B. NGCP configs overview

1. config.yml Overview

/etc/ngcp-config/config.yml is the main configuration YAML file used by Sipwise NGCP. After every changes it need to run the command ngcpcfg apply my commit message to apply changes (followed by ngcpcfg push in the PRO version to apply changes to sp2). The following is a brief description of the main variables contained into /etc/ngcp-config/config.yml file.

1.1. apps

This section contains parameters for the additional applications that may be activated on sip:provider CE.

  malicious_call: no
  • malicious_call: If set to yes, the Malicious Call Identification (MCID) application will be enabled.

1.2. asterisk

The following is the asterisk section:

    facility: local6
    maxport: 20000
    minport: 10000
    bindport: 5070
    dtmfmode: rfc2833
    enable: 'no'
    fromstring: 'Voicemail server'
      busy_custom_greeting: '/home/user/file_no_extension'
      busy_overwrite_default: 'no'
      busy_overwrite_subscriber: 'no'
      unavail_custom_greeting: '/home/user/file_no_extension'
      unavail_overwrite_default: 'no'
      unavail_overwrite_subscriber: 'no'
    mailbody: 'You have received a new message from ${VM_CALLERID} in voicebox ${VM_MAILBOX} on ${VM_DATE}.'
    mailsubject: '[Voicebox] New message ${VM_MSGNUM} in voicebox ${VM_MAILBOX}'
    max_msg_length: 180
    maxgreet: 60
    maxmsg: 30
    maxsilence: 0
    min_msg_length: 3
    normalize_match: '^00|\+([1-9][0-9]+)$'
    normalize_replace: '$1'
    serveremail: voicebox@sip.sipwise.com
  • log.facility: rsyslog facility for asterisk log, defined in /etc/asterisk/logger.conf.
  • rtp.maxport: RTP maximum port used by asterisk.
  • rtp.minport: RTP minimun port used by asterisk.
  • sip.bindport: SIP asterisk internal bindport.
  • voicemail.greetings.*: set the audio file path for voicemail custom unavailable/busy greetings
  • voicemail.mailbody: Mail body for incoming voicemail.
  • voicemail.mailsubject: Mail subject for incoming voicemail.
  • voicemail.max_msg_length: Sets the maximum length of a voicemail message, in seconds.
  • voicemail.maxgreet: Sets the maximum length of voicemail greetings, in seconds.
  • voicemail.maxmsg: Sets the maximum number of messages that may be kept in any voicemail folder.
  • voicemail.min_msg_length: Sets the minimun length of a voicemail message, in seconds.
  • voicemail.maxsilence: Maxsilence defines how long Asterisk will wait for a contiguous period of silence before terminating an incoming call to voice mail. The default value is 0, which means the silence detector is disabled and the wait time is infinite.
  • voicemail.serveremail: Provides the email address from which voicemail notifications should be sent.
  • voicemail.normalize_match: Regular expression to match the From number for calls to voicebox.
  • voicemail.normalize_replace: Replacement string to return, in order to match an existing voicebox.

1.3. autoprov

The following is the autoprovisioning section:

    skip_vendor_redirect: 'no'
    bootstrap_port: 1445
    ca_certfile: '/etc/ngcp-config/ssl/client-auth-ca.crt'
    host: localhost
    port: 1444
    server_certfile: '/etc/ngcp-config/ssl/myserver.crt'
    server_keyfile: '/etc/ngcp-config/ssl/myserver.key'
    ssl_enabled: 'yes'
    config_lockdown: 0
    webauth: 0
  • autoprov.skip_vendor_redirect: Skip phone vendor redirection to the vendor provisioning web site.

1.4. backuptools

The following is the backup tools section:

    enable: 'no'
    enable: 'no'
    address: noc@company.org
    error_subject: '[ngcp-backup] Problems detected during daily backup'
    log_subject: '[ngcp-backup] Daily backup report'
    send_errors: 'no'
    send_log: 'no'
    enable: 'no'
    exclude_dbs: 'syslog sipstats information_schema'
  rotate_days: 7
  storage_dir: '/var/backup/ngcp_backup'
  temp_backup_dir: '/tmp/ngcp_backup'
  • backuptools.cdrexport_backup.enable: Enable backup of cdrexport (.csv) directory.
  • backuptools.etc_backup.enable: Enable backup of /etc/* directory.
  • backuptools.mail.address: Destination email address for backup emails.
  • backuptools.mail.error_subject: Subject for error emails.
  • backuptools.mail.log_subjetc: Subject for daily backup report.
  • backuptools.mail.send_error: Send daily backup error report.
  • backuptools.mail.send_log: Send daily backup log report.
  • backuptools.mysql_backup.enable: Enable daily mysql backup.
  • backuptools.mysql_backup.exclude_dbs: exclude mysql databases from backup.
  • backuptools.rotate_days: Number of days backup files should be kept. All files older than specified number of days are deleted from the storage directory.
  • backuptools.storage_dir: Storage directory of backups.
  • backuptools.storage_group: Name of the group that backup files should be owned by.
  • backuptools.storage_user: Name of the user that backup files should be owned by.
  • backuptools.temp_backup_dir: Temporary storage directory of backups.

1.5. cdrexport

The following is the cdr export section:

  daily_folder: 'yes'
  export_failed: 'no'
  export_incoming: 'no'
  exportpath: '/home/jail/home/cdrexport'
  full_names: 'yes'
  monthly_folder: 'yes'
  • cdrexport.daily_folder: Set yes if you want to create a daily folder for CDRs under the configured path.
  • cdrexport.export_failed: Export CDR for failed calls.
  • cdrexport.export_incoming: Export CDR for incoming calls.
  • cdrexport.exportpath: The path to store CDRs in .csv format.
  • cdrexport.full_names: Use full namen for CDRs instead of short ones.
  • cdrexport.monthly_folder: Set yes if you want to create a monthly folder (ex. 201301 for January 2013) for CDRs under configured path.

