignored and they may be specified in any order.
235                                                 </para>
236                                                 <para>
237                                                         Parameters:
238                                                 </para>
239                                                 <enumlist>
240                                                         <enum name="prefer: &lt; pending | configured &gt;">
241                                                                 <para>
242                                                                 </para>
243                                                                 <enumlist>
244                                                                         <enum name="pending"><para>The codec list in the received SDP answer. (default)</para></enum>
245                                                                         <enum name="configured"><para>The codec list from the endpoint.</para></enum>
246                                                                 </enumlist>
247                                                         </enum>
248                                                         <enum name="operation : &lt; union | intersect | only_preferred | only_nonpreferred &gt;">
249                                                                 <para>
250                                                                 </para>
251                                                                 <enumlist>
252                                                                         <enum name="union"><para>Merge the lists with the preferred codecs first.</para></enum>
253                                                                         <enum name="intersect"><para>Only common codecs with the preferred codecs first. (default)</para></enum>
254                                                                         <enum name="only_preferred"><para>Use only the preferred codecs.</para></enum>
255                                                                         <enum name="only_nonpreferred"><para>Use only the non-preferred codecs.</para></enum>
256                                                                 </enumlist>
257                                                         </enum>
258                                                         <enum name="keep : &lt; all | first &gt;">
259                                                                 <para>
260                                                                 </para>
261                                                                 <enumlist>
262                                                                         <enum name="all"><para>After the operation, keep all codecs. (default)</para></enum>
263                                                                         <enum name="first"><para>After the operation, keep only the first codec.</para></enum>
264                                                                 </enumlist>
265                                                         </enum>
266                                                         <enum name="transcode : &lt; allow | prevent &gt;">
267                                                                 <para>
268                                                                 The transcode parameter is ignored when processing answers.
269                                                                 </para>
270                                                         </enum>
271                                                 </enumlist>
272                                                 <para>
273                                                 </para>
274                                                 <example>
275                                                 codec_prefs_incoming_answer = keep: first
276                                                 </example>
277                                                 <para>
278                                                 Use the defaults but keep oinly the first codec.
279                                                 </para>
280                                         </description>
281                                 </configOption>
282                                 <configOption name="codec_prefs_outgoing_answer">
283                                         <synopsis>Codec negotiation prefs for outgoing answers.</synopsis>
284                                         <description>
285                                                 <para>
286                                                         This is a string that describes how the codecs that come from the core (pending)
287                                                         are reconciled with the codecs specified on an endpoint (configured)
288                                                         when sending an SDP answer.
289                                                         The string actually specifies 4 <literal>name:value</literal> pair parameters
290                                                         separated by commas. Whitespace is ignored and they may be specified in any order.
291                                                 </para>
292                                                 <para>
293                                                         Parameters:
294                                                 </para>
295                                                 <enumlist>
296                                                         <enum name="prefer: &lt; pending | configured &gt;">
297                                                                 <para>
298                                                                 </para>
299                                                                 <enumlist>
300                                                                         <enum name="pending"><para>The codec list that came from the core. (default)</para></enum>
301                                                                         <enum name="configured"><para>The codec list from the endpoint.</para></enum>
302                                                                 </enumlist>
303                                                         </enum>
304                                                         <enum name="operation : &lt; union | intersect | only_preferred | only_nonpreferred &gt;">
305                                                                 <para>
306                                                                 </para>
307                                                                 <enumlist>
308                                                                         <enum name="union"><para>Merge the lists with the preferred codecs first.</para></enum>
309                                                                         <enum name="intersect"><para>Only common codecs with the preferred codecs first. (default)</para></enum>
310                                                                         <enum name="only_preferred"><para>Use only the preferred codecs.</para></enum>
311                                                                         <enum name="only_nonpreferred"><para>Use only the non-preferred codecs.</para></enum>
312                                                                 </enumlist>
313                                                         </enum>
314                                                         <enum name="keep : &lt; all | first &gt;">
315                                                                 <para>
316                                                                 </para>
317                                                                 <enumlist>
318                                                                         <enum name="all"><para>After the operation, keep all codecs. (default)</para></enum>
319                                                                         <enum name="first"><para>After the operation, keep only the first codec.</para></enum>
320                                                                 </enumlist>
321                                                         </enum>
322                                                         <enum name="transcode : &lt; allow | prevent &gt;">
323                                                                 <para>
324                                                                 The transcode parameter is ignored when processing answers.
325                                                                 </para>
326                                                         </enum>
327                                                 </enumlist>
328                                                 <para>
329                                                 </para>
330                                                 <example>
331                                                 codec_prefs_incoming_answer = keep: first
332                                                 </example>
333                                                 <para>
334                                                 Use the defaults but keep oinly the first codec.
335                                                 </para>
336                                         </description>
337                                 </configOption>
338                                 <configOption name="allow_overlap" default="yes">
339                                         <synopsis>Enable RFC3578 overlap dialing support.</synopsis>
340                                 </configOption>
341                                 <configOption name="aors">
342                                         <synopsis>AoR(s) to be used with the endpoint</synopsis>
343                                         <description><para>
344                                                 List of comma separated AoRs that the endpoint should be associated with.
345                                         </para></description>
346                                 </configOption>
347                                 <configOption name="auth">
348                                         <synopsis>Authentication Object(s) associated with the endpoint</synopsis>
349                                         <description><para>
350                                                 This is a comma-delimited list of <replaceable>auth</replaceable> sections defined
351                                                 in <filename>pjsip.conf</filename> to be used to verify inbound connection attempts.
352                                                 </para><para>
353                                                 Endpoints without an authentication object
354                                                 configured will allow connections without verification.</para>
355                                                 <note><para>
356                                                 Using the same auth section for inbound and outbound
357                                                 authentication is not recommended.  There is a difference in
358                                                 meaning for an empty realm setting between inbound and outbound
359                                                 authentication uses.  See the auth realm description for details.
360                                                 </para></note>
361                                         </description>
362                                 </configOption>
363                                 <configOption name="callerid">
364                                         <synopsis>CallerID information for the endpoint</synopsis>
365                                         <description><para>
366                                                 Must be in the format <literal>Name &lt;Number&gt;</literal>,
367                                                 or only <literal>&lt;Number&gt;</literal>.
368                                         </para></description>
369                                 </configOption>
370                                 <configOption name="callerid_privacy">
371                                         <synopsis>Default privacy level</synopsis>
372                                         <description>
373                                                 <enumlist>
374                                                         <enum name="allowed_not_screened" />
375                                                         <enum name="allowed_passed_screen" />
376                                                         <enum name="allowed_failed_screen" />
377                                                         <enum name="allowed" />
378                                                         <enum name="prohib_not_screened" />
379                                                         <enum name="prohib_passed_screen" />
380                                                         <enum name="prohib_failed_screen" />
381                                                         <enum name="prohib" />
382                                                         <enum name="unavailable" />
383                                                 </enumlist>
384                                         </description>
385                                 </configOption>
386                                 <configOption name="callerid_tag">
387                                         <synopsis>Internal id_tag for the endpoint</synopsis>
388                                 </configOption>
389                                 <configOption name="context">
390                                         <synopsis>Dialplan context for inbound sessions</synopsis>
391                                 </configOption>
392                                 <configOption name="direct_media_glare_mitigation" default="none">
393                                         <synopsis>Mitigation of direct media (re)INVITE glare</synopsis>
394                                         <description>
395                                                 <para>
396                                                 This setting attempts to avoid creating INVITE glare scenarios
397                                                 by disabling direct media reINVITEs in one direction thereby allowing
398                                                 designated servers (according to this option) to initiate direct
399                                                 media reINVITEs without contention and significantly reducing call
400                                                 setup time.
401                                                 </para>
402                                                 <para>
403                                                 A more detailed description of how this option functions can be found on
404                                                 the Asterisk wiki https://wiki.asterisk.org/wiki/display/AST/SIP+Direct+Media+Reinvite+Glare+Avoidance
405                                                 </para>
406                                                 <enumlist>
407                                                         <enum name="none" />
408                                                         <enum name="outgoing" />
409                                                         <enum name="incoming" />
410                                                 </enumlist>
411                                         </description>
412                                 </configOption>
413                                 <configOption name="direct_media_method" default="invite">
414                                         <synopsis>Direct Media method type</synopsis>
415                                         <description>
416                                                 <para>Method for setting up Direct Media between endpoints.</para>
417                                                 <enumlist>
418                                                         <enum name="invite" />
419                                                         <enum name="reinvite">
420                                                                 <para>Alias for the <literal>invite</literal> value.</para>
421                                                         </enum>
422                                                         <enum name="update" />
423                                                 </enumlist>
424                                         </description>
425                                 </configOption>
426                                 <configOption name="trust_connected_line">
427                                         <synopsis>Accept Connected Line updates from this endpoint</synopsis>
428                                 </configOption>
429                                 <configOption name="send_connected_line">
430                                         <synopsis>Send Connected Line updates to this endpoint</synopsis>
431                                 </configOption>
432                                 <configOption name="connected_line_method" default="invite">
433                                         <synopsis>Connected line method type</synopsis>
434                                         <description>
435                                                 <para>Method used when updating connected line information.</para>
436                                                 <enumlist>
437                                                         <enum name="invite">
438                                                         <para>When set to <literal>invite</literal>, check the remote's Allow header and
439                                                         if UPDATE is allowed, send UPDATE instead of INVITE to avoid SDP
440                                                         renegotiation.  If UPDATE is not Allowed, send INVITE.</para>
441                                                         </enum>
442                                                         <enum name="reinvite">
443                                                                 <para>Alias for the <literal>invite</literal> value.</para>
444                                                         </enum>
445                                                         <enum name="update">
446                                                         <para>If set to <literal>update</literal>, send UPDATE regardless of what the remote
447                                                         Allows. </para>
448                                                         </enum>
449                                                 </enumlist>
450                                         </description>
451                                 </configOption>
452                                 <configOption name="direct_media" default="yes">
453                                         <synopsis>Determines whether media may flow directly between endpoints.</synopsis>
454                                 </configOption>
455                                 <configOption name="disable_direct_media_on_nat" default="no">
456                                         <synopsis>Disable direct media session refreshes when NAT obstructs the media session</synopsis>
457                                 </configOption>
458                                 <configOption name="disallow">
459                                         <synopsis>Media Codec(s) to disallow</synopsis>
460                                 </configOption>
461                                 <configOption name="dtmf_mode" default="rfc4733">
462                                         <synopsis>DTMF mode</synopsis>
463                                         <description>
464                                                 <para>This setting allows to choose the DTMF mode for endpoint communication.</para>
465                                                 <enumlist>
466                                                         <enum name="rfc4733">
467                                                                 <para>DTMF is sent out of band of the main audio stream.  This
468                                                                 supercedes the older <emphasis>RFC-2833</emphasis> used within
469                                                                 the older <literal>chan_sip</literal>.</para>
470                                                         </enum>
471                                                         <enum name="inband">
472                                                                 <para>DTMF is sent as part of audio stream.</para>
473                                                         </enum>
474                                                         <enum name="info">
475                                                                 <para>DTMF is sent as SIP INFO packets.</para>
476                                                         </enum>
477                                                         <enum name="auto">
478                                                                 <para>DTMF is sent as RFC 4733 if the other side supports it or as INBAND if not.</para>
479                                                         </enum>
480                                                         <enum name="auto_info">
481                                                                 <para>DTMF is sent as RFC 4733 if the other side supports it or as SIP INFO if not.</para>
482                                                         </enum>
483                                                 </enumlist>
484                                         </description>
485                                 </configOption>
486                                 <configOption name="media_address">
487                                         <synopsis>IP address used in SDP for media handling</synopsis>
488                                         <description><para>
489                                                 At the time of SDP creation, the IP address defined here will be used as
490                                                 the media address for individual streams in the SDP.
