FreeSWITCH:コマンドラインツールfs_cliと各種設定のポイント

FreeSWITCHのコマンドラインインターフェイスfs_cliと拡張モジュール・各種設定などについて、BigBlueButtonとは切り離してここで別途纏めます。
https://freeswitch.org/confluence/pages/viewpage.action?pageId=1048948

Docker内部からFreeSwitchのコマンドラインツール fs_cli を利用するため、event_socket.conf.xml で各種条件を設定します。

以下Socket Clientの設定で、FreeSwitchのコンテナ内で fs_cli のインターフェイスに入るためには、ホスト、ポート、パスワードオプションを付与します。

# fs_cli -H 10.7.7.1 -P 8021 -p ClueCon

event_socket.conf.xml

<configuration name="event_socket.conf" description="Socket Client">
  <settings>
    <param name="nat-map" value="false"/>
    <param name="listen-ip" value="$${local_ip_v4}"/>
    <param name="listen-port" value="8021"/>
    <param name="password" value="ClueCon"/>
    <param name="apply-inbound-acl" value="loopback.custom"/>
    <!--<param name="stop-on-bind-error" value="true"/>-->
  </settings>
</configuration>

FreeSwitch設定ファイル

https://freeswitch.org/confluence/display/FREESWITCH/Default+Configuration

:bangbang:

Access Control List (ACL)-APICommands

https://freeswitch.org/confluence/pages/viewpage.action?pageId=3965687#AccessControlList(ACL)-APICommands

reloadacl

reloadacl [<reloadxml>]

freeswitch@internal> reloadacl reloadxml

acl

acl <ip> <list|net>

This command will allow you to test an IP address against one of your ACLs. Will return true or false. Use it to validate that your ACL behaves as expected. This test can also be a part of a dialplan <condition> test.

freeswitch@mybox> acl 192.168.42.42 192.168.42.0/24 freeswitch@mybox> acl 192.168.42.42 list_foo

Pre-defined ACLs

There are some ACLs automatically created on startup:

ACL name Description
rfc1918.auto RFC 1918 Space
nat.auto RFC 1918, excluding your local LAN
localnet.auto ACL for your local LAN
loopback.auto ACL for your local LAN

https://freeswitch.org/confluence/display/FREESWITCH/Reloading
fs_cli による設定ファイルのリロードコマンド

# fs_cli -H xx.xx.xx.xx -P 8021 -p password
freeswitch> reloadxml

Reload Command List

Item Reload Command Notes
Item Reload Command Notes
XML Dialplan reloadxml Run each time you edit XML dial file(s)
ACLs reloadacl Edit acl.conf.xml first
Voicemail reload mod_voicemail Edit voicemail.conf.xml first
Conference reload mod_conference Edit conference.conf.xml first
Add Sofia Gateway sofia profile rescan Less intrusive - no calls dropped
Remove Sofia Gateway sofia profile killgw <gateway_name> Less intrusive - no calls dropped
Restart Sofia Gateway sofia profile killgw <gateway_name>
sofia profile rescan Less intrusive - no calls dropped
Add/remove Sofia Gateway sofia profile restart More intrusive - all profile calls dropped
Local Stream see Mod_local_stream Edit localstream.conf.xml first
Update a lua file nothing necessary file is loaded from disk each time it is run
Update LCR SQL table nothing necessary SQL query is run for each new call
Update LCR options reload mod_lcr Edit lcr.conf.xml first
Update CID Lookup Options reload mod_cidlookup Edit cidlookup.conf.xml first
Update JSON CDR Options reload mod_json_cdr Edit json_cdr.conf.xml first
Update XML CDR Options reload mod_xml_cdr Edit xml_cdr.conf.xml first
Update XML CURL Server Response nothing, unless using cache

モジュールによるコマンド一覧

https://freeswitch.org/confluence/display/FREESWITCH/mod_commands
fs_cliによるコンソールで実行

Command Line Interface (fs_cli)

https://freeswitch.org/confluence/pages/viewpage.action?pageId=1048948

:bangbang:

WebRTC (secure web socket wss settings)

https://freeswitch.org/confluence/display/FREESWITCH/WebRTC

edit /usr/local/freeswitch/conf/sip_profiles/internal.xml

# Set these params and save the file:

<param name="tls-cert-dir" value="/usr/local/freeswitch/certs" />

<param name="wss-binding" value=":7443" />

If behind N.A.T. make sure to set the ext-sip-ip and ext-rtp-ip in vars.xml to the public IP address of your FreeSWITCH.