1.6. checktools

The following is the check tools section:

  active_check_enable: '1'
  asr_ner_statistics: '1'
    cpuidle: '0.1'
    dfused: '0.9'
    eximmaxqueue: '15'
    kamminshmem: '1048576'
    lbminshmem: '1048576'
    loadlong: '2'
    loadmedium: '2'
    loadshort: '3'
    maxage: 30
    memused: 0.98
    siptimeout: '15'
    sslcert_timetoexpiry: '30'
    sslcert_whitelist: []
    swapfree: 0.02
  exim_check_enable: '1'
  force: '0'
  kamailio_check_concurrent_calls_enable: '1'
  kamailio_check_dialog_active_enable: '1'
  kamailio_check_dialog_early_enable: '1'
  kamailio_check_dialog_incoming_enable: '1'
  kamailio_check_dialog_local_enable: '1'
  kamailio_check_dialog_outgoing_enable: '1'
  kamailio_check_dialog_relay_enable: '1'
  kamailio_check_shmem_enable: '1'
  kamailio_check_usrloc_regdevices_enable: '1'
  kamailio_check_usrloc_regusers_enable: '1'
  monitor_peering_groups: '1'
  mpt_check_enable: '0'
  mysql_check_enable: '1'
  mysql_check_replication: '1'
  mysql_replicate_check_interval: '3600'
  - accounting
  - billing
  - carrier
  - kamailio
  - ngcp
  - provisioning
  - prosody
  - rtcengine
  - stats
  - accounting.acc_backup
  - accounting.acc_trash
  - kamailio.acc_backup
  - kamailio.acc_trash
  - ngcp.pt_checksums_sp1
  - ngcp.pt_checksums_sp2
  - ngcp.pt_checksums
  oss_check_provisioned_subscribers_enable: '1'
  sip_check_enable: '1'
  sipstats_check_num_packets: '1'
  sipstats_check_num_packets_perday: '1'
  sipstats_check_partition_size: '1'
      - localhost
      - localhost
  • checktools.collcheck.cpuidle: Sets the minimum value for CPU usage (0.1 means 10%).
  • checktools.collcheck.dfused: Sets the maximun value for DISK usage (0.9 means 90%).
  • checktools.collcheck.loadlong/loadlong/loadshort: Max values for load (long, short, medium term).
  • checktools.collcheck.maxage: Max age in seconds.
  • checktools.collcheck.memused: Sets the maximun value for MEM usage (0.7 means 70%).
  • checktools.collcheck.siptimeout: Max timeout for sip options.
  • checktools.collcheck.swapfree: Sets the minimun value for SWAP free (0.5 means 50%).
  • checktools.exim_check_enable: Exim queue check plugin for ngcp-witnessd.
  • checktools.active_check_enable: Active node check plugin for ngcp-witnessd.
  • checktools.asr_ner_statistics: enable/Disable ASR/NER statistics.
  • checktools.force: Perform checks even if not active from ngcp-check-active command.
  • checktools.kamailio_check_*: Enable/Disable SNMP collective check pluglin for Kamailio.
  • checktools.mpt_check_enable: MPT raid SNMP check plugin.
  • checktools.mysql_check_enable: Enable/disable MySQL check SNMP plugin.
  • checktools.mysql_check_replication: Enable/disable MySQL replication check.
  • checktools.mysql_replicate_check_interval: MySQL replication check interval in seconds.
  • checktools.mysql_replicate_check_tables: List of tables that need to be checked for replication issues.
  • checktools.mysql_replicate_ignore_tables: List of tables that need to be ignored during replication check.
  • checktools.oss_check_provisioned_subscribers_enable: OSS provisioned subscribers count plugin.
  • checktools.sip_check_enable/sipstats_check_*: Enable/Disable SIP check plugins.
  • checktools.snmpd.communities.*: Sets the SNMP community and sources. Entries (i.e. the sources) under a community (like public in the example) are in a list format, each line starting with "-" and followed by the source address.
  • checktools.snmpd.trap_communities.*: Sets the SNMP TRAP community and destination for traps sent by NGCP. Format is the same as for checktools.snmpd.communities.

1.7. cleanuptools

The following is the cleanup tools section:

  acc_cleanup_days: 90
  archive_targetdir: '/var/backups/cdr'
  binlog_days: 15
  cdr_archive_months: 2
  cdr_backup_months: 2
  cdr_backup_retro: 3
  compress: gzip
    enabled: 'no'
    max_age_days: 30
        max_age_days: ~
        path: '/home/jail/home/*/20[0-9][0-9][0-9][0-9]/[0-9][0-9]'
        remove_empty_directories: 'yes'
        wildcard: 'yes'
        max_age_days: ~
        path: '/home/jail/home/cdrexport/resellers/*/20[0-9][0-9][0-9][0-9]/[0-9][0-9]'
        remove_empty_directories: 'yes'
        wildcard: 'yes'
        max_age_days: ~
        path: '/home/jail/home/cdrexport/system/20[0-9][0-9][0-9][0-9]/[0-9][0-9]'
        remove_empty_directories: 'yes'
        wildcard: 'yes'
  sql_batch: 10000
  trash_cleanup_days: 30
  • cleanuptools.acc_cleanup_days: CDR records in acc table in kamailio database will be deleted after this time
  • cleanuptools.binlog_days: Time after MySQL binlogs will be deleted.
  • cleanuptools.cdr_archive_months: How many months worth of records to keep in monthly CDR backup tables, instead of dumping them into archive files and dropping them from database.
  • cleanuptools.cdr_backup_months: How many months worth of records to keep in the current cdr table, instead of moving them into the monthly CDR backup tables.
  • cleanuptools.cdr_backup_retro: How many months to process for backups, going backwards in time and skipping cdr_backup_months months first, and store them in backup tables. Any older record will be left untouched.
  • cleanuptools.delete_old_cdr_files:

    • enabled: Enable (yes) or disable (no) exported CDR cleanup.
    • max_age_days: Gives the expiration time of the exported CDR files in days. There is a general value which may be overridden by a local value provided at a specific path. The local value is valid for the particular path only.
    • paths: an array of path definitions

      • path: a path where CDR files are to be found and deleted; this may contain wildcard characters
      • wildcard: Enable (yes) or disable (no) using wildcards in the path
      • remove_empty_directories: Enable (yes) or disable (no) removing empty directories if those are found in the given path
      • max_age_days: the local expiration time value for files in the particular path
  • cleanuptools.sql_batch: How many records to process within a single SQL statement.
  • cleanuptools.trash_cleanup_days: Time after CDRs from acc_trash and acc_backup tables in kamailio database will be deleted.

For the description of cleanuptools please visit Cleanuptools Description Section 15.4, “Accounting Data (CDR) Cleanup” section of the handbook.