491                                         </para>
492                                         <note><para>
493                                                 Be aware that the <literal>external_media_address</literal> option, set in Transport
494                                                 configuration, can also affect the final media address used in the SDP.
495                                         </para></note>
496                                         </description>
497                                 </configOption>
498                                 <configOption name="bind_rtp_to_media_address">
499                                         <synopsis>Bind the RTP instance to the media_address</synopsis>
500                                         <description><para>
501                                                 If media_address is specified, this option causes the RTP instance to be bound to the
502                                                 specified ip address which causes the packets to be sent from that address.
503                                         </para>
504                                         </description>
505                                 </configOption>
506                                 <configOption name="force_rport" default="yes">
507                                         <synopsis>Force use of return port</synopsis>
508                                 </configOption>
509                                 <configOption name="ice_support" default="no">
510                                         <synopsis>Enable the ICE mechanism to help traverse NAT</synopsis>
511                                 </configOption>
512                                 <configOption name="identify_by">
513                                         <synopsis>Way(s) for the endpoint to be identified</synopsis>
514                                         <description>
515                                                 <para>Endpoints and AORs can be identified in multiple ways.  This
516                                                 option is a comma separated list of methods the endpoint can be
517                                                 identified.
518                                                 </para>
519                                                 <note><para>
520                                                 This option controls both how an endpoint is matched for incoming
521                                                 traffic and also how an AOR is determined if a registration
522                                                 occurs.  You must list at least one method that also matches for
523                                                 AORs or the registration will fail.
524                                                 </para></note>
525                                                 <enumlist>
526                                                         <enum name="username">
527                                                                 <para>Matches the endpoint or AOR ID based on the username
528                                                                 and domain in the From header (or To header for AORs).  If
529                                                                 an exact match on both username and domain/realm fails, the
530                                                                 match is retried with just the username.
531                                                                 </para>
532                                                         </enum>
533                                                         <enum name="auth_username">
534                                                                 <para>Matches the endpoint or AOR ID based on the username
535                                                                 and realm in the Authentication header.  If an exact match
536                                                                 on both username and domain/realm fails, the match is
537                                                                 retried with just the username.
538                                                                 </para>
539                                                                 <note><para>This method of identification has some security
540                                                                 considerations because an Authentication header is not
541                                                                 present on the first message of a dialog when digest
542                                                                 authentication is used.  The client can't generate it until
543                                                                 the server sends the challenge in a 401 response.  Since
544                                                                 Asterisk normally sends a security event when an incoming
545                                                                 request can't be matched to an endpoint, using this method
546                                                                 requires that the security event be deferred until a request
547                                                                 is received with the Authentication header and only
548                                                                 generated if the username doesn't result in a match.  This
549                                                                 may result in a delay before an attack is recognized.  You
550                                                                 can control how many unmatched requests are received from
551                                                                 a single ip address before a security event is generated
552                                                                 using the <literal>unidentified_request</literal>
553                                                                 parameters in the "global" configuration object.
554                                                                 </para></note>
555                                                         </enum>
556                                                         <enum name="ip">
557                                                                 <para>Matches the endpoint based on the source IP address.
558                                                                 </para>
559                                                                 <para>This method of identification is not configured here
560                                                                 but simply allowed by this configuration option.  See the
561                                                                 documentation for the <literal>identify</literal>
562                                                                 configuration section for more details on this method of
563                                                                 endpoint identification.
564                                                                 </para>
565                                                         </enum>
566                                                         <enum name="header">
567                                                                 <para>Matches the endpoint based on a configured SIP header
568                                                                 value.
569                                                                 </para>
570                                                                 <para>This method of identification is not configured here
571                                                                 but simply allowed by this configuration option.  See the
572                                                                 documentation for the <literal>identify</literal>
573                                                                 configuration section for more details on this method of
574                                                                 endpoint identification.
575                                                                 </para>
576                                                         </enum>
577                                                 </enumlist>
578                                         </description>
579                                 </configOption>
580                                 <configOption name="redirect_method">
581                                         <synopsis>How redirects received from an endpoint are handled</synopsis>
582                                         <description><para>
583                                                 When a redirect is received from an endpoint there are multiple ways it can be handled.
584                                                 If this option is set to <literal>user</literal> the user portion of the redirect target
585                                                 is treated as an extension within the dialplan and dialed using a Local channel. If this option
586                                                 is set to <literal>uri_core</literal> the target URI is returned to the dialing application
587                                                 which dials it using the PJSIP channel driver and endpoint originally used. If this option is
588                                                 set to <literal>uri_pjsip</literal> the redirect occurs within chan_pjsip itself and is not exposed
589                                                 to the core at all. The <literal>uri_pjsip</literal> option has the benefit of being more efficient
590                                                 and also supporting multiple potential redirect targets. The con is that since redirection occurs
591                                                 within chan_pjsip redirecting information is not forwarded and redirection can not be
592                                                 prevented.
593                                                 </para>
594                                                 <enumlist>
595                                                         <enum name="user" />
596                                                         <enum name="uri_core" />
597                                                         <enum name="uri_pjsip" />
598                                                 </enumlist>
599                                         </description>
600                                 </configOption>
601                                 <configOption name="mailboxes">
602                                         <synopsis>NOTIFY the endpoint when state changes for any of the specified mailboxes</synopsis>
603                                         <description><para>
604                                                 Asterisk will send unsolicited MWI NOTIFY messages to the endpoint when state
605                                                 changes happen for any of the specified mailboxes. More than one mailbox can be
606                                                 specified with a comma-delimited string. app_voicemail mailboxes must be specified
607                                                 as mailbox@context; for example: mailboxes=6001@default. For mailboxes provided by
608                                                 external sources, such as through the res_mwi_external module, you must specify
609                                                 strings supported by the external system.
610                                         </para><para>
611                                                 For endpoints that SUBSCRIBE for MWI, use the <literal>mailboxes</literal> option in your AOR
612                                                 configuration.
613                                         </para></description>
614                                 </configOption>
615                                 <configOption name="mwi_subscribe_replaces_unsolicited">
616                                         <synopsis>An MWI subscribe will replace sending unsolicited NOTIFYs</synopsis>
617                                 </configOption>
618                                 <configOption name="voicemail_extension">
619                                         <synopsis>The voicemail extension to send in the NOTIFY Message-Account header</synopsis>
620                                 </configOption>
621                                 <configOption name="moh_suggest" default="default">
622                                         <synopsis>Default Music On Hold class</synopsis>
623                                 </configOption>
624                                 <configOption name="outbound_auth">
625                                         <synopsis>Authentication object(s) used for outbound requests</synopsis>
626                                         <description><para>
627                                                 This is a comma-delimited list of <replaceable>auth</replaceable>
628                                                 sections defined in <filename>pjsip.conf</filename> used to respond
629                                                 to outbound connection authentication challenges.</para>
630                                                 <note><para>
631                                                 Using the same auth section for inbound and outbound
632                                                 authentication is not recommended.  There is a difference in
633                                                 meaning for an empty realm setting between inbound and outbound
634                                                 authentication uses.  See the auth realm description for details.
635                                                 </para></note>
636                                         </description>
637                                 </configOption>
638                                 <configOption name="outbound_proxy">
639                                         <synopsis>Full SIP URI of the outbound proxy used to send requests</synopsis>
640                                 </configOption>
641                                 <configOption name="rewrite_contact">
642                                         <synopsis>Allow Contact header to be rewritten with the source IP address-port</synopsis>
643                                         <description><para>
644                                                 On inbound SIP messages from this endpoint, the Contact header or an
645                                                 appropriate Record-Route header will be changed to have the source IP
646                                                 address and port.  This option does not affect outbound messages sent to
647                                                 this endpoint.  This option helps servers communicate with endpoints
648                                                 that are behind NATs.  This option also helps reuse reliable transport
649                                                 connections such as TCP and TLS.
