keith/puppet
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

FS: Rename SIP Profiles

Browse source
This commit is contained in:
Keith Whyte 2023-08-02 05:52:08 +02:00
parent 0e24b1e31b
commit 1fbe4aef12
10 changed files with 333 additions and 514 deletions
Download patch file Download diff file Expand all files Collapse all files

191
modules/rhizo_base/templates/GERAN.xml.erb Normal file
View file

@ -0,0 +1,191 @@
<profile name="GERAN">
<domains>
<!-- indicator to parse the directory for domains with parse="true" to get gateways-->
<!--<domain name="$${domain}" parse="true"/>-->
<!-- indicator to parse the directory for domains with parse="true" to get gateways and alias every domain to this profile -->
<!--<domain name="all" alias="true" parse="true"/>-->
<domain name="all" alias="false" parse="false"/>
</domains>
<settings>
<!-- inject delay between dtmf digits on send to help some slow interpreters (also per channel with rtp_digit_delay var -->
<!-- <param name="rtp-digit-delay" value="40"/>-->
<!--
When calls are in no media this will bring them back to media
when you press the hold button.
-->
<!--<param name="media-option" value="resume-media-on-hold"/> -->
<!--
This will allow a call after an attended transfer go back to
bypass media after an attended transfer.
-->
<!--<param name="media-option" value="bypass-media-after-att-xfer"/>-->
<!-- <param name="user-agent-string" value="FreeSWITCH Rocks!"/> -->
<param name="debug" value="0"/>
<!-- If you want FreeSWITCH to shutdown if this profile fails to load, uncomment the next line. -->
<param name="shutdown-on-fail" value="true"/>
<param name="sip-trace" value="no"/>
<param name="sip-capture" value="no"/>
<!-- Use presence_map.conf.xml to convert extension regex to presence protos for routing -->
<!-- <param name="presence-proto-lookup" value="true"/> -->
<!-- Don't be picky about negotiated DTMF just always offer 2833 and accept both 2833 and INFO -->
<param name="liberal-dtmf" value="true"/>
<param name="watchdog-enabled" value="no"/>
<param name="log-auth-failures" value="false"/>
<param name="forward-unsolicited-mwi-notify" value="false"/>
<param name="context" value="public"/>
<param name="rfc2833-pt" value="101"/>
<param name="sip-port" value="5060"/>
<param name="dialplan" value="XML"/>
<param name="dtmf-duration" value="2000"/>
<param name="inbound-codec-prefs" value="GSM,AMR"/>
<param name="outbound-codec-prefs" value="GSM,AMR"/>
<param name="rtp-timer-name" value="soft"/>
<param name="rtp-ip" value="<%= @mncc_ip_address %>"/>
<param name="sip-ip" value="<%= @mncc_ip_address %>"/>
<!--<param name="hold-music" value="$${hold_music}"/>-->
<!-- param name="apply-nat-acl" value="nat.auto"/ -->
<!-- (default true) set to false if you do not wish to have called party info in 1XX responses -->
<!-- <param name="cid-in-1xx" value="false"/> -->
<!-- extended info parsing -->
<!-- <param name="extended-info-parsing" value="true"/> -->
<param name="aggressive-nat-detection" value="false"/>
<!--
There are known issues (asserts and segfaults) when 100rel is enabled.
It is not recommended to enable 100rel at this time.
-->
<!--<param name="enable-100rel" value="true"/>-->
<!-- uncomment if you don't wish to try a next SRV destination on 503 response -->
<!-- RFC3263 Section 4.3 -->
<!--<param name="disable-srv503" value="true"/>-->
<!-- Enable Compact SIP headers. -->
<!--<param name="enable-compact-headers" value="true"/>-->
<!--
enable/disable session timers
-->
<!--<param name="enable-timer" value="false"/>-->
<!--<param name="minimum-session-expires" value="120"/>-->
<param name="apply-inbound-acl" value="domains"/>
<!--
This defines your local network, by default we detect your local network
and create this localnet.auto ACL for this.
-->
<param name="local-network-acl" value="localnet.auto"/>
<param name="apply-register-acl" value="domains"/>
<!--<param name="dtmf-type" value="info"/>-->
<!-- Caller-ID type (choose one, can be overridden by inbound call type and/or sip_cid_type channel variable -->
<!-- Remote-Party-ID header -->
<!--<param name="caller-id-type" value="rpid"/>-->
<!-- P-*-Identity family of headers -->
<!--<param name="caller-id-type" value="pid"/>-->
<!-- neither one -->
<!--<param name="caller-id-type" value="none"/>-->
<param name="record-path" value="$${recordings_dir}"/>
<param name="record-template" value="${caller_id_number}.${target_domain}.${strftime(%Y-%m-%d-%H-%M-%S)}.wav"/>