1.8. cluster_sets

The following is the cluster sets section:

    dispatcher_id: 50
  default_set: default
  type: central
  • cluster_sets.<label>: an arbitrary label of the cluster set; in the above example we have default
  • cluster_sets.<label>.dispatcher_id: a unique, numeric value that identifies a particular cluster set
  • cluster_sets.default_set: selects the default cluster set
  • cluster_sets.type: the type of cluster set; can be central or distributed

1.9. database

The following is the database section:

  bufferpoolsize: 24768M
  • database.bufferpoolsize: Innodb_buffer_pool_size value in /etc/mysql/my.cnf

1.10. faxserver

The following is the fax server section:

  enable: yes
  fail_attempts: '3'
  fail_retry_secs: '60'
  mail_from: 'Sipwise NGCP FaxServer <voipfax@ngcp.sipwise.local>'
  • faxserver.enable: yes/no to enable or disable ngcp-faxserver on the platform respectively.
  • faxserver.fail_attempts: Amount of attempts to send a fax after which it is marked as failed.
  • faxserver.fail_retry_secs: Amount of seconds to wait between "fail_attemts".
  • faxserver.mail_from: Sets the e-mail From Header for incoming fax.

1.11. general

The following is the general section:

  adminmail: adjust@example.org
  companyname: sipwise
  lang: en
  maintenance: no
  production: yes
  timezone: localtime
  • general.adminmail: Email address used by monit to send notifications to.
  • general.companyname: Label used in SNMPd configuration.
  • general.lang: Sets sounds language (e.g: de for German)
  • general.production: Label to hint self-check scripts about installation mode.
  • general.maintenance: maintenance mode necessary for safe upgrades.
  • general.timezone: sip:provider CE Timezone

1.12. heartbeat

The following is the heartbeat section:

    action_max: 5
    enable: 'yes'
    interval: 10
    transition_max: 10
  • heartbeat.hb_watchdog.enable: Enable heartbeat watchdog in order to prevent and fix split brain scenario.
  • heartbeat.hb_watchdog.action_max: Max errors before taking any action.
  • heartbeat.hb_watchdog.interval: Interval in secs for the check.
  • heartbeat.hb_watchdog.transition_max: Max checks in transition state.
  • heartbeat.pingnodes: List of pingnodes for heartbeat. Minimun 2 entries, otherwise by default NGCP will set the default gateway and DNS servers as pingnodes.

1.13. intercept

The following is the legal intercept section:

    port: 18090
    schema: http
  enabled: 'no'
  • intercept.captagent.enable: Enable captagent for Lawful Interception (addiotional NGCP module).

1.14. kamailio

The following is the kamailio section:

    cfgt: no
      enable: no
      - level: '1'
        name: core
      - level: '3'
        name: xlog
    debug_level: '1'
    external_sbc: []
    extra_sockets: ~
    max_forwards: '70'
    mem_log: '1'
    mem_summary: '12'
    pkg_mem: '16'
    port: '5060'
    remove_isup_body_from_replies: no
      dos_ban_enable: yes
      dos_ban_time: '300'
      dos_reqs_density_per_unit: '50'
      dos_sampling_time_unit: '5'
      dos_whitelisted_ips: []
      dos_whitelisted_subnets: []
      failed_auth_attempts: '3'
      failed_auth_ban_enable: yes
      failed_auth_ban_time: '3600'
        enable: no
        mask_callid: no
    shm_mem: '64'
      enable: no
      user_agent_patterns: []
    start: yes
    strict_routing_safe: no
    syslog_options: yes
    tcp_children: 1
    tcp_max_connections: '2048'
      enable: no
      port: '5061'
      sslcertfile: /etc/ngcp-config/ssl/myserver.crt
      sslcertkeyfile: /etc/ngcp-config/ssl/myserver.key
    udp_children: 1
    use_dns_cache: on
    allow_info_method: no
    allow_msg_method: no
    allow_peer_relay: no
    allow_refer_method: no
    always_anonymize_from_user: no
    authenticate_bye: no
    cf_depth_limit: '10'
    cfgt: no
    check_prev_forwarder_as_upn: no
    children: 1
      enable: no
      - level: '1'
        name: core
      - level: '3'
        name: xlog
    debug_level: '1'
    default_expires: '3600'
    default_expires_range: '30'
    dlg_timeout: '43200'
        announce_code: '403'
        announce_reason: Blocked by Admin
        announce_code: '403'
        announce_reason: Blocked by Callee
        announce_code: '403'
        announce_reason: Blocked by Caller
        announce_code: '403'
        announce_reason: Blocked by Contract
        announce_code: '403'
        announce_reason: Block in
        announce_code: '403'
        announce_reason: Blocked out
        announce_code: '403'
        announce_reason: Incorrect Override PIN
        announce_code: '486'
        announce_reason: Busy Here
        announce_code: '480'
        announce_reason: Offline
        announce_code: '480'
        announce_reason: Temporarily Unavailable
        announce_code: '480'
        announce_reason: Unavailable
        announce_code: '408'
        announce_reason: Request Timeout
        announce_code: '404'
        announce_reason: Not Found
        announce_code: '480'
        announce_reason: Unavailable
        announce_code: '404'
        announce_reason: Emergency code not available in this region
        announce_code: '403'
        announce_reason: Emergency Calls Not Supported
        announce_code: '484'
        announce_reason: Speed-Dial slot empty
        announce_code: '403'
        announce_reason: Callee locked
        announce_code: '403'
        announce_reason: Caller locked
        announce_code: '486'
        announce_reason: Busy
        announce_code: '403'
        announce_reason: Maximum parallel calls exceeded
        announce_code: '402'
        announce_reason: Insufficient Credit
        announce_code: '503'
        announce_reason: PSTN Termination Currently Unavailable
        announce_code: '403'
        announce_reason: VSC Forbidden
        announce_code: '403'
        announce_reason: Relaying Denied
        announce_code: '403'
        announce_reason: Unauthorized IP detected
      enabled: no
      register_fake_200: yes
      register_fake_expires: '3600'
      reject_code: '503'
      reject_reason: Temporary Unavailable
      retry_after: '3600'
    enum_suffix: e164.arpa.
    expires_range: '30'
    filter_100rel_from_supported: no
    filter_failover_response: 408|500|503
    foreign_domain_via_peer: no
      enable: no
      - 0$avp(caller_ac)
      - $avp(caller_cc)$avp(caller_ac)
      - \+$avp(caller_cc)$avp(caller_ac)
      - 00$avp(caller_cc)$avp(caller_ac)
      - '112'
      - '110'
      - 118[0-9]{2}
    ignore_auth_realm: no
    ignore_subscriber_allowed_clis: no
    keep_original_to: no
    latency_limit_action: '100'
    latency_limit_db: '500'
    latency_log_level: '1'
    latency_runtime_action: 1000
        add_caller_cc_to_lnp_dst: no
        - ^EE00
        - ^DD00
        keepalive_interval: '3'
        lnp_request_blacklist: []
        lnp_request_whitelist: []
        port: '8991'
        reply_error_on_lnp_failure: no
        request_timeout: '1000'
        server: localhost
      enabled: no
      skip_callee_lnp_lookup_from_any_peer: no
      type: api
    lookup_peer_destination_domain_for_pbx: no
      enable: no
      expire: '1'
      max: '5'
    max_expires: '43200'
    max_gw_lcr: '128'
    max_registrations_per_subscriber: '5'
    mem_log: '1'
    mem_summary: '12'
    min_expires: '60'
      sipping_from: sip:pinger@sipwise.local
    nathelper_dbro: no
    natping_interval: '30'
    natping_processes: 1
    nonce_expire: '300'
      hunt_display_fallback_format: '[H %s]'
      hunt_display_fallback_indicator: $var(cloud_pbx_hg_ext)
      hunt_display_format: '[H %s]'
      hunt_display_indicator: $var(cloud_pbx_hg_displayname)
      hunt_display_maxlength: 8
      ignore_cf_when_hunting: no
      available_treshold: '1'
      enable: yes
      from_uri_domain: probe.ngcp.local
      from_uri_user: ping
      interval: '10'
      method: OPTIONS
      reply_codes: class=2;class=3;code=403;code=404;code=405
      timeout: '5'
      unavailable_treshold: '1'
    perform_peer_failover_on_tm_timeout: yes
    perform_peer_lcr: no
    pkg_mem: '32'
    port: '5062'
      enable: yes
      max_expires: '3600'
      reginfo_domain: example.org
    proxy_lookup: no
      apns_alert: New call
      apns_sound: incoming_call.xaf
    report_mos: yes
    set_ruri_to_peer_auth_realm: no
    shm_mem: '125'
    start: yes
    store_recentcalls: no
    syslog_options: yes
    tcp_children: 1
      fr_inv_timer: '180000'
      fr_timer: '9000'
    treat_600_as_busy: yes
    use_enum: no
    usrloc_dbmode: '1'
    voicebox_first_caller_cli: yes
  • kamailio.lb.cfgt: Enable/disable unit test config file execution tracing.
  • kamailio.lb.debug.enable: Enable per-module debug options.
  • kamailio.lb.debug.modules: List of modules to be traced with respective debug level.
  • kamailio.lb.debug_level: Default debug level for kamailio-lb.
  • kamailio.lb.external_sbc: SIP URI of external SBC used in the Via Route option of peering server.
  • kamailio.lb.extra_sockets: Add here extra sockets for Load Balancer.
  • kamailio.lb.max_forwards: Set the value for the Max Forwards SIP header for outgoing messages.
  • kamailio.lb.mem_log: Specifies on which log level the memory statistics will be logged.
  • kamailio.lb.mem_summary: Parameter to control printing of memory debugging information on exit or SIGUSR1 to log.
  • kamailio.lb.nattest_exception_ips: List of IPs that don’t need the NAT test.
  • kamailio.lb.shm_mem: Shared memory used by Kamailio Load Balancer.
  • kamailio.lb.pkg_mem: PKG memory used by Kamailio Load Balancer.
  • kamailio.lb.port: Default listen port.
  • kamailio.lb.remove_isup_body_from_replies: Enable/disable stripping of ISUP part from the message body.
  • kamailio.lb.security.dos_ban_enable: Enable/Disable DoS Ban.
  • kamailio.lb.security.dos_ban_time: Sets the ban time.
  • kamailio.lb.security.dos_reqs_density_per_unit: Sets the requests density per unit (if we receive more then * lb.dos_reqs_density_per_unit within dos_sampling_time_unit the user will be banned).
  • kamailio.lb.security.dos_sampling_time_unit: Sets the DoS unit time.
  • kamailio.lb.security.dos_whitelisted_ips: Write here the whitelisted IPs.
  • kamailio.lb.security.dos_whitelisted_subnets: Write here the whitelisted IP subnets.
  • kamailio.lb.security.failed_auth_attempts: Sets how many authentication attempts allowed before ban.
  • kamailio.lb.security.failed_auth_ban_enable: Enable/Disable authentication ban.
  • kamailio.lb.security.failed_auth_ban_time: Sets how long a user/IP has be banned.
  • kamailio.lb.topoh.enable: Enable topology hiding module (see the Topology Hiding Section 16.6, “Topology Hiding” subchapter for a detailed description).
  • kamailio.lb.topoh.mask_callid: if set to yes, the SIP Call-ID header will also be encoded.
  • kamailio.lb.topoh.mask_ip: an IP address that will be used to create valid SIP URIs, after encoding the real/original header content.
  • kamailio.lb.start: Enable/disable kamailio-lb service.
  • kamailio.lb.strict_routing_safe: Enable strict routing handle feature.
  • kamailio.lb.syslog_options: Enable/disable logging of SIP OPTIONS messages to kamailio-options-lb.log.
  • kamailio.lb.tcp_children: Number of TCP worker processes.
  • kamailio.lb.tcp_max_connections: Maximum number of open TCP connections.
  • kamailio.lb.tls.enable: Enable TLS socket.
  • kamailio.lb.tls.port: Set TLS listening port.
  • kamailio.lb.tls.sslcertificate: Path for the SSL certificate.
  • kamailio.lb.tls.sslcertkeyfile: Path for the SSL key file.
  • kamailio.lb.udp_children: Number of UDP worker processes.
  • kamailio.lb.use_dns_cache: Enable/disable use of internal DNS cache.
  • kamailio.proxy.allow_info_method: Allow INFO method.
  • kamailio.proxy.allow_msg_method: Allow MESSAGE method.
  • kamailio.proxy.allow_peer_relay: Allow peer relay. Call coming from a peer that doesn’t match a local subscriber will try to go out again, matching the peering rules.
  • kamailio.proxy.allow_refer_method: Allow REFER method. Enable it with caution.
  • kamailio.proxy.always_anonymize_from_user: Enable anonymization of full From URI (as opposed to just From Display-name part by default), has same effect as enabling the preference anonymize_from_user for all peers.
  • kamailio.proxy.authenticate_bye: Enable BYE authentication.
  • kamailio.proxy.cf_depth_limit: CF loop detector. How many CF loops are allowed before drop the call.
  • kamailio.proxy.cfgt: Enable/disable unit test config file execution tracing.
  • kamailio.proxy.check_prev_forwarder_as_upn: Enable/disable validation of the forwarder’s number taken from the Diversion or History-Info header.
  • kamailio.proxy.children: Number of UDP worker processes.
  • kamailio.proxy.debug.enable: Enable per-module debug options.
  • kamailio.proxy.debug.modules: List of modules to be traced with respective debug level.
  • kamailio.proxy.debug_level: Default debug level for kamailio-proxy.
  • kamailio.proxy.default_expires: Default expires value in seconds for a new registration (for REGISTER messages that contains neither Expires HFs nor expires contact parameters).
  • kamailio.proxy.default_expires_range: This parameter specifies that the expiry used for the registration should be randomly chosen within default_expires_range seconds of the default_expires parameter.
  • kamailio.proxy.dlg_timeout: Dialog timeout in seconds (by default 43200 sec - 12 hours).
  • kamailio.proxy.early_rejects: Customize here the response codes and sound prompts for various reject scenarios. See the subchapter Configuring Early Reject Sound Sets Section 7.13.1, “Configuring Early Reject Sound Sets” for a detailed description.
  • kamailio.proxy.emergency_prioritization.enabled: Enable an emergency mode support.
  • kamailio.proxy.emergency_prioritization.register_fake_200: When enabled, generates a fake 200 response to REGISTER from non-prioritized subscriber in emergency mode.
  • kamailio.proxy.emergency_prioritization.register_fake_expires: Expires value for the fake 200 response to REGISTER.
  • kamailio.proxy.emergency_prioritization.reject_code: Reject code for the non-emergency request.
  • kamailio.proxy.emergency_prioritization.reject_reason: Reject reason for the non-emergency request.
  • kamailio.proxy.emergency_prioritization.retry_after: Retry-After value when rejecting the non-emergency request.