650                                         </para></description>
651                                 </configOption>
652                                 <configOption name="rtp_ipv6" default="no">
653                                         <synopsis>Allow use of IPv6 for RTP traffic</synopsis>
654                                 </configOption>
655                                 <configOption name="rtp_symmetric" default="no">
656                                         <synopsis>Enforce that RTP must be symmetric</synopsis>
657                                 </configOption>
658                                 <configOption name="send_diversion" default="yes">
659                                         <synopsis>Send the Diversion header, conveying the diversion
660                                         information to the called user agent</synopsis>
661                                 </configOption>
662                                 <configOption name="send_history_info" default="no">
663                                         <synopsis>Send the History-Info header, conveying the diversion
664                                         information to the called and calling user agents</synopsis>
665                                 </configOption>
666                                 <configOption name="send_pai" default="no">
667                                         <synopsis>Send the P-Asserted-Identity header</synopsis>
668                                 </configOption>
669                                 <configOption name="send_rpid" default="no">
670                                         <synopsis>Send the Remote-Party-ID header</synopsis>
671                                 </configOption>
672                                 <configOption name="rpid_immediate" default="no">
673                                         <synopsis>Immediately send connected line updates on unanswered incoming calls.</synopsis>
674                                         <description>
675                                                 <para>When enabled, immediately send <emphasis>180 Ringing</emphasis>
676                                                 or <emphasis>183 Progress</emphasis> response messages to the
677                                                 caller if the connected line information is updated before
678                                                 the call is answered.  This can send a <emphasis>180 Ringing</emphasis>
679                                                 response before the call has even reached the far end.  The
680                                                 caller can start hearing ringback before the far end even gets
681                                                 the call.  Many phones tend to grab the first connected line
682                                                 information and refuse to update the display if it changes.  The
683                                                 first information is not likely to be correct if the call
684                                                 goes to an endpoint not under the control of this Asterisk
685                                                 box.</para>
686                                                 <para>When disabled, a connected line update must wait for
687                                                 another reason to send a message with the connected line
688                                                 information to the caller before the call is answered.  You can
689                                                 trigger the sending of the information by using an appropriate
690                                                 dialplan application such as <emphasis>Ringing</emphasis>.</para>
691                                         </description>
692                                 </configOption>
693                                 <configOption name="timers_min_se" default="90">
694                                         <synopsis>Minimum session timers expiration period</synopsis>
695                                         <description><para>
696                                                 Minimum session timer expiration period. Time in seconds.
697                                         </para></description>
698                                 </configOption>
699                                 <configOption name="timers" default="yes">
700                                         <synopsis>Session timers for SIP packets</synopsis>
701                                         <description>
702                                                 <enumlist>
703                                                         <enum name="no" />
704                                                         <enum name="yes" />
705                                                         <enum name="required" />
706                                                         <enum name="always" />
707                                                         <enum name="forced"><para>Alias of always</para></enum>
708                                                 </enumlist>
709                                         </description>
710                                 </configOption>
711                                 <configOption name="timers_sess_expires" default="1800">
712                                         <synopsis>Maximum session timer expiration period</synopsis>
713                                         <description><para>
714                                                 Maximum session timer expiration period. Time in seconds.
715                                         </para></description>
716                                 </configOption>
717                                 <configOption name="transport">
718                                         <synopsis>Explicit transport configuration to use</synopsis>
719                                         <description>
720                                                 <para>This will <emphasis>force</emphasis> the endpoint to use the
721                                                 specified transport configuration to send SIP messages.  You need
722                                                 to already know what kind of transport (UDP/TCP/IPv4/etc) the
723                                                 endpoint device will use.
724                                                 </para>
725                                                 <note><para>Not specifying a transport will select the first
726                                                 configured transport in <filename>pjsip.conf</filename> which is
727                                                 compatible with the URI we are trying to contact.
728                                                 </para></note>
729                                                 <warning><para>Transport configuration is not affected by reloads. In order to
730                                                 change transports, a full Asterisk restart is required</para></warning>
731                                         </description>
732                                 </configOption>
733                                 <configOption name="trust_id_inbound" default="no">
734                                         <synopsis>Accept identification information received from this endpoint</synopsis>
735                                         <description><para>This option determines whether Asterisk will accept
736                                         identification from the endpoint from headers such as P-Asserted-Identity
737                                         or Remote-Party-ID header. This option applies both to calls originating from the
738                                         endpoint and calls originating from Asterisk. If <literal>no</literal>, the
739                                         configured Caller-ID from pjsip.conf will always be used as the identity for
740                                         the endpoint.</para></description>
741                                 </configOption>
742                                 <configOption name="trust_id_outbound" default="no">
743                                         <synopsis>Send private identification details to the endpoint.</synopsis>
744                                         <description><para>This option determines whether res_pjsip will send private
745                                         identification information to the endpoint. If <literal>no</literal>,
746                                         private Caller-ID information will not be forwarded to the endpoint.
747                                         "Private" in this case refers to any method of restricting identification.
748                                         Example: setting <replaceable>callerid_privacy</replaceable> to any
749                                         <literal>prohib</literal> variation.
750                                         Example: If <replaceable>trust_id_inbound</replaceable> is set to
751                                         <literal>yes</literal>, the presence of a <literal>Privacy: id</literal>
752                                         header in a SIP request or response would indicate the identification
753                                         provided in the request is private.</para></description>
754                                 </configOption>
755                                 <configOption name="type">
756                                         <synopsis>Must be of type 'endpoint'.</synopsis>
757                                 </configOption>
758                                 <configOption name="use_ptime" default="no">
759                                         <synopsis>Use Endpoint's requested packetization interval</synopsis>
760                                 </configOption>
761                                 <configOption name="use_avpf" default="no">
762                                         <synopsis>Determines whether res_pjsip will use and enforce usage of AVPF for this
763                                         endpoint.</synopsis>
764                                         <description><para>
765                                                 If set to <literal>yes</literal>, res_pjsip will use the AVPF or SAVPF RTP
766                                                 profile for all media offers on outbound calls and media updates and will
767                                                 decline media offers not using the AVPF or SAVPF profile.
768                                         </para><para>
769                                                 If set to <literal>no</literal>, res_pjsip will use the AVP or SAVP RTP
770                                                 profile for all media offers on outbound calls and media updates, and will
771                                                 decline media offers not using the AVP or SAVP profile.
772                                         </para></description>
773                                 </configOption>
774                                 <configOption name="force_avp" default="no">
775                                         <synopsis>Determines whether res_pjsip will use and enforce usage of AVP,
776                                         regardless of the RTP profile in use for this endpoint.</synopsis>
777                                         <description><para>
778                                                 If set to <literal>yes</literal>, res_pjsip will use the AVP, AVPF, SAVP, or
779                                                 SAVPF RTP profile for all media offers on outbound calls and media updates including
780                                                 those for DTLS-SRTP streams.
781                                         </para><para>
782                                                 If set to <literal>no</literal>, res_pjsip will use the respective RTP profile
783                                                 depending on configuration.
784                                         </para></description>
785                                 </configOption>
786                                 <configOption name="media_use_received_transport" default="no">
787                                         <synopsis>Determines whether res_pjsip will use the media transport received in the
788                                         offer SDP in the corresponding answer SDP.</synopsis>
789                                         <description><para>
790                                                 If set to <literal>yes</literal>, res_pjsip will use the received media transport.
791                                         </para><para>
792                                                 If set to <literal>no</literal>, res_pjsip will use the respective RTP profile
793                                                 depending on configuration.
794                                         </para></description>
795                                 </configOption>
796                                 <configOption name="media_encryption" default="no">
797                                         <synopsis>Determines whether res_pjsip will use and enforce usage of media encryption
798                                         for this endpoint.</synopsis>
799                                         <description>
800                                                 <enumlist>
801                                                         <enum name="no"><para>
802                                                                 res_pjsip will offer no encryption and allow no encryption to be setup.
803                                                         </para></enum>
804                                                         <enum name="sdes"><para>
805                                                                 res_pjsip will offer standard SRTP setup via in-SDP keys. Encrypted SIP
806                                                                 transport should be used in conjunction with this option to prevent
807                                                                 exposure of media encryption keys.
808                                                         </para></enum>
809                                                         <enum name="dtls"><para>
810                                                                 res_pjsip will offer DTLS-SRTP setup.
811                                                         </para></enum>
812                                                 </enumlist>
813                                         </description>
814                                 </configOption>
815                                 <configOption name="media_encryption_optimistic" default="no">
816                                         <synopsis>Determines whether encryption should be used if possible but does not terminate the
817                                         session if not achieved.</synopsis>
818                                         <description><para>
819                                                 This option only applies if <replaceable>media_encryption</replaceable> is
820                                                 set to <literal>sdes</literal> or <literal>dtls</literal>.
821                                         </para></description>
822                                 </configOption>
823                                 <configOption name="g726_non_standard" default="no">
824                                         <synopsis>Force g.726 to use AAL2 packing order when negotiating g.726 audio</synopsis>
825                                         <description><para>
826                                                 When set to "yes" and an endpoint negotiates g.726 audio then use g.726 for AAL2
827                                                 packing order instead of what is recommended by RFC3551. Since this essentially
828                                                 replaces the underlying 'g726' codec with 'g726aal2' then 'g726aal2' needs to be
829                                                 specified in the endpoint's allowed codec list.
830                                         </para></description>
831                                 </configOption>
832                                 <configOption name="inband_progress" default="no">
833                                         <synopsis>Determines whether chan_pjsip will indicate ringing using inband
834                                                 progress.</synopsis>
835                                         <description><para>
836                                                 If set to <literal>yes</literal>, chan_pjsip will send a 183 Session Progress
837                                                 when told to indicate ringing and will immediately start sending ringing
838                                                 as audio.
839                                         </para><para>
840                                                 If set to <literal>no</literal>, chan_pjsip will send a 180 Ringing when told
841                                                 to indicate ringing and will NOT send it as audio.
842                                         </para></description>
843                                 </configOption>
844                                 <configOption name="call_group">
845                                         <synopsis>The numeric pickup groups for a channel.</synopsis>
846                                         <description><para>
847                                                 Can be set to a comma separated list of numbers or ranges between the values
848                                                 of 0-63 (maximum of 64 groups).
849                                         </para></description>
850                                 </configOption>
851                                 <configOption name="pickup_group">
852                                         <synopsis>The numeric pickup groups that a channel can pickup.</synopsis>
853                                         <description><para>
854                                                 Can be set to a comma separated list of numbers or ranges between the values
855                                                 of 0-63 (maximum of 64 groups).
856                                         </para></description>
857                                 </configOption>
858                                 <configOption name="named_call_group">
859                                         <synopsis>The named pickup groups for a channel.</synopsis>
860                                         <description><para>
861                                                 Can be set to a comma separated list of case sensitive strings limited by
862                                                 supported line length.
863                                         </para></description>
864                                 </configOption>
865                                 <configOption name="named_pickup_group">
866                                         <synopsis>The named pickup groups that a channel can pickup.</synopsis>
867                                         <description><para>
868                                                 Can be set to a comma separated list of case sensitive strings limited by
869                                                 supported line length.
870                                         </para></description>
871                                 </configOption>
872                                 <configOption name="device_state_busy_at" default="0">
873                                         <synopsis>The number of in-use channels which will cause busy to be returned as device state</synopsis>
874                                         <description><para>
875                                                 When the number of in-use channels for the endpoint matches the devicestate_busy_at setting the
876                                                 PJSIP channel driver will return busy as the device state instead of in use.
877                                         </para></description>
878                                 </configOption>
879                                 <configOption name="t38_udptl" default="no">
880                                         <synopsis>Whether T.38 UDPTL support is enabled or not</synopsis>
881                                         <description><para>
882                                                 If set to yes T.38 UDPTL support will be enabled, and T.38 negotiation requests will be accepted
883                                                 and relayed.