<!--enable to use presence -->
<param name="manage-presence" value="false"/>
<!-- send a presence probe on each register to query devices to send presence instead of sending presence with less info -->
<!--<param name="presence-probe-on-register" value="true"/>-->
<!--<param name="manage-shared-appearance" value="true"/>-->
<!-- used to share presence info across sofia profiles -->
<!-- Name of the db to use for this profile -->
<!--<param name="dbname" value="share_presence"/>-->
<param name="presence-hosts" value="$${domain},$${vpn_ip}"/>
<param name="presence-privacy" value="$${presence_privacy}"/>
<!-- ************************************************* -->
<!-- This setting is for AAL2 bitpacking on G726 -->
<!-- <param name="bitpacking" value="aal2"/> -->
<!--max number of open dialogs in proceeding -->
<!--<param name="max-proceeding" value="1000"/>-->
<!--session timers for all call to expire after the specified seconds -->
<!--<param name="session-timeout" value="1800"/>-->
<!-- Can be 'true' or 'contact' -->
<!--<param name="multiple-registrations" value="contact"/>-->
<!--set to 'greedy' if you want your codec list to take precedence -->
<param name="inbound-codec-negotiation" value="generous"/>
<!-- if you want to send any special bind params of your own -->
<!--<param name="bind-params" value="transport=udp"/>-->
<!--<param name="unregister-on-options-fail" value="true"/>-->
<!-- Send an OPTIONS packet to all registered endpoints -->
<!--<param name="all-reg-options-ping" value="true"/>-->
<!-- Send an OPTIONS packet to NATed registered endpoints. Can be 'true' or 'udp-only'. -->
<!--<param name="nat-options-ping" value="true"/>-->
<!-- TLS: disabled by default, set to "true" to enable -->
<param name="tls" value="false"/>
<!-- turn on auto-flush during bridge (skip timer sleep when the socket already has data)
(reduces delay on latent connections default true, must be disabled explicitly)-->
<!--<param name="rtp-autoflush-during-bridge" value="false"/>-->
<!--If you don't want to pass through timestamps from 1 RTP call to another (on a per call basis with rtp_rewrite_timestamps chanvar)-->
<param name="rtp-rewrite-timestamps" value="false"/>
<!--<param name="pass-rfc2833" value="true"/>-->
<!--If you have ODBC support and a working dsn you can use it instead of SQLite-->
<!--<param name="odbc-dsn" value="dsn:user:pass"/>-->
<!--Uncomment to set all inbound calls to no media mode-->
<!--<param name="inbound-bypass-media" value="true"/>-->
<!--Uncomment to set all inbound calls to proxy media mode-->
<!--<param name="inbound-proxy-media" value="true"/>-->
<!-- Let calls hit the dialplan before selecting codec for the a-leg -->
<param name="inbound-late-negotiation" value="true"/>
<param name="inherit_codec" value="true"/>
<!-- Allow ZRTP clients to negotiate end-to-end security associations (also enables late negotiation) -->
<!-- param name="inbound-zrtp-passthru" value="true"/ -->
<!-- this lets anything register -->
<!-- comment the next line and uncomment one or both of the other 2 lines for call authentication -->
<!-- <param name="accept-blind-reg" value="true"/> -->
<!-- accept any authentication without actually checking (not a good feature for most people) -->
<!-- <param name="accept-blind-auth" value="true"/> -->
<!-- suppress CNG on this profile or per call with the 'suppress_cng' variable -->
<!-- <param name="suppress-cng" value="true"/> -->
<param name="auth-calls" value="false"/>
<param name="ext-rtp-ip" value="<%= @mncc_ip_address %>"/>
<param name="ext-sip-ip" value="<%= @mncc_ip_address %>"/>
<!-- rtp inactivity timeout -->
<param name="rtp-timeout-sec" value="300"/>
<param name="rtp-hold-timeout-sec" value="1800"/>
<!-- VAD choose one (out is a good choice); -->
<!-- <param name="vad" value="in"/> -->
<!-- <param name="vad" value="out"/> -->
<!-- <param name="vad" value="both"/> -->
<!--<param name="alias" value="sip:10.0.1.251:5555"/>-->
<!--
These are enabled to make the default config work better out of the box.
If you need more than ONE domain you'll need to not use these options.
-->
<!--all inbound reg will look in this domain for the users -->
<param name="force-register-domain" value="$${domain}"/>
<!--force the domain in subscriptions to this value -->
<param name="force-subscription-domain" value="$${domain}"/>
<!--all inbound reg will stored in the db using this domain -->
<param name="force-register-db-domain" value="$${domain}"/>
</settings>
</profile>