    In order to learn about details of emergency priorization function of NGCP please refer to Section 7.6, “Emergency Priorization” part of the handbook.

  • kamailio.proxy.enum_suffix: Sets ENUM suffix - don’t forget . (dot).
  • kamailio.proxy.expires_range: Set randomization of expires for REGISTER messages (similar to default_expires_range but applies to recieved expires value).
  • kamailio.proxy.filter_100rel_from_supported: Enable filtering of 100rel from Supported header, to disable PRACK.
  • kamailio.proxy.filter_failover_response: Specify the list of SIP responses that trigger a failover on the next available peering server.
  • kamailio.proxy.foreign_domain_via_peer: Enable/disable of routing of calls to foreign SIP URI via peering servers.
  • kamailio.proxy.fritzbox.enable: Enable detection for Fritzbox special numbers. Ex. Fritzbox add some prefix to emergency numbers.
  • kamailio.proxy.fritzbox.prefixes: Fritybox prefixes to check. Ex. 0$avp(caller_ac)
  • kamailio.proxy.fritzbox.special_numbers: Specifies Fritzbox special number patterns. They will be checked with the prefixes defined. Ex. 112, so the performed check will be sip:0$avp(caller_ac)112@ if prefix is 0$avp(caller_ac)
  • kamailio.proxy.ignore_auth_realm: Ignore SIP authentication realm.
  • kamailio.proxy.ignore_subscriber_allowed_clis: Set to yes to ignore the subscriber’s allowed_clis preference so that the User-Provided CLI is only checked against customer’s allowed_clis preference.
  • kamailio.proxy.latency_limit_action: Limit of runtime in ms for config actions. If a config action executed by cfg interpreter takes longer than this value, a message is printed in the logs.
  • kamailio.proxy.latency_limit_db: Limit of runtime in ms for DB queries. If a DB operation takes longer than this value, a warning is printed in the logs.
  • kamailio.proxy.latency_log_level: Log level to print the messages related to latency. Defaut is 1 (INFO).
  • kamailio.proxy.latency_runtime_action: Limit of runtime in ms for SIP message processing cycle. If the SIP message processing takes longer than this value, a warning is printed in the logs.
  • kamailio.proxy.keep_original_to: Not used now.
  • kamailio.proxy.lnp.api.add_caller_cc_to_lnp_dst: Enable/disable adding of caller country code to LNP routing number of the result (no by default, LNP result in E.164 format is assumed).
  • kamailio.proxy.lnp.api.invalid_lnp_routing_codes [only for api type]: number matching pattern for routing numbers that represent invalid call destinations; an announcement is played in that case and the call is dropped.
  • kamailio.proxy.lnp.api.keepalive_interval: Not used now.
  • kamailio.proxy.lnp.api.lnp_request_whitelist [only for api type]: list of matching patterns of called numbers for which LNP lookup must be done.
  • kamailio.proxy.lnp.api.lnp_request_blacklist [only for api type]: list of matching patterns of called numbers for which LNP lookup must not be done.
  • kamailio.proxy.lnp.api.port: Not used now.
  • kamailio.proxy.lnp.api.reply_error_on_lnp_failure: Specifies whether platform should drop the call in case of LNP API server failure or continue routing the call to the original callee without LNP.
  • kamailio.proxy.lnp.api.request_timeout [only for api type]: timeout in milliseconds while Proxy waits for the response of an LNP query from Sipwise LNP daemon.
  • kamailio.proxy.lnp.api.server: Not used now.
  • kamailio.proxy.lnp.enabled: Enable/disable LNP (local number portability) lookup during call setup.
  • kamailio.proxy.lnp.skip_callee_lnp_lookup_from_any_peer: if set to yes, the destination LNP lookup is skipped (has same effect as enabling preference skip_callee_lnp_lookup_from_any_peer for all peers).
  • kamailio.proxy.lnp.type: method of LNP lookup; valid values are: local (local LNP database) and api (LNP lookup through external gateways). PLEASE NOTE: the api type of LNP lookup is only available for NGCP PRO / CARRIER installations.
  • kamailio.proxy.lookup_peer_destination_domain_for_pbx: one of [yes, no, peer_host_name] - Sets the content of destination_domain CDR field for calls between CloudPBX subscribers. In case of no this field contains name of CloudPBX domain; yes: peer destination domain; peer_host_name: human-readable name of the peering server.
  • kamailio.proxy.loop_detection.enable: Enable the SIP loop detection based on the combination of SIP-URI, To and From header URIs.
  • kamailio.proxy.loop_detection.expire: Sampling interval in seconds for the incoming INVITE requests (by default 1 sec).
  • kamailio.proxy.loop_detection.max: Maximum allowed number of SIP requests with the same SIP-URI, To and From header URIs within sampling interval. Requests in excess of this limit will be rejected with 482 Loop Detected response.
  • kamailio.proxy.max_expires: Sets the maximum expires in seconds for registration.
  • kamailio.proxy.max_gw_lcr: Defines the maximum number of gateways in lcr_gw table
  • kamailio.proxy.max_registrations_per_subscriber: Sets the maximum registration per subscribers.
  • kamailio.proxy.mem_log: Specifies on which log level the memory statistics will be logged.
  • kamailio.proxy.mem_summary: Parameter to control printing of memory debugging information on exit or SIGUSR1 to log.
  • kamailio.proxy.min_expires: Sets the minimum expires in seconds for registration.
  • kamailio.proxy.nathelper.sipping_from: Set the From header in OPTIONS NAT ping.
  • kamailio.proxy.nathelper_dbro: Default is "no". This will be "yes" on CARRIER in order to activate the use of a read-only connection using LOCAL_URL
  • kamailio.proxy.natping_interval: Sets the NAT ping interval in seconds.
  • kamailio.proxy.natping_processes: Set the number of NAT ping worker processes.
  • kamailio.proxy.nonce_expire: Nonce expire time in seconds.
  • kamailio.proxy.pbx.hunt_display_fallback_format: Default is [H %s]. Sets the format of the hunt group indicator that is sent as initial part of the From Display Name when subscriber is called as a member of PBX hunt group if the preferred format defined by the hunt_display_format and hunt_display_indicator can not be used (as in the case of not provisioned subscriber settings). The %s part is replaced with the value of the hunt_display_fallback_indicator variable.
  • kamailio.proxy.pbx.hunt_display_fallback_indicator: The internal kamailio variable that sets the number or extension of the hunt group. Default is $var(cloud_pbx_hg_ext) which is populated during call routing with the extension of the hunt group.
  • kamailio.proxy.pbx.hunt_display_format: Default is [H %s]. Sets the format of hunt group indicator that is sent as initial part of the From Display Name when subscriber is called as a member of PBX hunt group. This is the preferred (default) indicator format with Display Name, where the %s part is replaced with the value of the hunt_display_indicator variable.
  • kamailio.proxy.pbx.hunt_display_indicator: The internal kamailio variable that contains the preferred identifier of the hunt group. Default is $var(cloud_pbx_hg_displayname) which is populated during call routing with the provisioned Display Name of the hunt group.
  • kamailio.proxy.pbx.hunt_display_maxlength: Default is 8. Sets the maximum length of the variable used as the part of hunt group indicator in Display Name. The characters beyond this limit are truncated in order for hunt group indicator and calling party information to fit on display of most phones.
  • kamailio.proxy.pbx.ignore_cf_when_hunting: Default is no. Whether to disregard all individual call forwards (CFU, CFB, CFT and CFNA) of PBX extensions when they are called via hunt groups. Note that call forwards configured to local services such as Voicebox or Conference are always skipped from group hunting.
  • kamailio.proxy.peer_probe.enable: Enable the peer probing, must be also checked per individual peer in the panel/API.
  • kamailio.proxy.peer_probe.interval: Peer probe interval in seconds.
  • kamailio.proxy.peer_probe.timeout: Peer probe response wait timeout in seconds.
  • kamailio.proxy.peer_probe.reply_codes: Defines the response codes that are considered successful response to the configured probe request, e.g. class=2;class=3;code=403;code=404;code=405, with class defining a code range.
  • kamailio.proxy.peer_probe.unavailable_treshold: Defines after how many failed probes a peer is considered unavailable.
  • kamailio.proxy.peer_probe.available_treshold: Defines after how many successful probes a peer is considered available.
  • kamailio.proxy.peer_probe.from_uri_user: From-userpart for the probe requests.
  • kamailio.proxy.peer_probe.from_uri_domain From-hostpart for the probe requests.
  • kamailio.proxy.peer_probe.method: [OPTIONS|INFO] - Request method for probe request.