884                                         </para></description>
885                                 </configOption>
886                                 <configOption name="t38_udptl_ec" default="none">
887                                         <synopsis>T.38 UDPTL error correction method</synopsis>
888                                         <description>
889                                                 <enumlist>
890                                                         <enum name="none"><para>
891                                                                 No error correction should be used.
892                                                         </para></enum>
893                                                         <enum name="fec"><para>
894                                                                 Forward error correction should be used.
895                                                         </para></enum>
896                                                         <enum name="redundancy"><para>
897                                                                 Redundancy error correction should be used.
898                                                         </para></enum>
899                                                 </enumlist>
900                                         </description>
901                                 </configOption>
902                                 <configOption name="t38_udptl_maxdatagram" default="0">
903                                         <synopsis>T.38 UDPTL maximum datagram size</synopsis>
904                                         <description><para>
905                                                 This option can be set to override the maximum datagram of a remote endpoint for broken
906                                                 endpoints.
907                                         </para></description>
908                                 </configOption>
909                                 <configOption name="fax_detect" default="no">
910                                         <synopsis>Whether CNG tone detection is enabled</synopsis>
911                                         <description><para>
912                                                 This option can be set to send the session to the fax extension when a CNG tone is
913                                                 detected.
914                                         </para></description>
915                                 </configOption>
916                                 <configOption name="fax_detect_timeout">
917                                         <synopsis>How long into a call before fax_detect is disabled for the call</synopsis>
918                                         <description><para>
919                                                 The option determines how many seconds into a call before the
920                                                 fax_detect option is disabled for the call.  Setting the value
921                                                 to zero disables the timeout.
922                                         </para></description>
923                                 </configOption>
924                                 <configOption name="t38_udptl_nat" default="no">
925                                         <synopsis>Whether NAT support is enabled on UDPTL sessions</synopsis>
926                                         <description><para>
927                                                 When enabled the UDPTL stack will send UDPTL packets to the source address of
928                                                 received packets.
929                                         </para></description>
930                                 </configOption>
931                                 <configOption name="t38_udptl_ipv6" default="no">
932                                         <synopsis>Whether IPv6 is used for UDPTL Sessions</synopsis>
933                                         <description><para>
934                                                 When enabled the UDPTL stack will use IPv6.
935                                         </para></description>
936                                 </configOption>
937                                 <configOption name="tone_zone">
938                                         <synopsis>Set which country's indications to use for channels created for this endpoint.</synopsis>
939                                 </configOption>
940                                 <configOption name="language">
941                                         <synopsis>Set the default language to use for channels created for this endpoint.</synopsis>
942                                 </configOption>
943                                 <configOption name="one_touch_recording" default="no">
944                                         <synopsis>Determines whether one-touch recording is allowed for this endpoint.</synopsis>
945                                         <see-also>
946                                                 <ref type="configOption">record_on_feature</ref>
947                                                 <ref type="configOption">record_off_feature</ref>
948                                         </see-also>
949                                 </configOption>
950                                 <configOption name="record_on_feature" default="automixmon">
951                                         <synopsis>The feature to enact when one-touch recording is turned on.</synopsis>
952                                         <description>
953                                                 <para>When an INFO request for one-touch recording arrives with a Record header set to "on", this
954                                                 feature will be enabled for the channel. The feature designated here can be any built-in
955                                                 or dynamic feature defined in features.conf.</para>
956                                                 <note><para>This setting has no effect if the endpoint's one_touch_recording option is disabled</para></note>
957                                         </description>
958                                         <see-also>
959                                                 <ref type="configOption">one_touch_recording</ref>
960                                                 <ref type="configOption">record_off_feature</ref>
961                                         </see-also>
962                                 </configOption>
963                                 <configOption name="record_off_feature" default="automixmon">
964                                         <synopsis>The feature to enact when one-touch recording is turned off.</synopsis>
965                                         <description>
966                                                 <para>When an INFO request for one-touch recording arrives with a Record header set to "off", this
967                                                 feature will be enabled for the channel. The feature designated here can be any built-in
968                                                 or dynamic feature defined in features.conf.</para>
969                                                 <note><para>This setting has no effect if the endpoint's one_touch_recording option is disabled</para></note>
970                                         </description>
971                                         <see-also>
972                                                 <ref type="configOption">one_touch_recording</ref>
973                                                 <ref type="configOption">record_on_feature</ref>
974                                         </see-also>
975                                 </configOption>
976                                 <configOption name="rtp_engine" default="asterisk">
977                                         <synopsis>Name of the RTP engine to use for channels created for this endpoint</synopsis>
978                                 </configOption>
979                                 <configOption name="allow_transfer" default="yes">
980                                         <synopsis>Determines whether SIP REFER transfers are allowed for this endpoint</synopsis>
981                                 </configOption>
982                                 <configOption name="user_eq_phone" default="no">
983                                         <synopsis>Determines whether a user=phone parameter is placed into the request URI if the user is determined to be a phone number</synopsis>
984                                 </configOption>
985                                 <configOption name="moh_passthrough" default="no">
986                                         <synopsis>Determines whether hold and unhold will be passed through using re-INVITEs with recvonly and sendrecv to the remote side</synopsis>
987                                 </configOption>
988                                 <configOption name="sdp_owner" default="-">
989                                         <synopsis>String placed as the username portion of an SDP origin (o=) line.</synopsis>
990                                 </configOption>
991                                 <configOption name="sdp_session" default="Asterisk">
992                                         <synopsis>String used for the SDP session (s=) line.</synopsis>
993                                 </configOption>
994                                 <configOption name="tos_audio">
995                                         <synopsis>DSCP TOS bits for audio streams</synopsis>
996                                         <description><para>
997                                                 See https://wiki.asterisk.org/wiki/display/AST/IP+Quality+of+Service for more information about QoS settings
998                                         </para></description>
999                                 </configOption>
1000                                 <configOption name="tos_video">
1001                                         <synopsis>DSCP TOS bits for video streams</synopsis>
1002                                         <description><para>
1003                                                 See https://wiki.asterisk.org/wiki/display/AST/IP+Quality+of+Service for more information about QoS settings
1004                                         </para></description>
1005                                 </configOption>
1006                                 <configOption name="cos_audio">
1007                                         <synopsis>Priority for audio streams</synopsis>
1008                                         <description><para>
1009                                                 See https://wiki.asterisk.org/wiki/display/AST/IP+Quality+of+Service for more information about QoS settings
1010                                         </para></description>
1011                                 </configOption>
1012                                 <configOption name="cos_video">
1013                                         <synopsis>Priority for video streams</synopsis>
1014                                         <description><para>
1015                                                 See https://wiki.asterisk.org/wiki/display/AST/IP+Quality+of+Service for more information about QoS settings
1016                                         </para></description>
1017                                 </configOption>
1018                                 <configOption name="allow_subscribe" default="yes">
1019                                         <synopsis>Determines if endpoint is allowed to initiate subscriptions with Asterisk.</synopsis>
1020                                 </configOption>
1021                                 <configOption name="sub_min_expiry" default="60">
1022                                         <synopsis>The minimum allowed expiry time for subscriptions initiated by the endpoint.</synopsis>
1023                                 </configOption>
1024                                 <configOption name="from_user">
1025                                         <synopsis>Username to use in From header for requests to this endpoint.</synopsis>
1026                                 </configOption>
1027                                 <configOption name="mwi_from_user">
1028                                         <synopsis>Username to use in From header for unsolicited MWI NOTIFYs to this endpoint.</synopsis>
1029                                 </configOption>
1030                                 <configOption name="from_domain">
1031                                         <synopsis>Domain to user in From header for requests to this endpoint.</synopsis>
1032                                 </configOption>
1033                                 <configOption name="dtls_verify">
1034                                         <synopsis>Verify that the provided peer certificate is valid</synopsis>
1035                                         <description><para>
1036                                                 This option only applies if <replaceable>media_encryption</replaceable> is
1037                                                 set to <literal>dtls</literal>.
1038                                                 </para><para>
1039                                                 It can be one of the following values:
1040                                                 </para><enumlist>
1041                                                         <enum name="no"><para>
1042                                                                 meaning no verificaton is done.
1043                                                         </para></enum>
1044                                                         <enum name="fingerprint"><para>
1045                                                                 meaning to verify the remote fingerprint.
1046                                                         </para></enum>
1047                                                         <enum name="certificate"><para>
1048                                                                 meaning to verify the remote certificate.
1049                                                         </para></enum>
1050                                                         <enum name="yes"><para>
1051                                                                 meaning to verify both the remote fingerprint and certificate.
1052                                                         </para></enum>
1053                                                 </enumlist>
1054                                         </description>
1055                                 </configOption>
1056                                 <configOption name="dtls_rekey">
1057                                         <synopsis>Interval at which to renegotiate the TLS session and rekey the SRTP session</synopsis>
1058                                         <description><para>
1059                                                 This option only applies if <replaceable>media_encryption</replaceable> is
1060                                                 set to <literal>dtls</literal>.
1061                                         </para><para>
1062                                                 If this is not set or the value provided is 0 rekeying will be disabled.
1063                                         </para></description>
1064                                 </configOption>
1065                                 <configOption name="dtls_auto_generate_cert" default="no">
1066                                         <synopsis>Whether or not to automatically generate an ephemeral X.509 certificate</synopsis>
1067                                         <description>
1068                                                 <para>
1069                                                         If enabled, Asterisk will generate an X.509 certificate for each DTLS session.
1070                                                         This option only applies if <replaceable>media_encryption</replaceable> is set
1071                                                         to <literal>dtls</literal>. This option will be automatically enabled if
1072                                                         <literal>webrtc</literal> is enabled and <literal>dtls_cert_file</literal> is
1073                                                         not specified.
1074                                                 </para>
1075                                         </description>
1076                                 </configOption>
1077                                 <configOption name="dtls_cert_file">
1078                                         <synopsis>Path to certificate file to present to peer</synopsis>
1079                                         <description><para>
1080                                                 This option only applies if <replaceable>media_encryption</replaceable> is
1081                                                 set to <literal>dtls</literal>.
1082                                         </para></description>
1083                                 </configOption>
1084                                 <configOption name="dtls_private_key">
1085                                         <synopsis>Path to private key for certificate file</synopsis>
1086                                         <description><para>
1087                                                 This option only applies if <replaceable>media_encryption</replaceable> is
1088                                                 set to <literal>dtls</literal>.
1089                                         </para></description>
1090                                 </configOption>
1091                                 <configOption name="dtls_cipher">
1092                                         <synopsis>Cipher to use for DTLS negotiation</synopsis>
1093                                         <description><para>
1094                                                 This option only applies if <replaceable>media_encryption</replaceable> is
1095                                                 set to <literal>dtls</literal>.