If talking to clients both inside and outside the N.A.T. you must set the local-network-acl rfc1918.auto, and prefix the ext-sip-ip and ext-rtp-ip to autonat:X.X.X.X

Install Certificates

Layout of /usr/local/freeswitch/certs/wss.pem:

/usr/local/freeswitch/certs/wss.pem

Cert, Key and Chain(s) are all contained in a single file in this order:

-----BEGIN CERTIFICATE-----
< cert >

-----END CERTIFICATE-----

-----BEGIN RSA PRIVATE KEY-----

< key >

-----END RSA PRIVATE KEY-----

-----BEGIN CERTIFICATE-----

< chain >

-----END CERTIFICATE-----

Letsencryptによる認証ファイルから作成する場合

$ sudo cat cert.pem privkey.pem fullchain.pem > wss.pem

OpenSSLによるポート7443のTLS認証確認

$ openssl s_client -host www.example.com -port 7443

コマンドオプションについてはヘルプ参照のこと。

$ openssl s_client -help

Let’sEncryptの認証ファイルから作成した wss.pem は、SIPのTLS認証にも必要となりますがファイル名が異なります。wss.pem から内容をコピーして agent.pem, tls.pem, dtls-srtp.pem を作成します。

#!/bin/bash

# make sure we have the correct permissions
chown root:ssl-cert my.certificate-privkey.pem
chown root:root my.certificate-cert.pem
chown root:root my.certificate-chain.pem
chown root:root my.certificate-fullchain.pem
chmod 640 my.certificate-privkey.pem
chmod 644 my.certificate-cert.pem
chmod 644 my.certificate-chain.pem
chmod 644 my.certificate-fullchain.pem

# copy file for webserver
cp my.certificate-fullchain.pem /etc/ssl/certs/my.certificate-fullchain.pem
cp my.certificate-privkey.pem /etc/ssl/private/my.certificate-privkey.pem

systemctl restart nginx


#setup freeswitch tls

#make sure the freeswitch directory exists
mkdir -p /etc/freeswitch/tls

#make sure the freeswitch certificate directory is empty
rm /etc/freeswitch/tls/*

#combine the certs into all.pem
cat my.certificate-fullchain.pem > /etc/freeswitch/tls/all.pem
cat my.certificate-privkey.pem >> /etc/freeswitch/tls/all.pem

#copy the certificates - not required, but useful to know what is in all.pem
cp my.certificate-cert.pem /etc/freeswitch/tls/cert.pem
cp my.certificate-chain.pem /etc/freeswitch/tls/chain.pem
cp my.certificate-fullchain.pem /etc/freeswitch/tls/fullchain.pem
cp my.certificate-privkey.pem /etc/freeswitch/tls/privkey.pem

#add symbolic links
ln -s /etc/freeswitch/tls/all.pem /etc/freeswitch/tls/agent.pem
ln -s /etc/freeswitch/tls/all.pem /etc/freeswitch/tls/tls.pem
ln -s /etc/freeswitch/tls/all.pem /etc/freeswitch/tls/wss.pem
ln -s /etc/freeswitch/tls/all.pem /etc/freeswitch/tls/dtls-srtp.pem

#set the permissions
chown -R www-data:www-data /etc/freeswitch/tls

fs_cli -x "reload mod_sofia"

:bangbang:

General NAT example scenarios

https://freeswitch.org/confluence/display/FREESWITCH/General+NAT+example+scenarios

Scenario 1

FS (192.168.0.4) -> NAT (Public IP 1.2.3.4) -> INTERNET -> NAT (Public IP 5.6.7.8) -> FS (192.168.0.5)

In this scenario you have to do two things.

  1. Setup a profile with ext-sip-ip and ext-rtp-ip set.
  2. If you setup ext-sip-ip and ext-rtp-ip on a profile then that profile CAN NOT BE USED BY ANYTHING BEHIND THE SAME NAT PERIOD.
  3. Port forward the ports for that profile.

Scenario 2

FS (192.168.0.4) -> NAT (Public IP 1.2.3.4) -> INTERNET -> NAT (Public IP 5.6.7.8) -> PHONE (192.168.1.100)

Prior to setting up your plan you must decide which domain you are going to use for your phone registration and which port the profile will listen to. The general SIP structure being.

Phone {port} -> NAT 1 -> INTERNET -> NAT 2 -> {port}FS sip_profile {sip_profile domain} -> REGISTER {sip_profile domain} or Dialplan {sip_profile domain}

The easiest would be to use the default domain. Keeping in mind you still have to create a new sip_profile (for example, we’ll call it doublenat.xml) to handle the double NAT. The steps look like this.

