fusionpbx/app/switch/resources/conf/sip_profiles/internal-ipv6.xml.noload

<profile name="internal-ipv6">
	<!--
		This is an example of a sofia profile setup to listen on IPv6.
	-->
	<domains>
		<domain name="all" alias="false" parse="false"/>
	</domains>
	<settings>
		<param name="user-agent-string" value="FreeSWITCH" enabled="true"/>
		<param name="debug" value="0"/>
		<param name="sip-trace" value="no"/>
		<param name="context" value="public"/>
		<param name="rfc2833-pt" value="101"/>
		<!-- RFC 5626 : Send reg-id and sip.instance -->
		<param name="enable-rfc-5626" value="true" enabled="false"/>
		<!-- port to bind to for sip traffic -->
		<param name="sip-port" value="5060"/>
		<param name="dialplan" value="XML"/>
		<param name="dtmf-duration" value="2000"/>
		<param name="inbound-codec-prefs" value="$${global_codec_prefs}"/>
		<param name="outbound-codec-prefs" value="$${global_codec_prefs}"/>
		<param name="use-rtp-timer" value="true"/>
		<param name="rtp-timer-name" value="soft"/>
		<!-- ip address to use for rtp -->
		<param name="rtp-ip" value="$${local_ip_v6}"/>
		<!-- ip address to bind to -->
		<param name="sip-ip" value="$${local_ip_v6}"/>
		<param name="hold-music" value="$${hold_music}"/>
		<param name="enable-100rel" value="false" enabled="false"/>
		<param name="disable-srv503" value="true" enabled="false"/>
		<param name="apply-inbound-acl" value="providers"/>
		<param name="apply-register-acl" value="providers" enabled="false"/>
		<param name="dtmf-type" value="rfc2833"/>
		<param name="record-template" value="$${recordings_dir}/${caller_id_number}.${strftime(%Y-%m-%d-%H-%M-%S)}.${record_ext}"/>
		<!--enable to use presence and mwi -->
		<param name="manage-presence" value="true"/>
		<!-- This setting is for AAL2 bitpacking on G726 -->
		<param name="bitpacking" value="aal2" enabled="false"/>
		<!--max number of open dialogs in proceeding -->
		<param name="max-proceeding" value="1000" enabled="false"/>
		<!--max number of receiving requests per second (Default: 1000, 0 - unlimited) -->
		<param name="max-recv-requests-per-second" value="0" enabled="false"/>
		<!--session timers for all call to expire after the specified seconds -->
		<param name="session-timeout" value="0" enabled="true"/>
		<param name="enable-timer" value="false" enabled="true"/>
		<param name="minimum-session-expires" value="0" enabled="false"/>
		<param name="multiple-registrations" value="true" enabled="false"/>
		<!--set to 'greedy' if you want your codec list to take precedence -->
		<param name="inbound-codec-negotiation" value="generous"/>
		<!-- if you want to send any special bind params of your own -->
		<param name="bind-params" value="transport=udp" enabled="false"/>
		<param name="unregister-on-options-fail" value="true" enabled="false"/>

		<!-- TLS: disabled by default, set to "true" to enable -->
		<param name="tls" value="$${internal_ssl_enable}"/>
		<!-- Set to true to not bind on the normal sip-port but only on the TLS port -->
		<param name="tls-only" value="false"/>
		<!-- additional bind parameters for TLS -->
		<param name="tls-bind-params" value="transport=tls"/>
		<!-- Port to listen on for TLS requests. (5061 will be used if unspecified) -->
		<param name="tls-sip-port" value="5061"/>
		<!-- Location of the agent.pem and cafile.pem ssl certificates (needed for TLS server) -->
		<param name="tls-cert-dir" value="$${internal_ssl_dir}"/>
		<!-- Optionally set the passphrase password used by openSSL to encrypt/decrypt TLS private key files -->
		<param name="tls-passphrase" value=""/>
		<!-- Verify the date on TLS certificates -->
		<param name="tls-verify-date" value="false"/>
		<!-- TLS verify policy, when registering/inviting gateways with other servers (outbound) or handling inbound registration/invite requests how should we verify their certificate -->
		<!-- set to 'in' to only verify incoming connections, 'out' to only verify outgoing connections, 'all' to verify all connections, also 'subjects_in', 'subjects_out' and 'subjects_all' for subject validation. Multiple policies can be split with a '|' pipe -->
		<param name="tls-verify-policy" value="none"/>
		<!-- Certificate max verify depth to use for validating peer TLS certificates when the verify policy is not none -->
		<param name="tls-verify-depth" value="2"/>
		<!-- If the tls-verify-policy is set to subjects_all or subjects_in this sets which subjects are allowed, multiple subjects can be split with a '|' pipe -->
		<param name="tls-verify-in-subjects" value=""/>
		<!-- TLS version default: tlsv1,tlsv1.1,tlsv1.2 -->
		<param name="tls-version" value="$${sip_tls_version}"/>
		<!-- TLS ciphers default: ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH  -->
		<param name="tls-ciphers" value="$${sip_tls_ciphers}" enabled="false"/>
		<!--
		Connect timeout for outgoing requests using TLS (in milliseconds).
		Set the timeout and SIP engine will try again sending an outgoing request
		and when possible - using an alternative address (DNS failover).
		Default - 0 (disabled)
		-->
		<param name="tls-orq-connect-timeout" value="3000" enabled="false"/>