86
modules/rhizo_base/templates/extrtp.xml.erb Normal file
View file

@ -0,0 +1,86 @@
<profile name="extrtp">
<!-- This profile is runs CP over the VPN and media over public -->
<!-- It's posssible to have problems with NAT punching -->
<gateways>
<gateway name="extrtp">
<param name="username" value="<%= @voip_username %>"/>
<param name="from-user" value="<%= @voip_fromuser %>"/>
<param name="password" value="n/a"/>
<param name="proxy" value="10.23.0.14"/>
<param name="register" value="false"/>
<param name="caller-id-in-from" value="true"/>
</gateway>
</gateways>
<aliases>
</aliases>
<domains>
<domain name="all" alias="false" parse="false"/>
</domains>
<settings>
<param name="debug" value="0"/>
<!-- If you want FreeSWITCH to shutdown if this profile fails to load, uncomment the next line. -->
<!-- <param name="shutdown-on-fail" value="true"/> -->
<param name="sip-trace" value="no"/>
<param name="sip-capture" value="no"/>
<param name="rfc2833-pt" value="101"/>
<!-- RFC 5626 : Send reg-id and sip.instance -->
<!--<param name="enable-rfc-5626" value="true"/> -->
<param name="sip-port" value="5092"/>
<param name="dialplan" value="XML"/>
<param name="context" value="public"/>
<param name="dtmf-duration" value="2000"/>
<param name="inbound-codec-prefs" value="G729,PCMA,PCMU"/>
<param name="outbound-codec-prefs" value="G729,PCMA,PCMU"/>
<!--<param name="hold-music" value="$${hold_music}"/>-->
<param name="rtp-timer-name" value="soft"/>
<!--<param name="enable-100rel" value="true"/>-->
<!--<param name="disable-srv503" value="true"/>-->
<!-- This could be set to "passive" -->
<param name="local-network-acl" value="localnet.auto"/>
<param name="manage-presence" value="false"/>
<param name="aggressive-nat-detection" value="false"/>
<param name="nat-options-ping" value="false"/>
<param name="inbound-codec-negotiation" value="greedy"/>
<param name="nonce-ttl" value="60"/>
<param name="auth-calls" value="false"/>
<param name="inbound-late-negotiation" value="true"/>
<param name="inbound-zrtp-passthru" value="true"/> <!-- (also enables late negotiation) -->
<param name="rtp-ip" value="$${interface_ip}"/>
<param name="sip-ip" value="$${vpn_ip}"/>
<param name="ext-rtp-ip" value="stun:meet.rhizomatica.org:4445"/>
<param name="ext-sip-ip" value="$${vpn_ip}"/>
<param name="rtp-timeout-sec" value="90"/>
<param name="rtp-hold-timeout-sec" value="1800"/>
<!--<param name="enable-3pcc" value="true"/>-->
<!-- TLS: disabled by default, set to "true" to enable -->
<param name="tls" value="$${external_ssl_enable}"/>
<!-- Set to true to not bind on the normal sip-port but only on the TLS port -->
<param name="tls-only" value="false"/>
<!-- additional bind parameters for TLS -->
<param name="tls-bind-params" value="transport=tls"/>
<!-- Port to listen on for TLS requests. (5081 will be used if unspecified) -->
<param name="tls-sip-port" value="$${external_tls_port}"/>
<!-- Location of the agent.pem and cafile.pem ssl certificates (needed for TLS server) -->
<!--<param name="tls-cert-dir" value=""/>-->
<!-- Optionally set the passphrase password used by openSSL to encrypt/decrypt TLS private key files -->
<param name="tls-passphrase" value=""/>
<!-- Verify the date on TLS certificates -->
<param name="tls-verify-date" value="true"/>
<!-- TLS verify policy, when registering/inviting gateways with other servers (outbound) or handling inbound registration/invite requests how should we verify their certificate -->
<!-- set to 'in' to only verify incoming connections, 'out' to only verify outgoing connections, 'all' to verify all connections, also 'in_subjects', 'out_subjects' and 'all_subjects' for subject validation. Multiple policies can be split with a '|' pipe -->
<param name="tls-verify-policy" value="none"/>
<!-- Certificate max verify depth to use for validating peer TLS certificates when the verify policy is not none -->
<param name="tls-verify-depth" value="2"/>
<!-- If the tls-verify-policy is set to subjects_all or subjects_in this sets which subjects are allowed, multiple subjects can be split with a '|' pipe -->
<param name="tls-verify-in-subjects" value=""/>
<!-- TLS version ("sslv23" (default), "tlsv1"). NOTE: Phones may not work with TLSv1 -->
<param name="tls-version" value="$${sip_tls_version}"/>
</settings>
</profile>