    You can find more information about peer probing configuration in Section 7.10.2, “Configuration of Peer Probing” of the handbook.

  • kamailio.proxy.perform_peer_failover_on_tm_timeout: Specifies the failover behavior when maximum ring timeout (fr_inv_timer) has been reached. In case it is set to yes: failover to the next peer if any; in case of no stop trying other peers.
  • kamailio.proxy.perform_peer_lcr: Enable/Disable Least Cost Routing based on peering fees.
  • kamailio.proxy.pkg_mem: PKG memory used by Kamailio Proxy.
  • kamailio.proxy.shm_mem: Shared memory used by Kamailio Proxy.
  • kamailio.proxy.port: SIP listening port.
  • kamailio.proxy.presence.enable: Enable/disable presence feature
  • kamailio.proxy.presence.max_expires: Sets the maximum expires value for PUBLISH/SUBSCRIBE message. Defines expiration of the presentity record.
  • kamailio.proxy.presence.reginfo_domain: Set FQDN of the NGCP domain used in callback for mobile push.
  • kamailio.proxy.push.apns_alert: Set the content of alert field towards APNS.
  • kamailio.proxy.push.apns_sound: Set the content of sound field towards APNS.
  • kamailio.proxy.report_mos: Enable MOS reporting in the log file.
  • kamailio.proxy.set_ruri_to_peer_auth_realm: Set R-URI using peer auth realm.
  • kamailio.proxy.start: Enable/disable kamailio-proxy service.
  • kamailio.proxy.store_recentcalls: Store recent calls to redis (used by Malicious Call Identification application).
  • kamailio.proxy.syslog_options: Enable/disable logging of SIP OPTIONS messages to kamailio-options-proxy.log.
  • kamailio.proxy.tcp_children: Number of TCP worker processes.
  • kamailio.proxy.tm.fr_inv_timer: Set INVITE transaction timeout if no final reply for an INVITE arrives after a provisional message was received (ringing timeout).
  • kamailio.proxy.tm.fr_timer: Set INVITE transaction timeout if the destination is not responding with provisional response message.
  • kamailio.proxy.treat_600_as_busy: Enable the 6xx response handling according to RFC3261. When enabled, the 6xx response should stop the serial forking. Also, CFB will be triggered or busy prompt played as in case of 486 Busy response.
  • kamailio.proxy.use_enum: Enable/Disable ENUM feature.
  • kamailio.proxy.usrloc_dbmode: Set the mode of database usage for persistent contact storage.
  • kamailio.proxy.voicebox_first_caller_cli: When enabled the previous forwarder’s CLI will be used as caller CLI in case of chained Call Forwards.