1096                                         </para>
1097                                         <para>Many options for acceptable ciphers. See link for more:</para>
1098                                         <para>http://www.openssl.org/docs/apps/ciphers.html#CIPHER_STRINGS
1099                                         </para></description>
1100                                 </configOption>
1101                                 <configOption name="dtls_ca_file">
1102                                         <synopsis>Path to certificate authority certificate</synopsis>
1103                                         <description><para>
1104                                                 This option only applies if <replaceable>media_encryption</replaceable> is
1105                                                 set to <literal>dtls</literal>.
1106                                         </para></description>
1107                                 </configOption>
1108                                 <configOption name="dtls_ca_path">
1109                                         <synopsis>Path to a directory containing certificate authority certificates</synopsis>
1110                                         <description><para>
1111                                                 This option only applies if <replaceable>media_encryption</replaceable> is
1112                                                 set to <literal>dtls</literal>.
1113                                         </para></description>
1114                                 </configOption>
1115                                 <configOption name="dtls_setup">
1116                                         <synopsis>Whether we are willing to accept connections, connect to the other party, or both.</synopsis>
1117                                         <description>
1118                                                 <para>
1119                                                         This option only applies if <replaceable>media_encryption</replaceable> is
1120                                                         set to <literal>dtls</literal>.
1121                                                 </para>
1122                                                 <enumlist>
1123                                                         <enum name="active"><para>
1124                                                                 res_pjsip will make a connection to the peer.
1125                                                         </para></enum>
1126                                                         <enum name="passive"><para>
1127                                                                 res_pjsip will accept connections from the peer.
1128                                                         </para></enum>
1129                                                         <enum name="actpass"><para>
1130                                                                 res_pjsip will offer and accept connections from the peer.
1131                                                         </para></enum>
1132                                                 </enumlist>
1133                                         </description>
1134                                 </configOption>
1135                                 <configOption name="dtls_fingerprint">
1136                                         <synopsis>Type of hash to use for the DTLS fingerprint in the SDP.</synopsis>
1137                                         <description>
1138                                                 <para>
1139                                                         This option only applies if <replaceable>media_encryption</replaceable> is
1140                                                         set to <literal>dtls</literal>.
1141                                                 </para>
1142                                                 <enumlist>
1143                                                         <enum name="SHA-256"></enum>
1144                                                         <enum name="SHA-1"></enum>
1145                                                 </enumlist>
1146                                         </description>
1147                                 </configOption>
1148                                 <configOption name="srtp_tag_32">
1149                                         <synopsis>Determines whether 32 byte tags should be used instead of 80 byte tags.</synopsis>
1150                                         <description><para>
1151                                                 This option only applies if <replaceable>media_encryption</replaceable> is
1152                                                 set to <literal>sdes</literal> or <literal>dtls</literal>.
1153                                         </para></description>
1154                                 </configOption>
1155                                 <configOption name="set_var">
1156                                         <synopsis>Variable set on a channel involving the endpoint.</synopsis>
1157                                         <description><para>
1158                                                 When a new channel is created using the endpoint set the specified
1159                                                 variable(s) on that channel. For multiple channel variables specify
1160                                                 multiple 'set_var'(s).
1161                                         </para></description>
1162                                 </configOption>
1163                                 <configOption name="message_context">
1164                                         <synopsis>Context to route incoming MESSAGE requests to.</synopsis>
1165                                         <description><para>
1166                                                 If specified, incoming MESSAGE requests will be routed to the indicated
1167                                                 dialplan context. If no <replaceable>message_context</replaceable> is
1168                                                 specified, then the <replaceable>context</replaceable> setting is used.
1169                                         </para></description>
1170                                 </configOption>
1171                                 <configOption name="accountcode">
1172                                         <synopsis>An accountcode to set automatically on any channels created for this endpoint.</synopsis>
1173                                         <description><para>
1174                                                 If specified, any channel created for this endpoint will automatically
1175                                                 have this accountcode set on it.
1176                                         </para></description>
1177                                 </configOption>
1178                                 <configOption name="preferred_codec_only" default="no">
1179                                         <synopsis>Respond to a SIP invite with the single most preferred codec (DEPRECATED)</synopsis>
1180                                         <description><para>Respond to a SIP invite with the single most preferred codec
1181                                         rather than advertising all joint codec capabilities. This limits the other side's codec
1182                                         choice to exactly what we prefer.</para>
1183                                         <warning><para>This option has been deprecated in favor of
1184                                         <literal>incoming_call_offer_pref</literal>.  Setting both options is unsupported.</para>
1185                                         </warning>
1186                                         </description>
1187                                         <see-also>
1188                                                 <ref type="configOption">incoming_call_offer_pref</ref>
1189                                         </see-also>
1190                                 </configOption>
1191                                 <configOption name="incoming_call_offer_pref" default="local">
1192                                         <synopsis>Preferences for selecting codecs for an incoming call.</synopsis>
1193                                         <description>
1194                                                 <para>Based on this setting, a joint list of preferred codecs between those
1195                                                 received in an incoming SDP offer (remote), and those specified in the
1196                                                 endpoint's "allow" parameter (local) es created and is passed to the Asterisk
1197                                                 core. </para>
1198                                                 <note><para>This list will consist of only those codecs found in both lists.</para></note>
1199                                                 <enumlist>
1200                                                         <enum name="local"><para>
1201                                                                 Include all codecs in the local list that are also in the remote list
1202                                                                 preserving the local order.  (default).
1203                                                         </para></enum>
1204                                                         <enum name="local_first"><para>
1205                                                                 Include only the first codec in the local list that is also in the remote list.
1206                                                         </para></enum>
1207                                                         <enum name="remote"><para>
1208                                                                 Include all codecs in the remote list that are also in the local list
1209                                                                 preserving the remote order.
1210                                                         </para></enum>
1211                                                         <enum name="remote_first"><para>
1212                                                                 Include only the first codec in the remote list that is also in the local list.
1213                                                         </para></enum>
1214                                                 </enumlist>
1215                                         </description>
1216                                 </configOption>
1217                                 <configOption name="outgoing_call_offer_pref" default="local">
1218                                         <synopsis>Preferences for selecting codecs for an outgoing call.</synopsis>
1219                                         <description>
1220                                                 <para>Based on this setting, a joint list of preferred codecs between
1221                                                 those received from the Asterisk core (remote), and those specified in
1222                                                 the endpoint's "allow" parameter (local) is created and is used to create
1223                                                 the outgoing SDP offer.</para>
1224                                                 <enumlist>
1225                                                         <enum name="local"><para>
1226                                                                 Include all codecs in the local list that are also in the remote list
1227                                                                 preserving the local order.
1228                                                         </para></enum>
1229                                                         <enum name="local_merge"><para>
1230                                                                 Include all codecs in BOTH lists preserving the local order.
1231                                                                 Remote codecs not in the local list will be placed at the end
1232                                                                 of the joint list.
1233                                                         </para></enum>
1234                                                         <enum name="local_first"><para>
1235                                                                 Include only the first codec in the local list.
1236                                                         </para></enum>
1237                                                         <enum name="remote"><para>
1238                                                                 Include all codecs in the remote list that are also in the local list
1239                                                                 preserving the remote order. (default)
1240                                                         </para></enum>
1241                                                         <enum name="remote_merge"><para>
1242                                                                 Include all codecs in BOTH lists preserving the remote order.
1243                                                                 Local codecs not in the remote list will be placed at the end
1244                                                                 of the joint list.
1245                                                         </para></enum>
1246                                                         <enum name="remote_first"><para>
1247                                                                 Include only the first codec in the remote list.
1248                                                         </para></enum>
1249                                                 </enumlist>
1250                                         </description>
1251                                 </configOption>
1252                                 <configOption name="rtp_keepalive">
1253                                         <synopsis>Number of seconds between RTP comfort noise keepalive packets.</synopsis>
1254                                         <description><para>
1255                                                 At the specified interval, Asterisk will send an RTP comfort noise frame. This may
1256                                                 be useful for situations where Asterisk is behind a NAT or firewall and must keep
1257                                                 a hole open in order to allow for media to arrive at Asterisk.
1258                                         </para></description>
1259                                 </configOption>
1260                                 <configOption name="rtp_timeout" default="0">
1261                                         <synopsis>Maximum number of seconds without receiving RTP (while off hold) before terminating call.</synopsis>
1262                                         <description><para>
1263                                                 This option configures the number of seconds without RTP (while off hold) before
1264                                                 considering a channel as dead. When the number of seconds is reached the underlying
1265                                                 channel is hung up. By default this option is set to 0, which means do not check.
1266                                         </para></description>
1267                                 </configOption>
1268                                 <configOption name="rtp_timeout_hold" default="0">
1269                                         <synopsis>Maximum number of seconds without receiving RTP (while on hold) before terminating call.</synopsis>
1270                                         <description><para>
1271                                                 This option configures the number of seconds without RTP (while on hold) before
1272                                                 considering a channel as dead. When the number of seconds is reached the underlying
1273                                                 channel is hung up. By default this option is set to 0, which means do not check.
1274                                         </para></description>
1275                                 </configOption>
1276                                 <configOption name="acl">
1277                                         <synopsis>List of IP ACL section names in acl.conf</synopsis>
1278                                         <description><para>
1279                                                 This matches sections configured in <literal>acl.conf</literal>. The value is
1280                                                 defined as a list of comma-delimited section names.
1281                                         </para></description>
1282                                 </configOption>
1283                                 <configOption name="deny">
1284                                         <synopsis>List of IP addresses to deny access from</synopsis>
1285                                         <description><para>
1286                                                 The value is a comma-delimited list of IP addresses. IP addresses may
1287                                                 have a subnet mask appended. The subnet mask may be written in either
1288                                                 CIDR or dotted-decimal notation. Separate the IP address and subnet
1289                                                 mask with a slash ('/')
1290                                         </para></description>
1291                                 </configOption>
1292                                 <configOption name="permit">
1293                                         <synopsis>List of IP addresses to permit access from</synopsis>
1294                                         <description><para>
1295                                                 The value is a comma-delimited list of IP addresses. IP addresses may
1296                                                 have a subnet mask appended. The subnet mask may be written in either
1297                                                 CIDR or dotted-decimal notation. Separate the IP address and subnet
1298                                                 mask with a slash ('/')
1299                                         </para></description>
1300                                 </configOption>
1301                                 <configOption name="contact_acl">
1302                                         <synopsis>List of Contact ACL section names in acl.conf</synopsis>
1303                                         <description><para>
1304                                                 This matches sections configured in <literal>acl.conf</literal>. The value is
1305                                                 defined as a list of comma-delimited section names.