33
modules/rhizo_base/templates/monitor_freeswitch.sh.erb
View file

@ -9,31 +9,32 @@ LOGFILE="/var/log/monitor_fs.log"
IFS=
FS_STATUS="$(fs_cli -x 'sofia status')"
FS_STATUS_GW="$(fs_cli -x 'sofia status gateway')"
if !(echo $FS_STATUS | egrep -q "internal.*<%= @mncc_ip_address %>"); then
logc "Missing internal profile! Restarting Profile";
fs_cli -x "sofia profile internal stop"
if !(echo $FS_STATUS | egrep -q "GERAN.*<%= @mncc_ip_address %>"); then
logc "Missing GERAN profile! Restarting Profile";
fs_cli -x "sofia profile GERAN stop"
sleep 10
fs_cli -x "sofia profile internal start"
fs_cli -x "sofia profile GERAN start"
fi
if !(echo $FS_STATUS | grep -q "external::provider") && (ping -qc 5 8.8.8.8 > /dev/null); then
logc "Missing external provider! Restarting Profile";
fs_cli -x "sofia profile external stop"
if !(echo $FS_STATUS_GW | grep -q "extrtp::extrtp") && (ping -qc 5 8.8.8.8 > /dev/null); then
logc "Missing external RTP Gateway. Restarting Profile";
fs_cli -x "sofia profile extrtp stop"
sleep 10
fs_cli -x "sofia profile external start"
fs_cli -x "sofia profile extrtp start"
fi
if !(echo $FS_STATUS | grep -q "outgoing::rhizomatica") && (ping -qc 5 10.23.0.2 > /dev/null); then
logc "Missing outgoing profile! Restarting Profile";
fs_cli -x "sofia profile outgoing stop"
if !(echo $FS_STATUS_GW | grep -q "vpn::rhizomatica") && (ping -qc 5 10.23.0.2 > /dev/null); then
logc "Missing VPN Gateway. Restarting Profile";
fs_cli -x "sofia profile vpn stop"
sleep 10
fs_cli -x "sofia profile outgoing start"
fs_cli -x "sofia profile vpn start"
fi
if !(echo $FS_STATUS | grep -q "internalvpn") && (ping -qc 5 10.23.0.2 > /dev/null); then
logc "Missing internal VPN. Restarting FreeSWITCH profile";
fs_cli -x "sofia profile internalvpn stop"
if !(echo $FS_STATUS | grep -q "rem_xcode") && (ping -qc 5 10.23.0.2 > /dev/null); then
logc "Missing Remote Transcoding Profile. Restarting FreeSWITCH profile";
fs_cli -x "sofia profile rem_xcode stop"
sleep 10
fs_cli -x "sofia profile internalvpn start"
fs_cli -x "sofia profile rem_xcode start"
fi