1.15. mediator

The following is the mediator section:

  interval: 10
  • mediator.interval: Running interval of mediator.

1.16. modules

The following is the modules section:

  - enable: no
    name: dummy
    options: numdummies=2
  • modules: list of configs needed for load kernel modules on boot.
  • enable: Enable/disable loading of the specific module (yes/no)
  • name: kernel module name
  • options: kernel module options if needed

1.17. nginx

The following is the nginx section:

  status_port: 8081
  xcap_port: 1080
  • nginx.status_port: Status port used by nginx server
  • nginx.xcap_port: XCAP port used by nginx server

1.18. ntp

The following is the ntp server section:

    - 0.debian.pool.ntp.org
    - 1.debian.pool.ntp.org
    - 2.debian.pool.ntp.org
    - 3.debian.pool.ntp.org
  • ntp.servers: Define your NTP server list.

1.19. ossbss

The following is the ossbss section:

    port: 2443
    proxyluport: 1080
      sslcertfile: '/etc/ngcp-panel/api_ssl/api_ca.crt'
      sslcertkeyfile: '/etc/ngcp-panel/api_ssl/api_ca.key'
    serveradmin: support@sipwise.com
    servername: "\"myserver\""
    ssl_enable: 'yes'
    sslcertfile: '/etc/ngcp-config/ssl/myserver.crt'
    sslcertkeyfile: '/etc/ngcp-config/ssl/myserver.key'
  frontend: 'no'
      pass: '{SHA}w4zj3mxbmynIQ1jsUEjSkN2z2pk='
      user: ngcpsoap
        facility: daemon
        identity: oss
        level: info
        facility: local7
        level: info
      facility: local0
      identity: provisioning
      level: DEBUG
      facility: local0
      level: DEBUG
    allow_ip_as_domain: 1
    allow_numeric_usernames: 0
    auto_allow_cli: 1
      account_distribution_function: roundrobin
      prov_distribution_function: roundrobin
        domain: example.com
          - nobody@example.com
        threshold: 1000
    faxpw_min_char: 0
    log_passwords: 0
    no_logline_truncate: 0
    pw_min_char: 6
      ac_regex: '[1-9]\d{0,4}'
      cc_regex: '[1-9]\d{0,3}'
      sn_regex: '[1-9]\d+'
    tmpdir: '/tmp'
  • ossbss.frontend: Enable disable SOAP interface. Set value to fcgi to enable old SOAP interface.
  • ossbss.htpasswd: Sets the username and SHA hashed password for SOAP access. You can generate the password using the following command: htpasswd -nbs myuser mypassword.
  • ossbss.provisioning.allow_ip_as_domain: Allow or not allow IP address as SIP domain (0 is not allowed).
  • ossbss.provisioning.allow_numeric_usernames: Allow or not allow numeric SIP username (0 is not allowed).
  • ossbss.provisioning.faxpw_min_char: Minimum number of characters for fax passwords.
  • ossbss.provisioning.pw_min_char: Minimum number of characters for sip passwords.
  • ossbss.provisioning.log_password: Enable logging of passwords.
  • ossbss.provisioning.routing: Regexp for allowed AC (Area Code), CC (Country Code) and SN (Subscriber Number).

1.20. pbx (only with additional cloud PBX module installed)

The following is the PBX section:

  bindport: 5085
  enable: 'no'
  highport: 55000
  lowport: 50001
  media_processor_threads: 10
  session_processor_threads: 10
  xmlrpcport: 8095
  • pbx.enable: Enable Cloud PBX module.

1.21. prosody

The following is the prosody section:

  ctrl_port: 5582
  log_level: info
  • prosody.ctrl_port: XMPP server control port.
  • prosody.log_level: Prosody loglevel.

1.22. pushd

The following is the pushd section:

    enable: yes
    endpoint: api.push.apple.com
    endpoint_port: 0
    - certificate: '/etc/ngcp-config/ssl/PushCallkitCert.pem'
      enable: yes
      key: '/etc/ngcp-config/ssl/PushCallkitKey.pem'
      type: callkit
      ec_key: '/etc/ngcp-config/ssl/AuthKey_ABCDE12345.pem'
      ec_key_id: 'ABCDE12345'
      enable: yes
      issuer: 'VWXYZ67890'
      tls_certificate: ''
      tls_key: ''
      topic: 'com.example.appID'
      certificate: '/etc/ngcp-config/ssl/PushChatCert.pem'
      feedback_endpoint: feedback.push.apple.com
      feedback_interval: '3600'
      key: '/etc/ngcp-config/ssl/PushChatKey.pem'
    socket_timeout: 0
  - apns:
      endpoint: api.push.apple.com
      - certificate: '/etc/ngcp-config/ssl/PushCallkitCert-example.com.pem'
        enable: no
        key: '/etc/ngcp-config/ssl/PushCallkitKey-example.com.pem''
        type: callkit
        ec_key: '/etc/ngcp-config/ssl/AuthKey_54321EDCBA.pem'
        ec_key_id: '54321EDCBA'
        issuer: '09876ZYXWV'
        tls_certificate: ''
        tls_key: ''
        topic: 'com.example.otherAppID'
        certificate: '/etc/ngcp-config/ssl/PushChatCert-example.com.pem'
        feedback_endpoint: feedback.push.apple.com
        key: '/etc/ngcp-config/ssl/PushChatKey-example.com.pem'
    domain: example.com
    enable: yes
      key: 'google_api_key_for_example.com_here'
  enable: yes
    enable: yes
    key: 'google_api_key_here'
      call: high
      groupchat: normal
      invite: normal
      message: normal
    exclude: []
    force_persistent: 'true'
    owner_on_join: 'true'
  one_device_per_subscriber: no
  port: 45060
  processes: 4
  ssl: yes
  sslcertfile: /etc/ngcp-config/ssl/CAsigned.crt
  sslcertkeyfile: /etc/ngcp-config/ssl/CAsigned.key
  unique_device_ids: no
  • pushd.enable: Enable/Disable the Push Notification feature.
  • pushd.apns.enable: Enable/Disable Apple push notification.
  • pushd.apns.endpoint: API endpoint hostname or address. Should be one of api.push.apple.com or api.development.push.apple.com for the newer HTTP2/JWT based protocol, or one of gateway.push.apple.com or gateway.sandbox.push.apple.com for the legacy protocol.
  • pushd.apns.endpoint_port: API endpoint port. Normally 443 or alternatively 2197 for the newer HTTP2/JWT based protocol, or 2195 for the legacy protocol.
  • pushd.apns.legacy: Contains all options specific to the legacy APNS protocol. Ignored when HTTP2/JWT is in use.
  • pushd.apns.legacy.certificate: Specify the Apple certificate for push notification https requests from the NGCP to an endpoint.
  • pushd.apns.legacy.key: Specify the Apple key for push notification https requests from the NGCP to an endpoint.
  • pushd.apns.legacy.feedback_endpoint: Hostname or address of the APNS feedback service. Normally one of feedback.push.apple.com or feedback.sandbox.push.apple.com.
  • pushd.apns.legacy.feedback_interval: How often to poll the feedback service, in seconds.
  • pushd.apns.extra_instances: If the iOS app supports Callkit push notifications, they can be enabled here and the required separate certificate and key can be specified. Ignored if HTTP2/JWT is enabled.
  • pushd.http2_jwt: Contains all options specific to the newer HTTP2/JWT based APNS API protocol.
  • pushd.http2_jwt.ec_key: Name of file that contains the elliptic-curve (EC) cryptographic key provided by Apple, in PEM format.
  • pushd.http2_jwt.ec_key_id: 10-digit identification string of the EC key in use.
  • pushd.http2_jwt.enable: Master switch for the HTTP2/JWT based protocol. Disables the legacy protocol when enabled.
  • pushd.http2_jwt.issuer: Issuer string for the JWT token. Normally the 10-digit team ID string for which the EC key was issued.
  • pushd.http2_jwt.tls_certificate: Optional client certificate to use for the TLS connection.
  • pushd.http2_jwt.tls_key: Optional private key for the client certificate to use for the TLS connection.
  • pushd.http2_jwt.topic: Topic string for the JWT token. Normally the bundle ID for the iOS app.
  • pushd.gcm.enable: Enable/Disable Google push notification.
  • pushd.gcm.key: Specify the Google key for push notification https requests from the NGCP to an endpoint.
  • pushd.domains: Supports a separate set of push configurations (API keys, certificates, etc) for all subscribers of the given domain.
  • pushd.muc.exclude: list of MUC room jids excluded from sending push notifications.
  • pushd.muc.force_persistent: Enable/Disable MUC rooms to be persistent. Needed for NGCP app to work with other clients.
  • pushd.muc.owner_on_join: Enable/Disable all MUC participants to be owners of the MUC room. Needed for NGCP app to work with other clients.
  • pushd.ssl: The security protocol the NGCP uses for https requests from the app in the push notification process.
  • pushd.sslcertfile: The trusted certificate file purchased from a CA
  • pushd.sslcertkeyfile: The key file that purchased from a CA
  • pushd.unique_device_ids: Allows a subscriber to register the app and have the push notification enabled on more than one mobile device.