1306                                         </para></description>
1307                                 </configOption>
1308                                 <configOption name="contact_deny">
1309                                         <synopsis>List of Contact header addresses to deny</synopsis>
1310                                         <description><para>
1311                                                 The value is a comma-delimited list of IP addresses. IP addresses may
1312                                                 have a subnet mask appended. The subnet mask may be written in either
1313                                                 CIDR or dotted-decimal notation. Separate the IP address and subnet
1314                                                 mask with a slash ('/')
1315                                         </para></description>
1316                                 </configOption>
1317                                 <configOption name="contact_permit">
1318                                         <synopsis>List of Contact header addresses to permit</synopsis>
1319                                         <description><para>
1320                                                 The value is a comma-delimited list of IP addresses. IP addresses may
1321                                                 have a subnet mask appended. The subnet mask may be written in either
1322                                                 CIDR or dotted-decimal notation. Separate the IP address and subnet
1323                                                 mask with a slash ('/')
1324                                         </para></description>
1325                                 </configOption>
1326                                 <configOption name="subscribe_context">
1327                                         <synopsis>Context for incoming MESSAGE requests.</synopsis>
1328                                         <description><para>
1329                                                 If specified, incoming SUBSCRIBE requests will be searched for the matching
1330                                                 extension in the indicated context.
1331                                                 If no <replaceable>subscribe_context</replaceable> is specified,
1332                                                 then the <replaceable>context</replaceable> setting is used.
1333                                         </para></description>
1334                                 </configOption>
1335                                 <configOption name="contact_user" default="">
1336                                         <synopsis>Force the user on the outgoing Contact header to this value.</synopsis>
1337                                         <description><para>
1338                                                 On outbound requests, force the user portion of the Contact header to this value.
1339                                         </para></description>
1340                                 </configOption>
1341                                 <configOption name="asymmetric_rtp_codec" default="no">
1342                                         <synopsis>Allow the sending and receiving RTP codec to differ</synopsis>
1343                                         <description><para>
1344                                                 When set to "yes" the codec in use for sending will be allowed to differ from
1345                                                 that of the received one. PJSIP will not automatically switch the sending one
1346                                                 to the receiving one.
1347                                         </para></description>
1348                                 </configOption>
1349                                 <configOption name="rtcp_mux" default="no">
1350                                         <synopsis>Enable RFC 5761 RTCP multiplexing on the RTP port</synopsis>
1351                                         <description><para>
1352                                                 With this option enabled, Asterisk will attempt to negotiate the use of the "rtcp-mux"
1353                                                 attribute on all media streams. This will result in RTP and RTCP being sent and received
1354                                                 on the same port. This shifts the demultiplexing logic to the application rather than
1355                                                 the transport layer. This option is useful when interoperating with WebRTC endpoints
1356                                                 since they mandate this option's use.
1357                                         </para></description>
1358                                 </configOption>
1359                                 <configOption name="refer_blind_progress" default="yes">
1360                                         <synopsis>Whether to notifies all the progress details on blind transfer</synopsis>
1361                                         <description><para>
1362                                                 Some SIP phones (Mitel/Aastra, Snom) expect a sip/frag "200 OK"
1363                                                 after REFER has been accepted. If set to <literal>no</literal> then asterisk
1364                                                 will not send the progress details, but immediately will send "200 OK".
1365                                         </para></description>
1366                                 </configOption>
1367                                 <configOption name="notify_early_inuse_ringing" default="no">
1368                                         <synopsis>Whether to notifies dialog-info 'early' on InUse&amp;Ringing state</synopsis>
1369                                         <description><para>
1370                                                 Control whether dialog-info subscriptions get 'early' state
1371                                                 on Ringing when already INUSE.
1372                                         </para></description>
1373                                 </configOption>
1374                                 <configOption name="max_audio_streams" default="1">
1375                                         <synopsis>The maximum number of allowed audio streams for the endpoint</synopsis>
1376                                         <description><para>
1377                                                 This option enforces a limit on the maximum simultaneous negotiated audio
1378                                                 streams allowed for the endpoint.
1379                                         </para></description>
1380                                 </configOption>
1381                                 <configOption name="max_video_streams" default="1">
1382                                         <synopsis>The maximum number of allowed video streams for the endpoint</synopsis>
1383                                         <description><para>
1384                                                 This option enforces a limit on the maximum simultaneous negotiated video
1385                                                 streams allowed for the endpoint.
1386                                         </para></description>
1387                                 </configOption>
1388                                 <configOption name="bundle" default="no">
1389                                         <synopsis>Enable RTP bundling</synopsis>
1390                                         <description><para>
1391                                                 With this option enabled, Asterisk will attempt to negotiate the use of bundle.
1392                                                 If negotiated this will result in multiple RTP streams being carried over the same
1393                                                 underlying transport. Note that enabling bundle will also enable the rtcp_mux option.
1394                                         </para></description>
1395                                 </configOption>
1396                                 <configOption name="webrtc" default="no">
1397                                         <synopsis>Defaults and enables some options that are relevant to WebRTC</synopsis>
1398                                         <description><para>
1399                                                 When set to "yes" this also enables the following values that are needed in
1400                                                 order for basic WebRTC support to work: rtcp_mux, use_avpf, ice_support, and
1401                                                 use_received_transport. The following configuration settings also get defaulted
1402                                                 as follows:</para>
1403                                                 <para>media_encryption=dtls</para>
1404                                                 <para>dtls_auto_generate_cert=yes (if dtls_cert_file is not set)</para>
1405                                                 <para>dtls_verify=fingerprint</para>
1406                                                 <para>dtls_setup=actpass</para>
1407                                         </description>
1408                                 </configOption>
1409                                 <configOption name="incoming_mwi_mailbox">
1410                                         <synopsis>Mailbox name to use when incoming MWI NOTIFYs are received</synopsis>
1411                                         <description><para>
1412                                                 If an MWI NOTIFY is received <emphasis>from</emphasis> this endpoint,
1413                                                 this mailbox will be used when notifying other modules of MWI status
1414                                                 changes.  If not set, incoming MWI NOTIFYs are ignored.
1415                                         </para></description>
1416                                 </configOption>
1417                                 <configOption name="follow_early_media_fork">
1418                                         <synopsis>Follow SDP forked media when To tag is different</synopsis>
1419                                         <description><para>
1420                                                 On outgoing calls, if the UAS responds with different SDP attributes
1421                                                 on subsequent 18X or 2XX responses (such as a port update) AND the
1422                                                 To tag on the subsequent response is different than that on the previous
1423                                                 one, follow it. This usually happens when the INVITE is forked to multiple
1424                                                 UASs and more than one sends an SDP answer.
1425                                                 </para>
1426                                                 <note><para>
1427                                                         This option must also be enabled in the <literal>system</literal>
1428                                                         section for it to take effect here.
1429                                                 </para></note>
1430                                         </description>
1431                                 </configOption>
1432                                 <configOption name="accept_multiple_sdp_answers" default="no">
1433                                         <synopsis>Accept multiple SDP answers on non-100rel responses</synopsis>
1434                                         <description><para>
1435                                                 On outgoing calls, if the UAS responds with different SDP attributes
1436                                                 on non-100rel 18X or 2XX responses (such as a port update) AND the
1437                                                 To tag on the subsequent response is the same as that on the previous one,
1438                                                 process the updated SDP.  This can happen when the UAS needs to change ports
1439                                                 for some reason such as using a separate port for custom ringback.
1440                                                 </para>
1441                                                 <note><para>
1442                                                         This option must also be enabled in the <literal>system</literal>
1443                                                         section for it to take effect here.
1444                                                 </para></note>
1445                                         </description>
1446                                 </configOption>
1447                                 <configOption name="suppress_q850_reason_headers" default="no">
1448                                         <synopsis>Suppress Q.850 Reason headers for this endpoint</synopsis>
1449                                         <description><para>
1450                                                 Some devices can't accept multiple Reason headers and get confused
1451                                                 when both 'SIP' and 'Q.850' Reason headers are received.  This
1452                                                 option allows the 'Q.850' Reason header to be suppressed.</para>
1453                                         </description>
1454                                 </configOption>
1455                                 <configOption name="ignore_183_without_sdp" default="no">
1456                                         <synopsis>Do not forward 183 when it doesn't contain SDP</synopsis>
1457                                         <description><para>
1458                                                 Certain SS7 internetworking scenarios can result in a 183
1459                                                 to be generated for reasons other than early media.  Forwarding
1460                                                 this 183 can cause loss of ringback tone.  This flag emulates
1461                                                 the behavior of chan_sip and prevents these 183 responses from
1462                                                 being forwarded.</para>
1463                                         </description>
1464                                 </configOption>
1465                                 <configOption name="stir_shaken" default="no">
1466                                         <synopsis>Enable STIR/SHAKEN support on this endpoint</synopsis>
1467                                         <description><para>
1468                                                 Enable STIR/SHAKEN support on this endpoint. On incoming INVITEs,
1469                                                 the Identity header will be checked for validity. On outgoing
1470                                                 INVITEs, an Identity header will be added.</para>
1471                                         </description>
1472                                 </configOption>
1473                         </configObject>
1474                         <configObject name="auth">
1475                                 <synopsis>Authentication type</synopsis>
1476                                 <description><para>
1477                                         Authentication objects hold the authentication information for use
1478                                         by other objects such as <literal>endpoints</literal> or <literal>registrations</literal>.
1479                                         This also allows for multiple objects to use a single auth object. See
1480                                         the <literal>auth_type</literal> config option for password style choices.
1481                                 </para></description>
1482                                 <configOption name="auth_type" default="userpass">
1483                                         <synopsis>Authentication type</synopsis>
1484                                         <description><para>
1485                                                 This option specifies which of the password style config options should be read
1486                                                 when trying to authenticate an endpoint inbound request. If set to <literal>userpass</literal>
1487                                                 then we'll read from the 'password' option. For <literal>md5</literal> we'll read
1488                                                 from 'md5_cred'. If set to <literal>google_oauth</literal> then we'll read from the refresh_token/oauth_clientid/oauth_secret fields.