  1. copy the external.xml and rename it doublenat.xml
  2. in doublenat.xml, change the profile name:
  3. add the
  4. add the
  5. add the
  6. add the
  7. change port to 5090 ( make sure to change it on the phone as well )
  8. add the
  9. add the
  10. register the phone
  11. check to see if your phone is registered with the doublenat profile.

sofia status profile doublenat

If your phone is not registered to doublenat then add :5090 to the domain/proxy on the phone configuration.

Example External IP:

216.109.112.135:5090

Example Domain:

example.com:5090

Keep in mind this profile will only be suitable for the double NAT scenario. Also keep in mind that this is the toughest scenario to conquer so you still may have adjustments on your phone or router.

Scenario 3

FS (192.168.0.4) -> NAT (Public IP 1.2.3.4) -> INTERNET -> Softphone Registering to FS

In this scenario you also need a dedicated profile. Getting devices to register to your FS instance sitting behind NAT.

  1. dedicated profile with ext-sip-ip and ext-rtp-ip set. Again NOTHING BEHIND THE SAME NAT WILL BE ABLE TO USE THIS PROFILE PERIOD.

Scenario 4

PHONE -> FS -> NAT -> Public Internet

In this case you setup a profile for the phones to register without the ext-sip-ip and ext-rtp-ip options set. This profile would be used for all devices registering to the

FS instance that are behind the same NAT.

Then your outbound call would traverse another profile setup to bust through the NAT with the proper ext-sip-ip and ext-rtp-ip options set.

Scenario 5

FS (1.2.3.4) -> INTERNET -> NAT (Public IP 5.6.7.8) -> Client (192.168.0.5)

More in depth article at Nat

Certicifates

https://freeswitch.org/confluence/display/FREESWITCH/Certificates

SIP TLS

https://freeswitch.org/confluence/display/FREESWITCH/SIP+TLS

Anatomy-SIPS-and_SRTP-encrypted

vars.xml

<!--
     SIP and TLS settings. http://wiki.freeswitch.org/wiki/Tls
     valid options: sslv2,sslv3,sslv23,tlsv1,tlsv1.1,tlsv1.2
     default: tlsv1,tlsv1.1,tlsv1.2
  -->
  <X-PRE-PROCESS cmd="set" data="sip_tls_version=tlsv1,tlsv1.1,tlsv1.2"/>

:warning: nginxssl_protocols TLSv1 TLSv1.1 TLSv1.2; との整合性をチェックすること。

ZRTP

https://freeswitch.org/confluence/display/FREESWITCH/ZRTP

fs_cli:sofiaコマンドによるSIPステータス確認

外部—>external
内部—>internal

freeswitch@xxxxx> sofia status profile external
=================================================================================================
Name             	external
Domain Name      	N/A
Auto-NAT         	true
DBName           	sofia_reg_external
Pres Hosts       	
Dialplan         	XML
Context          	public
Challenge Realm  	auto_to
RTP-IP           	10.x.x.x
Ext-RTP-IP       	
SIP-IP           	10.x.x.x
Ext-SIP-IP       	xx.xx.xx.xx
URL              	sip:mod_sofia@10.x.x.x:5060
BIND-URL         	sip:mod_sofia@10.x.x.x:5060;transport=udp,tcp
TLS-URL          	sip:mod_sofia@10.x.x.x:5061
TLS-BIND-URL     	sips:mod_sofia@10.x.x.x:5061;transport=tls
HOLD-MUSIC       	local_stream://moh
OUTBOUND-PROXY   	N/A
CODECS IN        	OPUS,G722,PCMU,PCMA,H264,VP8
CODECS OUT       	OPUS,G722,PCMU,PCMA,H264,VP8
TEL-EVENT        	101
DTMF-MODE        	rfc2833
CNG              	13
SESSION-TO       	0
MAX-DIALOG       	0
NOMEDIA          	false
LATE-NEG         	true
PROXY-MEDIA      	false
ZRTP-PASSTHRU    	true
AGGRESSIVENAT    	false
CALLS-IN         	0
FAILED-CALLS-IN  	0
CALLS-OUT        	0
FAILED-CALLS-OUT 	0
REGISTRATIONS    	0

保留音の設定 テストダイヤル 9664

mod_local_stream
https://freeswitch.org/confluence/display/FREESWITCH/mod_local_stream