52
modules/rhizo_base/templates/rem_xcode.xml.erb Normal file
View file

@ -0,0 +1,52 @@
<profile name="rem_xcode">
<gateways>
<gateway name="xcode">
<param name="username" value="<%= @voip_username %>"/>
<param name="from-user" value="<%= @voip_fromuser %>"/>
<param name="password" value="n/a"/>
<param name="proxy" value="10.23.0.14"/>
<param name="register" value="true"/>
<param name="caller-id-in-from" value="true"/>
</gateway>
</gateways>
<aliases>
</aliases>
<domains>
<domain name="all" alias="false" parse="false"/>
</domains>
<settings>
<param name="debug" value="0"/>
<param name="sip-trace" value="no"/>
<param name="sip-capture" value="no"/>
<param name="rfc2833-pt" value="101"/>
<param name="sip-port" value="5062"/>
<param name="dialplan" value="XML"/>
<param name="context" value="public"/>
<param name="dtmf-duration" value="2000"/>
<param name="inbound-codec-prefs" value="AMR,GSM"/>
<param name="outbound-codec-prefs" value="AMR,GSM"/>
<param name="rtp-timer-name" value="soft"/>
<param name="local-network-acl" value="localnet.auto"/>
<param name="manage-presence" value="false"/>
<param name="aggressive-nat-detection" value="false"/>
<param name="nat-options-ping" value="false"/>
<param name="inbound-codec-negotiation" value="greedy"/>
<param name="nonce-ttl" value="60"/>
<param name="auth-calls" value="false"/>
<param name="inbound-late-negotiation" value="true"/>
<param name="disable-transcoding" value="true"/>
<param name="rtp-ip" value="$${interface_ip}"/>
<param name="sip-ip" value="$${vpn_ip}"/>
<param name="ext-rtp-ip" value="stun:sat.rhizomatica.org:3479"/>
<param name="ext-sip-ip" value="$${vpn_ip}"/>
<param name="rtp-timeout-sec" value="90"/>
<param name="rtp-hold-timeout-sec" value="1800"/>
<param name="tls" value="false"/>
</settings>
</profile>

3
modules/rhizo_base/templates/vars.xml.erb
View file

@ -38,6 +38,7 @@
<X-PRE-PROCESS cmd="set" data="local_ip_v4=<%= @vpn_ip_address %>"/>
<X-PRE-PROCESS cmd="set" data="vpn_ip=<%= @vpn_ip_address %>"/>
<X-PRE-PROCESS cmd="set" data="lan_ip=<%= @wan_ip_address %>"/>
<X-PRE-PROCESS cmd="set" data="interface_ip=interface:<%= @fs_bound_if %>"/>
<X-PRE-PROCESS cmd="set" data="external_ip=<%= @wan_ip_address %>"/>
<X-PRE-PROCESS cmd="set" data="sound_prefix=$${sounds_dir}/rccn"/>
@ -148,7 +149,7 @@
127 - BV32
-->
<X-PRE-PROCESS cmd="set" data="global_codec_prefs=AMR,OPUS,G729,GSM,PCMA"/>
<X-PRE-PROCESS cmd="set" data="global_codec_prefs=AMR,GSM,OPUS,PCMA,PCMU,G729"/>
<X-PRE-PROCESS cmd="set" data="outbound_codec_prefs=OPUS,G729,AMR,GSM"/>
<!--