1489                                                 </para>
1490                                                 <enumlist>
1491                                                         <enum name="md5"/>
1492                                                         <enum name="userpass"/>
1493                                                         <enum name="google_oauth"/>
1494                                                 </enumlist>
1495                                         </description>
1496                                 </configOption>
1497                                 <configOption name="nonce_lifetime" default="32">
1498                                         <synopsis>Lifetime of a nonce associated with this authentication config.</synopsis>
1499                                 </configOption>
1500                                 <configOption name="md5_cred">
1501                                         <synopsis>MD5 Hash used for authentication.</synopsis>
1502                                         <description><para>Only used when auth_type is <literal>md5</literal>.</para></description>
1503                                 </configOption>
1504                                 <configOption name="password">
1505                                         <synopsis>Plain text password used for authentication.</synopsis>
1506                                         <description><para>Only used when auth_type is <literal>userpass</literal>.</para></description>
1507                                 </configOption>
1508                                 <configOption name="refresh_token">
1509                                         <synopsis>OAuth 2.0 refresh token</synopsis>
1510                                 </configOption>
1511                                 <configOption name="oauth_clientid">
1512                                         <synopsis>OAuth 2.0 application's client id</synopsis>
1513                                 </configOption>
1514                                 <configOption name="oauth_secret">
1515                                         <synopsis>OAuth 2.0 application's secret</synopsis>
1516                                 </configOption>
1517                                 <configOption name="realm">
1518                                         <synopsis>SIP realm for endpoint</synopsis>
1519                                         <description><para>
1520                                                 The treatment of this value depends upon how the authentication
1521                                                 object is used.
1522                                                 </para><para>
1523                                                 When used as an inbound authentication object, the realm is sent
1524                                                 as part of the challenge so the peer can know which key to use
1525                                                 when responding.  An empty value will use the
1526                                                 <replaceable>global</replaceable> section's
1527                                                 <literal>default_realm</literal> value when issuing a challenge.
1528                                                 </para><para>
1529                                                 When used as an outbound authentication object, the realm is
1530                                                 matched with the received challenge realm to determine which
1531                                                 authentication object to use when responding to the challenge.  An
1532                                                 empty value matches any challenging realm when determining
1533                                                 which authentication object matches a received challenge.
1534                                                 </para>
1535                                                 <note><para>
1536                                                 Using the same auth section for inbound and outbound
1537                                                 authentication is not recommended.  There is a difference in
1538                                                 meaning for an empty realm setting between inbound and outbound
1539                                                 authentication uses.</para></note>
1540                                         </description>
1541                                 </configOption>
1542                                 <configOption name="type">
1543                                         <synopsis>Must be 'auth'</synopsis>
1544                                 </configOption>
1545                                 <configOption name="username">
1546                                         <synopsis>Username to use for account</synopsis>
1547                                 </configOption>
1548                         </configObject>
1549                         <configObject name="domain_alias">
1550                                 <synopsis>Domain Alias</synopsis>
1551                                 <description><para>
1552                                         Signifies that a domain is an alias. If the domain on a session is
1553                                         not found to match an AoR then this object is used to see if we have
1554                                         an alias for the AoR to which the endpoint is binding. This objects
1555                                         name as defined in configuration should be the domain alias and a
1556                                         config option is provided to specify the domain to be aliased.
1557                                 </para></description>
1558                                 <configOption name="type">
1559                                         <synopsis>Must be of type 'domain_alias'.</synopsis>
1560                                 </configOption>
1561                                 <configOption name="domain">
1562                                         <synopsis>Domain to be aliased</synopsis>
1563                                 </configOption>
1564                         </configObject>
1565                         <configObject name="transport">
1566                                 <synopsis>SIP Transport</synopsis>
1567                                 <description><para>
1568                                         <emphasis>Transports</emphasis>
1569                                         </para>
1570                                         <para>There are different transports and protocol derivatives
1571                                                 supported by <literal>res_pjsip</literal>. They are in order of
1572                                                 preference: UDP, TCP, and WebSocket (WS).</para>
1573                                         <note><para>Changes to transport configuration in pjsip.conf will only be
1574                                                 effected on a complete restart of Asterisk. A module reload
1575                                                 will not suffice.</para></note>
1576                                 </description>
1577                                 <configOption name="async_operations" default="1">
1578                                         <synopsis>Number of simultaneous Asynchronous Operations</synopsis>
1579                                 </configOption>
1580                                 <configOption name="bind">
1581                                         <synopsis>IP Address and optional port to bind to for this transport</synopsis>
1582                                 </configOption>
1583                                 <configOption name="ca_list_file">
1584                                         <synopsis>File containing a list of certificates to read (TLS ONLY, not WSS)</synopsis>
1585                                 </configOption>
1586                                 <configOption name="ca_list_path">
1587                                         <synopsis>Path to directory containing a list of certificates to read (TLS ONLY, not WSS)</synopsis>
1588                                 </configOption>
1589                                 <configOption name="cert_file">
1590                                         <synopsis>Certificate file for endpoint (TLS ONLY, not WSS)</synopsis>
1591                                         <description><para>
1592                                                 A path to a .crt or .pem file can be provided.  However, only
1593                                                 the certificate is read from the file, not the private key.
1594                                                 The <literal>priv_key_file</literal> option must supply a
1595                                                 matching key file.
1596                                         </para></description>
1597                                 </configOption>
1598                                 <configOption name="cipher">
1599                                         <synopsis>Preferred cryptography cipher names (TLS ONLY, not WSS)</synopsis>
1600                                         <description>
1601                                         <para>Comma separated list of cipher names or numeric equivalents.
1602                                                 Numeric equivalents can be either decimal or hexadecimal (0xX).
1603                                         </para>
1604                                         <para>There are many cipher names.  Use the CLI command
1605                                                 <literal>pjsip list ciphers</literal> to see a list of cipher
1606                                                 names available for your installation.  See link for more:</para>
1607                                         <para>http://www.openssl.org/docs/apps/ciphers.html#CIPHER_SUITE_NAMES
1608                                         </para>
1609                                         </description>
1610                                 </configOption>
1611                                 <configOption name="domain">
1612                                         <synopsis>Domain the transport comes from</synopsis>
1613                                 </configOption>
1614                                 <configOption name="external_media_address">
1615                                         <synopsis>External IP address to use in RTP handling</synopsis>
1616                                         <description><para>
1617                                                 When a request or response is sent out, if the destination of the
1618                                                 message is outside the IP network defined in the option <literal>localnet</literal>,
1619                                                 and the media address in the SDP is within the localnet network, then the
1620                                                 media address in the SDP will be rewritten to the value defined for
1621                                                 <literal>external_media_address</literal>.
1622                                         </para></description>
1623                                 </configOption>
1624                                 <configOption name="external_signaling_address">
1625                                         <synopsis>External address for SIP signalling</synopsis>
1626                                 </configOption>
1627                                 <configOption name="external_signaling_port" default="0">
1628                                         <synopsis>External port for SIP signalling</synopsis>
1629                                 </configOption>
1630                                 <configOption name="method">
1631                                         <synopsis>Method of SSL transport (TLS ONLY, not WSS)</synopsis>
1632                                         <description>
1633                                                 <enumlist>
1634                                                         <enum name="default">
1635                                                                 <para>The default as defined by PJSIP. This is currently TLSv1, but may change with future releases.</para>
1636                                                         </enum>
1637                                                         <enum name="unspecified">
1638                                                                 <para>This option is equivalent to setting 'default'</para>
1639                                                         </enum>
1640                                                         <enum name="tlsv1" />
1641                                                         <enum name="tlsv1_1" />
1642                                                         <enum name="tlsv1_2" />
1643                                                         <enum name="sslv2" />
1644                                                         <enum name="sslv3" />
1645                                                         <enum name="sslv23" />
1646                                                 </enumlist>
1647                                         </description>
1648                                 </configOption>
1649                                 <configOption name="local_net">
1650                                         <synopsis>Network to consider local (used for NAT purposes).</synopsis>
1651                                         <description><para>This must be in CIDR or dotted decimal format with the IP
1652                                         and mask separated with a slash ('/').</para></description>
1653                                 </configOption>
1654                                 <configOption name="password">
1655                                         <synopsis>Password required for transport</synopsis>
1656                                 </configOption>
1657                                 <configOption name="priv_key_file">
1658                                         <synopsis>Private key file (TLS ONLY, not WSS)</synopsis>
1659                                 </configOption>
1660                                 <configOption name="protocol" default="udp">
1661                                         <synopsis>Protocol to use for SIP traffic</synopsis>
1662                                         <description>
1663                                                 <enumlist>
1664                                                         <enum name="udp" />
1665                                                         <enum name="tcp" />
1666                                                         <enum name="tls" />
1667                                                         <enum name="ws" />
1668                                                         <enum name="wss" />
1669                                                         <enum name="flow" />
1670                                                 </enumlist>
1671                                         </description>
1672                                 </configOption>
1673                                 <configOption name="require_client_cert" default="false">
1674                                         <synopsis>Require client certificate (TLS ONLY, not WSS)</synopsis>
1675                                 </configOption>
1676                                 <configOption name="type">
1677                                         <synopsis>Must be of type 'transport'.</synopsis>
1678                                 </configOption>
1679                                 <configOption name="verify_client" default="false">
1680                                         <synopsis>Require verification of client certificate (TLS ONLY, not WSS)</synopsis>
1681                                 </configOption>
1682                                 <configOption name="verify_server" default="false">
1683                                         <synopsis>Require verification of server certificate (TLS ONLY, not WSS)</synopsis>
1684                                 </configOption>
1685                                 <configOption name="tos" default="false">
1686                                         <synopsis>Enable TOS for the signalling sent over this transport</synopsis>
1687                                         <description>
1688                                         <para>See <literal>https://wiki.asterisk.org/wiki/display/AST/IP+Quality+of+Service</literal>
1689                                         for more information on this parameter.</para>
1690                                         <note><para>This option does not apply to the <replaceable>ws</replaceable>
1691                                         or the <replaceable>wss</replaceable> protocols.</para></note>
1692                                         </description>
1693                                 </configOption>
1694                                 <configOption name="cos" default="false">
1695                                         <synopsis>Enable COS for the signalling sent over this transport</synopsis>
1696                                         <description>
1697                                         <para>See <literal>https://wiki.asterisk.org/wiki/display/AST/IP+Quality+of+Service</literal>
1698                                         for more information on this parameter.</para>
1699                                         <note><para>This option does not apply to the <replaceable>ws</replaceable>
1700                                         or the <replaceable>wss</replaceable> protocols.</para></note>
1701                                         </description>
1702                                 </configOption>
1703                                 <configOption name="websocket_write_timeout">
1704                                         <synopsis>The timeout (in milliseconds) to set on WebSocket connections.</synopsis>
1705                                         <description>
1706                                                 <para>If a websocket connection accepts input slowly, the timeout
1707                                                 for writes to it can be increased to keep it from being disconnected.