/usr/local/freeswitch/conf/autoload_configs/local_stream.conf.xml

<configuration name="local_stream.conf" description="stream files from local dir">
  <!-- fallback to default if requested moh class isn't found -->
  <directory name="default" path="$${sounds_dir}/music/8000">
    <param name="rate" value="8000"/>
    <param name="shuffle" value="true"/>
    <param name="channels" value="1"/>
    <param name="interval" value="20"/>
    <param name="timer-name" value="soft"/>
    <!-- list of short files to break in with every so often -->
    <!--<param name="chime-list" value="file1.wav,file2.wav"/>-->
    <!-- frequency of break-in (seconds)-->
    <!--<param name="chime-freq" value="30"/>-->
    <!-- limit to how many seconds the file will play -->
    <!--<param name="chime-max" value="500"/>-->
  </directory>

  <directory name="moh/8000" path="$${sounds_dir}/music/8000">
    <param name="rate" value="8000"/>
    <param name="shuffle" value="true"/>
    <param name="channels" value="1"/>
    <param name="interval" value="20"/>
    <param name="timer-name" value="soft"/>
  </directory>

  <directory name="moh/16000" path="$${sounds_dir}/music/16000">
    <param name="rate" value="16000"/>
    <param name="shuffle" value="true"/>
    <param name="channels" value="1"/>
    <param name="interval" value="20"/>
    <param name="timer-name" value="soft"/>
  </directory>

  <directory name="moh/32000" path="$${sounds_dir}/music/32000">
    <param name="rate" value="32000"/>
    <param name="shuffle" value="true"/>
    <param name="channels" value="1"/>
    <param name="interval" value="20"/>
    <param name="timer-name" value="soft"/>
  </directory>

  <directory name="moh/48000" path="$${sounds_dir}/music/48000">
    <param name="rate" value="48000"/>
    <param name="shuffle" value="true"/>
    <param name="channels" value="1"/>
    <param name="interval" value="10"/>
    <param name="timer-name" value="soft"/>
  </directory>

</configuration>

/usr/local/freeswitch/conf/vars.xml

.....
  <X-PRE-PROCESS cmd="set" data="hold_music=local_stream://moh/8000"/>
.....

サウンドファイル
https://files.freeswitch.org/releases/music/
https://files.freeswitch.org/releases/sounds/

makeコマンドによるサウンドファイルインストール(FreeSwitchをソースからビルド・インストールする場合)

# make sounds-install moh-install

サウンドファイルインストールオプションについては、以下Makefile参照のこと。

Test Calls

https://freeswitch.org/confluence/display/FREESWITCH/Configuring+FreeSWITCH

Test your new FreeSWITCH™ installation by configuring a pair of SIP phones and to place test calls and try out features in the default dialplan. If you’re already familiar with Asterisk, you could also start out by Connecting Freeswitch And Asterisk

Register two phones to FreeSWITCH with two different extension numbers.

Let’s assume for this example that you have your SIP phones registered as extensions 1000 and 1001.

The default config provides user directory files for extension numbers 1000 through 1019 with a registration password of 1234; the default voice-mail password is the same number as the extension, e.g. Extension 1000 has its voice-mail password set to 1000

Sample softphone configurations can be seen on the Softphones page.

Once you’ve done that, you can try out a bunch of features already setup in the test dialplan.

Basic Calling

  • Call between 1000 and 1001 by dialing the respective extension.
  • Call 4000 to login to your voicemail box.
  • 870 - Redial last called # from this extension.
  • *69 - Call back the last person to call this extension.
  • 8+[ext] - Place an intercom call to extension [ext]. If no answer, it does not go to voicemail but just keeps ringing. Some phones have additional functionality for intercom calls.

Other Tests

  • 9192 - Info test (prints information to the command line interface).fs_cliによるコンソール画面上にデバック情報が表示される。
  • 9193 - Video record test (records video to /tmp/testrecord.fsv)
  • 9194 - Video playback test (plays video from /tmp/testrecord.fsv)
  • 9195 - Echo test (5-second delay before returning echo).
  • 9196 - Echo test (real-time).
  • 9197 - Play milliwatt test tone.
  • 9198 - Tetris, synthesized via tone streaming.
  • 9664 - Test Music On Hold out (if you installed sound files).

Interactive Voice Response

  • 5000 - IVR demo (if you installed sound files).