		<!--If you don't want to pass through timestampes from 1 RTP call to another (on a per call basis with rtp_rewrite_timestamps chanvar)-->
		<param name="rtp-rewrite-timestamps" value="true" enabled="false"/>
		<param name="pass-rfc2833" value="true" enabled="false"/>

		<!--If you have ODBC support and a working dsn you can use it instead of SQLite-->
		<param name="odbc-dsn" value="$${dsn}" enabled="false"/>

		<!--Uncomment to set all inbound calls to no media mode-->
		<param name="inbound-bypass-media" value="true" enabled="false"/>

		<!--Uncomment to set all inbound calls to proxy media mode-->
		<param name="inbound-proxy-media" value="true" enabled="false"/>

		<!--Uncomment to let calls hit the dialplan *before* you decide if the codec is ok-->
		<param name="inbound-late-negotiation" value="true" enabled="false"/>

		<!-- this lets anything register -->
		<!--  comment the next line and uncomment one or both of the other 2 lines for call authentication -->
		<param name="accept-blind-reg" value="true" enabled="false"/>

		<!-- accept any authentication without actually checking (not a good feature for most people) -->
		<param name="accept-blind-auth" value="true" enabled="false"/>

		<!-- suppress CNG on this profile or per call with the 'suppress_cng' variable -->
		<param name="suppress-cng" value="true" enabled="false"/>

		<!--TTL for nonce in sip auth-->
		<param name="nonce-ttl" value="60"/>
		<!--Uncomment if you want to force the outbound leg of a bridge to only offer the codec that the originator is using-->
		<param name="disable-transcoding" value="true" enabled="false"/>
		<!-- Used for when phones respond to a challenged ACK with method INVITE in the hash -->
		<param name="NDLB-broken-auth-hash" value="true" enabled="false"/>
		<!-- add a ;received="<ip>:<port>" to the contact when replying to register for nat handling -->
		<param name="NDLB-received-in-nat-reg-contact" value="true" enabled="false"/>
		<param name="auth-calls" value="true"/>
		<param name="auth-subscriptions" value="true"/>
		<!-- on authed calls, authenticate *all* the packets not just invite -->
		<param name="auth-all-packets" value="false"/>
		<!-- Shouldn't set these on IPv6 -->
		<param name="ext-rtp-ip" value="$${external_rtp_ip}" enabled="false"/>
		<param name="ext-sip-ip" value="$${external_sip_ip}" enabled="false"/>
		<!-- rtp inactivity timeout -->
		<param name="rtp-timeout-sec" value="300" description="deprecated" enabled="false"/>
		<param name="rtp-hold-timeout-sec" value="1800" description="deprecated" enabled="false"/>
		<param name="media_timeout" value="300" enabled="true"/>
		<param name="media_hold_timeout" value="1800" enabled="true"/>
		<!-- VAD choose one (out is a good choice); -->
		<!-- <param name="vad" value="in" enabled="false"/> -->
		<param name="vad" value="out" enabled="false"/>
		<!-- <param name="vad" value="both"/> -->
		<param name="alias" value="sip:10.0.1.251:5555" enabled="false"/>
		<!--
		These are enabled to make the default config work better out of the box.
		If you need more than ONE domain you'll need to not use these options.

		-->
		<!--all inbound reg will look in this domain for the users -->
		<param name="force-register-domain" value="$${domain}" enabled="false"/>
		<!--all inbound reg will stored in the db using this domain -->
		<param name="force-register-db-domain" value="$${domain}" enabled="false"/>
		<!-- disable register and transfer which may be undesirable in a public switch -->
		<param name="disable-transfer" value="true" enabled="false"/>
		<param name="disable-register" value="true" enabled="false"/>
		<param name="enable-3pcc" value="true" enabled="false"/>
		<!-- use stun when specified (default is true) -->
		<param name="stun-enabled" value="true" enabled="false"/>
		<!-- use stun when specified (default is true) -->
		<!-- set to true to have the profile determine stun is not useful and turn it off globally-->
		<param name="stun-auto-disable" value="true" enabled="false"/>

		<!-- the following can be used as workaround with bogus SRV/NAPTR records -->
		<param name="disable-srv" value="false" enabled="false"/>
		<param name="disable-naptr" value="false" enabled="false"/>

		<!-- save session in the database for option to restore SIP UDP calls -->
		<param name="track-calls" value="false"/>
	</settings>
</profile>