1708                                                 Value is in milliseconds; default is 100 ms.</para>
1709                                         </description>
1710                                 </configOption>
1711                                 <configOption name="allow_reload" default="no">
1712                                         <synopsis>Allow this transport to be reloaded.</synopsis>
1713                                         <description>
1714                                                 <para>Allow this transport to be reloaded when res_pjsip is reloaded.
1715                                                 This option defaults to "no" because reloading a transport may disrupt
1716                                                 in-progress calls.</para>
1717                                         </description>
1718                                 </configOption>
1719                                 <configOption name="symmetric_transport" default="no">
1720                                         <synopsis>Use the same transport for outgoing requests as incoming ones.</synopsis>
1721                                         <description>
1722                                                 <para>When a request from a dynamic contact
1723                                                         comes in on a transport with this option set to 'yes',
1724                                                         the transport name will be saved and used for subsequent
1725                                                         outgoing requests like OPTIONS, NOTIFY and INVITE.  It's
1726                                                         saved as a contact uri parameter named 'x-ast-txp' and will
1727                                                         display with the contact uri in CLI, AMI, and ARI output.
1728                                                         On the outgoing request, if a transport wasn't explicitly
1729                                                         set on the endpoint AND the request URI is not a hostname,
1730                                                         the saved transport will be used and the 'x-ast-txp'
1731                                                         parameter stripped from the outgoing packet.
1732                                                 </para>
1733                                         </description>
1734                                 </configOption>
1735                         </configObject>
1736                         <configObject name="contact">
1737                                 <synopsis>A way of creating an aliased name to a SIP URI</synopsis>
1738                                 <description><para>
1739                                         Contacts are a way to hide SIP URIs from the dialplan directly.
1740                                         They are also used to make a group of contactable parties when
1741                                         in use with <literal>AoR</literal> lists.
1742                                 </para></description>
1743                                 <configOption name="type">
1744                                         <synopsis>Must be of type 'contact'.</synopsis>
1745                                 </configOption>
1746                                 <configOption name="uri">
1747                                         <synopsis>SIP URI to contact peer</synopsis>
1748                                 </configOption>
1749                                 <configOption name="expiration_time">
1750                                         <synopsis>Time to keep alive a contact</synopsis>
1751                                         <description><para>
1752                                                 Time to keep alive a contact. String style specification.
1753                                         </para></description>
1754                                 </configOption>
1755                                 <configOption name="qualify_frequency" default="0">
1756                                         <synopsis>Interval at which to qualify a contact</synopsis>
1757                                         <description><para>
1758                                                 Interval between attempts to qualify the contact for reachability.
1759                                                 If <literal>0</literal> never qualify. Time in seconds.
1760                                         </para></description>
1761                                 </configOption>
1762                                 <configOption name="qualify_timeout" default="3.0">
1763                                         <synopsis>Timeout for qualify</synopsis>
1764                                         <description><para>
1765                                                 If the contact doesn't respond to the OPTIONS request before the timeout,
1766                                                 the contact is marked unavailable.
1767                                                 If <literal>0</literal> no timeout. Time in fractional seconds.
1768                                         </para></description>
1769                                 </configOption>
1770                                 <configOption name="authenticate_qualify">
1771                                         <synopsis>Authenticates a qualify challenge response if needed</synopsis>
1772                                         <description>
1773                                                 <para>If true and a qualify request receives a challenge response then
1774                                                 authentication is attempted before declaring the contact available.
1775                                                 </para>
1776                                                 <note><para>This option does nothing as we will always complete
1777                                                 the challenge response authentication if the qualify request is
1778                                                 challenged.
1779                                                 </para></note>
1780                                         </description>
1781                                 </configOption>
1782                                 <configOption name="outbound_proxy">
1783                                         <synopsis>Outbound proxy used when sending OPTIONS request</synopsis>
1784                                         <description><para>
1785                                                 If set the provided URI will be used as the outbound proxy when an
1786                                                 OPTIONS request is sent to a contact for qualify purposes.
1787                                         </para></description>
1788                                 </configOption>
1789                                 <configOption name="path">
1790                                         <synopsis>Stored Path vector for use in Route headers on outgoing requests.</synopsis>
1791                                 </configOption>
1792                                 <configOption name="user_agent">
1793                                         <synopsis>User-Agent header from registration.</synopsis>
1794                                         <description><para>
1795                                                 The User-Agent is automatically stored based on data present in incoming SIP
1796                                                 REGISTER requests and is not intended to be configured manually.
1797                                         </para></description>
1798                                 </configOption>
1799                                 <configOption name="endpoint">
1800                                         <synopsis>Endpoint name</synopsis>
1801                                         <description><para>
1802                                                 The name of the endpoint this contact belongs to
1803                                         </para></description>
1804                                 </configOption>
1805                                 <configOption name="reg_server">
1806                                         <synopsis>Asterisk Server name</synopsis>
1807                                         <description><para>
1808                                                 Asterisk Server name on which SIP endpoint registered.
1809                                         </para></description>
1810                                 </configOption>
1811                                 <configOption name="via_addr">
1812                                         <synopsis>IP-address of the last Via header from registration.</synopsis>
1813                                         <description><para>
1814                                                 The last Via header should contain the address of UA which sent the request.
1815                                                 The IP-address of the last Via header is automatically stored based on data present
1816                                                 in incoming SIP REGISTER requests and is not intended to be configured manually.
1817                                         </para></description>
1818                                 </configOption>
1819                                 <configOption name="via_port">
1820                                         <synopsis>IP-port of the last Via header from registration.</synopsis>
1821                                         <description><para>
1822                                                 The IP-port of the last Via header is automatically stored based on data present
1823                                                 in incoming SIP REGISTER requests and is not intended to be configured manually.
1824                                         </para></description>
1825                                 </configOption>
1826                                 <configOption name="call_id">
1827                                         <synopsis>Call-ID header from registration.</synopsis>
1828                                         <description><para>
1829                                                 The Call-ID header is automatically stored based on data present
1830                                                 in incoming SIP REGISTER requests and is not intended to be configured manually.
1831                                         </para></description>
1832                                 </configOption>
1833                                 <configOption name="prune_on_boot">
1834                                         <synopsis>A contact that cannot survive a restart/boot.</synopsis>
1835                                         <description><para>
1836                                                 The option is set if the incoming SIP REGISTER contact is rewritten
1837                                                 on a reliable transport and is not intended to be configured manually.
1838                                         </para></description>
1839                                 </configOption>
1840                         </configObject>
1841                         <configObject name="aor">
1842                                 <synopsis>The configuration for a location of an endpoint</synopsis>
1843                                 <description><para>
1844                                         An AoR is what allows Asterisk to contact an endpoint via res_pjsip. If no
1845                                         AoRs are specified, an endpoint will not be reachable by Asterisk.
1846                                         Beyond that, an AoR has other uses within Asterisk, such as inbound
1847                                         registration.
1848                                         </para><para>
1849                                         An <literal>AoR</literal> is a way to allow dialing a group
1850                                         of <literal>Contacts</literal> that all use the same
1851                                         <literal>endpoint</literal> for calls.
1852                                         </para><para>
1853                                         This can be used as another way of grouping a list of contacts to dial
1854                                         rather than specifying them each directly when dialing via the dialplan.
1855                                         This must be used in conjunction with the <literal>PJSIP_DIAL_CONTACTS</literal>.
1856                                         </para><para>
1857                                         Registrations: For Asterisk to match an inbound registration to an endpoint,
1858                                         the AoR object name must match the user portion of the SIP URI in the "To:"
1859                                         header of the inbound SIP registration. That will usually be equivalent
1860                                         to the "user name" set in your hard or soft phones configuration.
1861                                 </para></description>
1862                                 <configOption name="contact">
1863                                         <synopsis>Permanent contacts assigned to AoR</synopsis>
1864                                         <description><para>
1865                                                 Contacts specified will be called whenever referenced
1866                                                 by <literal>chan_pjsip</literal>.
1867                                                 </para><para>
1868                                                 Use a separate "contact=" entry for each contact required. Contacts
1869                                                 are specified using a SIP URI.
1870                                         </para></description>
1871                                 </configOption>
1872                                 <configOption name="default_expiration" default="3600">
1873                                         <synopsis>Default expiration time in seconds for contacts that are dynamically bound to an AoR.</synopsis>
1874                                 </configOption>
1875                                 <configOption name="mailboxes">
1876                                         <synopsis>Allow subscriptions for the specified mailbox(es)</synopsis>
1877                                         <description><para>This option applies when an external entity subscribes to an AoR
1878                                                 for Message Waiting Indications. The mailboxes specified will be subscribed to.
1879                                                 More than one mailbox can be specified with a comma-delimited string.
1880                                                 app_voicemail mailboxes must be specified as mailbox@context;
1881                                                 for example: mailboxes=6001@default. For mailboxes provided by external sources,
1882                                                 such as through the res_mwi_external module, you must specify strings supported by
1883                                                 the external system.
1884                                         </para><para>
1885                                                 For endpoints that cannot SUBSCRIBE for MWI, you can set the <literal>mailboxes</literal> option in your
1886                                                 endpoint configuration section to enable unsolicited MWI NOTIFYs to the endpoint.
1887                                         </para></description>
1888                                 </configOption>
1889                                 <configOption name="voicemail_extension">
1890                                         <synopsis>The voicemail extension to send in the NOTIFY Message-Account header</synopsis>
1891                                 </configOption>
1892                                 <configOption name="maximum_expiration" default="7200">
1893                                         <synopsis>Maximum time to keep an AoR</synopsis>
1894                                         <description><para>
1895                                                 Maximum time to keep a peer with explicit expiration. Time in seconds.
1896                                         </para></description>
1897                                 </configOption>
1898                                 <configOption name="max_contacts" default="0">
1899                                         <synopsis>Maximum number of contacts that can bind to an AoR</synopsis>
1900                                         <description><para>
1901                                                 Maximum number of contacts that can associate with this AoR. This value does
1902                                                 not affect the number of contacts that can be added with the "contact" option.
1903                                                 It only limits contacts added through external interaction, such as
1904                                                 registration.
1905                                                 </para>
1906                                                 <note><para>The <replaceable>rewrite_contact</replaceable> option
1907                                                 registers the source address as the contact address to help with
1908                                                 NAT and reusing connection oriented transports such as TCP and
1909                                                 TLS.  Unfortunately, refreshing a registration may register a
1910                                                 different contact address and exceed
1911                                                 <replaceable>max_contacts</replaceable>.  The
1912