Dialplanクイックリファレンス

内線番号と機能
設定ファイル:conf/dialplan/default.xml

EXTENSION FUNCTION
1000 - 1019 Local extensions
** + extension number Intercepts a ringing phone (that is, call pickup)
2000 Samples call group: Sales
2001 Samples call group: Support
2002 Samples call group: Billing
3000 - 3399 Samples conference rooms
4000 or *98 Retrieves voicemail
5000 Demo IVR
5900 FIFO queue park
5901 FIFO queue retrieve
6000 Valet park/retrieval, manual
6001-6099 Valet park/retrieval, automatic
7243 RTP multicast page
0911 Group intercom example #1
0912 Group intercom example #2
0913 Emergency outbound conference example
9178 Example fax receive
9179 Example fax transmit
9180 Ring test, far end generates ring tone
9181 Ring test, send U.K. ring tone
9182 Ring test, send music as ring tone
9183 Answer, then send U.K. ring tone
9184 Answer, then send music as ring tone
9191 ClueCon registration
9192 Information dump
9195 Delayed echo test
9196 Echo test
9197 Milliwatt tone (test signal quality)
9198 Tetris
9664 Music on hold

Dialplan
https://freeswitch.org/confluence/display/FREESWITCH/Dialplan

モジュールビルドオプション

ビルド前に必要な追加オプションはコメントアウトすること。

FreeSWITCH GUI

https://freeswitch.org/confluence/display/FREESWITCH/Freeswitch+GUI

FusionPBX

ユーザ追加

デフォルトユーザ1000から新規ユーザGwen、内線番号:1100を作成

# cd /usr/local/freeswitch/conf/directory/default
# cp 1000.xml 1100.xml

1100.xmlを編集。

<include>
<user id="1100">
<params>
<param name="password" value="$${default_password}"/>
<param name="vm-password" value="1100"/>
</params>
<variables>
<variable name="toll_allow"
value="domestic,international,local"/>
<variable name="accountcode" value="1100"/>
<variable name="user_context" value="default"/>
<variable name="effective_caller_id_name" value="Gwen"/>
<variable name="effective_caller_id_number"
value="1100"/>
<variable name="outbound_caller_id_name"
value="$${outbound_caller_name}"/>
<variable name="outbound_caller_id_number"
value="$${outbound_caller_id}"/>
<variable name="callgroup" value="techsupport"/>
</variables>
</user>
</include>

conf/dialplan/default.xmlLocal_Extensionに番号1100を反映

<extension name="Local_Extension">
<condition field="destination_number"
expression="^(10[01][0-9]|1100)$">

fs_cliコンソールでxmlファイルのリロード

freeswitch> reloadxml

ボイスメール

1001から1000へのコールの場合

1001:発信側には、設定時間の30秒を超えるとボイスメッセージの案内が再生されます。メッセージを残し電話を切ります。

1000:受け手は、番号4000または*98と自身のID: 1000# とパスワード: 1000# の入力で、ボイスメールを聞くことが出来ます。

Main menu:
1—Listen to new messages
2—Listen to saved messages
5—Options menu (recorded name, greeting, and so on)
#—Exit voicemail
While listening to a message:
1—Replay message from the beginning
2—Save message
4—Rewind
6—Fast-forward
After listening to a message:
1—Replay message from the beginning
2—Save message
4—Send to e-mail (requires configuration)
7—Delete message

設定ファイル
conf/autoload_configs/voicemail.conf.xml

グループ追加・発信

ユーザをグループごとに振分けることで、グループ所属ユーザへ一斉に発信することが出来ます。

デフォルトグループへカスタムグループcustomを追加
conf/directory/default.xml

<groups>
<group name="default">
<users>
<X-PRE-PROCESS cmd="include" data="default/*.xml"/>
</users>
</group>
<group name="sales">
<users>
<!-- 
	      type="pointer" is a pointer so you can have the
	      same user in multiple groups.  It basically means
	      to keep searching for the user in the directory.
	   -->
<user id="1000" type="pointer"/>
<user id="1001" type="pointer"/>
<user id="1002" type="pointer"/>
<user id="1003" type="pointer"/>
<user id="1004" type="pointer"/>
</users>
</group>
<group name="billing">
<users>
<user id="1005" type="pointer"/>
<user id="1006" type="pointer"/>
<user id="1007" type="pointer"/>
<user id="1008" type="pointer"/>
<user id="1009" type="pointer"/>
</users>
</group>
<group name="support">
<users>
<user id="1010" type="pointer"/>
<user id="1011" type="pointer"/>
<user id="1012" type="pointer"/>
<user id="1013" type="pointer"/>
<user id="1014" type="pointer"/>
</users>
</group>

<group name="custom">
<users>
<user id="1000" type="pointer"/>
<user id="1100" type="pointer"/>
</users>
</group>
</groups>

group_dial_customセクションを追加
conf/dialplan/default.xml

<extension name="group_dial_sales">
<condition field="destination_number" expression="^2000$">
<action application="bridge" data="${group_call(sales@${domain_name})}"/>
</condition>
</extension>
<extension name="group_dial_support">
<condition field="destination_number" expression="^2001$">
<action application="bridge" data="group/support@${domain_name}"/>
</condition>
</extension>
<extension name="group_dial_billing">
<condition field="destination_number" expression="^2002$">
<action application="bridge" data="group/billing@${domain_name}"/>
</condition>
</extension>
<extension name="group_dial_custom">
<condition field="destination_number" expression="^2003$">
<action application="bridge"
data="group/custom@${domain_name}"/>
</condition>
</extension>

fs_cliコンソールで設定のリロードとグループ所属ユーザの確認

freeswitch@internal> reloadxml
freeswitch@internal> group_call custom
[sip_invite_domain=10.15.64.229,presence_
id=1000@10.15.64.229]error/user_not_registered,[sip_invite_
domain=10.15.64.229,presence_id=1100@10.15.64.229]sofia/internal/
sip:1100@10.15.129.38:5060;rinstance=8eecf059256b51f1;fs_
nat=yes;fs_path=sip%3A1100%4010.15.129.38%3A5060%3Brinstance%3D8ee
cf059256b51f1

2003へのダイヤルでグループ所属ユーザへ一斉呼び出し。グループ内で一番速く応答したユーザと繋がり、他のユーザの呼出音が鳴り止みます。

:bangbang:

Auto Nat

autonat and external ip

https://freeswitch.org/confluence/display/FREESWITCH/Auto+Nat#AutoNat-autonatandexternalip

If you know your external ip, you can set it on your sofia profile and also instruct FreeSWITCH™ to set it when building the SDP:

< param name = "ext-sip-ip" value = "autonat:${external_sip_ip}" />

If you want to use the same profile to talk with things inside and outside your network you need to instruct FreeSWITCH™ when it should use the local IP and the external IP. The autonat: prefix toggles on the usage of the local-network-acl, if you prefix the IP like that it will activate the dynamic ability to tell when it should use ext-rtp-ip vs rtp-ip based on the acl match.

:bangbang:

Sofia Configuration Files

ext-rtp-ip

https://freeswitch.org/confluence/display/FREESWITCH/Sofia+Configuration+Files#SofiaConfigurationFiles-ext-rtp-ip

This is the IP behind which FreeSWITCH is seen from the Internet, so if FreeSWITCH is behind NAT, this is basically the public IP that should be used for RTP.

ext-rtp-ip value Description Example
$${variable} Any variable from vars.xml <param name="ext-rtp-ip" value="$${external_rtp_ip}"/>
w.x.y.z Specific numeric IP address <param name="ext-rtp-ip" value="1.2.3.4"/>
autonat:w.x.y.z Used for LAN and WAN to avoid errors in the SIP CONTACT sent to LAN devices <param name="ext-rtp-ip" value="autonat:1.2.3.4"/>
auto Guessed IP (guessed by looking in the IP routing table which interface is the default route) <param name="ext-rtp-ip" value="auto"/>
auto-nat FS uses uPNP or NAT-PMP to discover the public IP address it should use <param name="ext-rtp-ip" value="auto-nat"/>
stun:DNS name or IP address of STUN server FS uses the STUN server of your choice to discover the public IP address <param name="ext-rtp-ip" value="stun:stun.freeswitch.org"/>
host:DNS name FS resolves the DNS name as the public IP address, so you can use a dynamic DNS host <param name="ext-rtp-ip" value="host:mypublicIP.dyndns.org"/>

params with the ‘ext–’ prefix cited above when populated with yet-to-be-resolved DNS strings (e.g. name="ext–sip–ip" value="stun:stun.freeswitch.org" or name="ext‑rtp–ip" value="host:mypublicIP.dyndns.org" ) are resolved to IP addresses once only at FreeSWITCH load time and remain constant thereafter. FS is blind to (unaware of) any subsequent changes in your environment’s IP address. Thus, these ext– vars may become functionally incompatible with the environment’s current IP addresses with unspecified results in call flow at the network layer. FS restart is required for FS to capture the now-current, working IP address(es).

NATing

apply-nat-acl

When receiving a REGISTER or INVITE, enable NAT mode automatically if IP address in Contact header matches an entry defined in the RFC 1918 access list. “acl” is a misnomer in this case because access will not be denied if the user’s contact IP doesn’t match.

<param name="apply-nat-acl" value="rfc1918"/>

Auth

These settings deal with authentication: requirements for identifying SIP endpoints to FreeSWITCH.

auth-calls

Users in the directory can have “auth-acl” parameters applied to them so as to restrict users access to a predefined ACL or a CIDR.

<param name="auth-calls" value="$${internal_auth_calls}"/>

Value can be “false” to disable authentication on this profile, meaning that when calls come in the profile will not send an auth challenge to the caller.


TLS

Please make sure to read SIP TLS before enabling certain features below as they may not behave as expected.

tls

TLS: disabled by default, set to “true” to enable

<param name="tls" value="$${internal_ssl_enable}"/>

tls-only

disabled by default, when enabled prevents sofia from listening on the unencrypted port for this connection. This can stop many generic brute force scripts and if all your clients connect over TLS then can help decrease the exposure of your FreeSWITCH server to the world.

<param name="tls-only" value="false"/>

tls-bind-params

additional bind parameters for TLS

<param name="tls-bind-params" value="transport=tls"/>

tls-sip-port

Port to listen on for TLS requests. (5061 will be used if unspecified)

<param name="tls-sip-port" value="$${internal_tls_port}"/>

tls-cert-dir

Location of the agent.pem and cafile.pem ssl certificates (needed for TLS server)

<param name="tls-cert-dir" value="$${internal_ssl_dir}"/>

tls-version

TLS version (“sslv2”, “sslv3”, “sslv23”, “tlsv1”, “tlsv1.1”, “tlsv1.2”). NOTE: Phones may not work with TLSv1

<param name="tls-version" value="$${sip_tls_version}"/>

When not set defaults to: "tlsv1,tlsv1.1,tlsv1.2"

tls-passphrase

If your agent.pem is protected by a passphrase stick the passphrase here to enable FreeSWITCH to decrypt the key.

<param name="tls-passphrase" value=""/>

tls-verify-date

If the client/server certificate should have the date on it validated to ensure it is not expired and is currently active.

<param name="tls-verify-date" value="true"/>

tls-verify-policy

This controls what, if any security checks are done against server/client certificates. Verification is generally checking certificates are valid against the cafile.pem. Set to ‘in’ to only verify incoming connections, ‘out’ to only verify outgoing connections, ‘all’ to verify all connections, also ‘subjects_in’, ‘subjects_out’ and ‘subjects_all’ for subject validation (subject validation for outgoing connections is against the hostname/ip connecting to). Multiple policies can be split with a ‘|’ pipe, for example ‘subjects_in|subjects_out’. Defaults to none.

<param name="tls-verify-policy" value="none"/>

tls-verify-depth

When certificate validation is enabled (tls-verify-policy) how deep should we try to verify a certificate up the chain again the cafile.pem file. By default only depth of 2.

<param name="tls-verify-depth" value="2"/>

tls-verify-in-subjects

If subject validation is enabled for incoming connections (tls-verify-policy set to ‘subjects_in’ or ‘subjects_all’) this is the list of subjects that are allowed (delimit with a ‘|’ pipe), note this only effects incoming connections for outgoing connections subjects are always checked against hostnames/ips.

<param name="tls-verify-in-subjects" value=""/>

:bangbang:

External Profile

https://freeswitch.org/confluence/display/FREESWITCH/External+Profile
PSTN (public switched telephone network)既存電話網への接続サービスを提供している外部SIPプロバイダに登録することで、安価に外線通話・内線へのダイレクト通話が可能になります。
注) 通話料は安くなりますが、ほぼ全てのプロバイダが有料で、法人向けのサービス内容です。
動作確認にはVoIP電話機が必要です。

設定例:freelycall.com port:5080

https://www.freelycall.com/software/freeswitch/

conf/sip_profiles/external/freelycall.com.xml

<include>
<gateway name=”freelycall.com“>
<param name=”username” value=”(YOUR-FREELYCALL-ACCOUNT-NUMBER)”/>
<param name=”realm” value=”[freelycall.com](http://freelycall.com/)“/>
<param name=”from-domain” value=”[freelycall.com](http://freelycall.com/)“/>
<param name=”password” value=”+++++++++++”/>
<param name=”register” value=”true”/>
<param name=”retry-seconds” value=”30″/>
</gateway>
</include>

fs_cliコンソールで、sofia sipの再起動と設定ファイルのリロードを実行します。

freeswitch> sofia profile external restart reloadxml

登録されているかどうかステータスを確認します。
REGEDが表示されていればOKです。
external::freelycall gateway sip:xxxxxxx@freelycall.org.com REGED

freeswitch> sofia status
                     Name	   Type	                                      Data	State
=================================================================================================
            external-ipv6	profile	                  sip:mod_sofia@[::1]:5080	RUNNING (0)
            external-ipv6	profile	                  sip:mod_sofia@[::1]:5081	RUNNING (0) (TLS)
            192.168.1.205	  alias	                                  internal	ALIASED
                 external	profile	          sip:mod_sofia@192.168.x.xx:5080	RUNNING (0)
                 external	profile	          sip:mod_sofia@192.168.x.xx:5081	RUNNING (0) (TLS)
    external::example.com	gateway	                   sip:xxxxxx@example.com	NOREG
     external::freelycall	gateway	                 sip:xxxxxxx@freelycall.org.com	REGED
            internal-ipv6	profile	                  sip:mod_sofia@[::1]:5060	RUNNING (0)
                 internal	profile	          sip:mod_sofia@192.168.x.xx:5060	RUNNING (0)
=================================================================================================

内線から外線をかける場合

ダイヤルプランのデフォルトディレクトリに新規ダイヤルプランを作成します。
conf/dialplan/default/01custom.xml

<include>
<extension name=" freelycall-outbound">
<condition field="destination_number"
expression="^9(1\d{10})$">
<action application="bridge"
data="sofia/gateway/freelycall.com/$1"/>
</condition>
</extension>
</include>

VoIP電話機で9を押した後、USのフリーダイヤルに電話をかけてみて下さい。
1-800-555-1212

外線から内線1000への接続例
ダイヤルプランのパブリックディレクトリに新規ダイヤルプランを作成します。
conf/dialplan/public/01freelycall.com.xml

<include>
<extension name="freelycall-inbound">
<condition field="destination_number"
expression="^(MY_FREELYCALL_USERNAME)$">)$">
<action application="set"
data="domain_name=${domain}"/>
<action application="bridge" data="1000 XML default"/>
</condition>
</extension>
</include>

fs_cliコンソールで設定をリロードします。

freeswitch> reloadxml

これでFreelicall.comへ登録したアカウント宛の呼出は、内線1000番に繋がります。

:bangbang:

Sofia SIPコマンド

https://freeswitch.org/confluence/display/FREESWITCH/Sofia+SIP+Stack

Reloading profiles and gateways

You can reload a specific SIP profile by issuing a rescan/restart command from the console

freeswitch> sofia profile <profile_name> [<rescan>|<restart>] reloadxml

freeswitch> sofia profile internal restart reloadxml
freeswitch> sofia profile external rescan reloadxml

View SIP Registrations

You can view all the devices that have registered by running the following from the console.

freeswitch> sofia status profile <profile name> reg

freeswitch> sofia status profile internal reg 
freeswitch> sofia status profile external reg

Configuring FreeSWITCH to use databases

https://freeswitch.org/confluence/display/FREESWITCH/FreeSWITCH+Databases#FreeSWITCHDatabases-ConfiguringFreeSWITCHtousedatabases

デフォルトのデータベースであるSQLite以外のデータベースを使用する場合、コア設定ファイル内で、使用するデータベースをアンコメントして有効にします(MariaDBを有効化した場合)。

conf/autoload_configs/switch.conf.xml

<!--  <param name="core-db-dsn" value="pgsql://hostaddr=127.0.0.1 dbname=freeswitch user=freeswitch password='' options='-c client_min_messages=NOTICE'" />  -->
<!--  <param name="core-db-dsn" value="postgresql://freeswitch:@127.0.0.1/freeswitch?options=-c%20client_min_messages%3DNOTICE" />  -->
<param name="core-db-dsn" value="mariadb://Server=localhost;Database=freeswitch;Uid=freeswitch;Pwd=pass;" /> 
<!--  <param name="core-db-dsn" value="dsn:username:password" />  -->

SIPモジュールで新規データベースを使用する場合、以下xmlファイル<settings>セクションにデータベースパラメータを追加して下さい。

sip_profiles/external.xml
sip_profiles/internal.xml
sip_profiles/internal-ipv6.xml

<param name="odbc-dsn" value="odbc://your_dsn_name:your_db_user:your_db_password"/>

Perl互換正規表現

Perl-compatible regular expressions (PCRE)

Pattern Meaning
123 Match any string containing the sequence “123”
^123 Match any string beginning with the sequence “123”
123$ Match any string ending with the sequence “123”
^123$ Match any string that is exactly the sequence “123”
\d Match any single digit (0-9)
\d\d Match two consecutive digits
^\d\d\d$ Match any string that is exactly three digits long
^\d{7}$ Match any string that is exactly seven digits long
^(\d{7})$ Match any string that is exactly seven digits long, and store the matched value in a special variable named $1
^1?(\d{10})$ Matching any string that optionally begins with the digit “1” and contains an additional ten digits; store the ten digits in $1
^(3\d\d\d)$ Match any four-digit string that begins with the digit “3”, and store the matched value in $1

Regular Expression
https://freeswitch.org/confluence/display/FREESWITCH/Regular+Expression

mod_commads-regex
https://freeswitch.org/confluence/display/FREESWITCH/mod_commands#mod_commands-regex