1.23. qos

The following is the QOS section:

  tos_rtp: 184
  tos_sip: 184
  • qos.tos_rtp: TOS value for RTP traffic.
  • qos.tos_sip: TOS value for SIP traffic.

1.24. rate-o-mat

The following is the rate-o-mat section:

  enable: 'yes'
  loopinterval: 10
  splitpeakparts: 0
  • rateomat.enable: Enable/Disable Rate-o-mat
  • rateomat.loopinterval: How long we shall sleep before looking for unrated CDRs again.
  • rateomat.splitpeakparts: Whether we should split CDRs on peaktime borders.

1.25. redis

The following is the redis section:

  database_amount: 16
  port: 6379
  syslog_ident: redis
  • redis.database_amout: Set the number of databases in redis. The default database is DB 0.
  • redis.port: Accept connections on the specified port, default is 6379
  • redis.syslog_ident: Specify the syslog identity.

1.26. reminder

The following is the reminder section:

  retries: 2
  retry_time: 60
  sip_fromdomain: voicebox.sipwise.local
  sip_fromuser: reminder
  wait_time: 30
  weekdays: '2, 3, 4, 5, 6, 7'
  • reminder.retries: How many times the reminder feature have to try to call you.
  • reminder.retry_time: Seconds between retries.
  • reminder.wait_time: Seconds to wait for an answer.

1.27. rsyslog

The following is the rsyslog section:

      resumeretrycount: '-1'
    bulkmode: 'on'
    dynSearchIndex: 'on'
    enable: 'yes'
      dequeuebatchsize: 300
      size: 5000
      type: linkedlist
  external_log: 0
  external_loglevel: warning
  external_port: 514
  external_proto: udp
  ngcp_logs_preserve_days: 93
  • rsyslog.elasticsearch.enable: Enable/Disable Elasticsearch web interface
  • rsyslog.external_address: Set the remote rsyslog server.
  • rsyslog.ngcp_logs_preserve_days: Specify how many days to preserve old rotated log files in /var/log/ngcp/old path.

1.28. rtpproxy

The following is the rtp proxy section:

  allow_userspace_only: yes
  enabled: yes
  firewall_iptables_chain: ''
  log_level: '6'
  maxport: '40000'
  minport: '30000'
  prefer_bind_on_internal: no
    enabled: no
    mp3_bitrate: '48000'
    nfs_remote_path: /var/recordings
    output_dir: /var/lib/rtpengine-recording
    output_format: wav
    output_mixed: yes
    output_single: yes
    resample: no
    resample_to: '16000'
    spool_dir: /var/spool/rtpengine
  rtp_timeout: '60'
  rtp_timeout_onhold: '3600'
  • rtpproxy.allow_userspace_only: Enable/Disable the user space failover for rtpengine (yes means enable). By default rtpengine works in kernel space.
  • rtpproxy.firewall_iptables_chain: If set, rtpengine will create an iptables rule for each individual media port opened in this chain.
  • rtpproxy.log_level: Verbosity of log messages. The default 6 logs everything except debug messages. Increase to 7 to log everything, or decrease to make logging more quiet.
  • rtpproxy.maxport: Maximum port used by rtpengine for RTP traffic.
  • rtpproxy.minport: Minimum port used by rtpengine for RTP traffic.
  • rtpproxy.recording.enabled: Enable support for call recording.
  • rtpproxy.recording.mp3_bitrate: If saving audio as MP3, bitrate of the output file.
  • rtpproxy.recording.nfs_host: Mount an NFS share from this host for storage.
  • rtpproxy.recording.nfs_remote_path: Remote path of the NFS share to mount.
  • rtpproxy.recording.output_dir: Local mount point for the NFS share.
  • rtpproxy.recording.output_format: Either wav for PCM output or mp3.
  • rtpproxy.recording.output_mixed: Create output audio files with all contributing audio streams mixed together.
  • rtpproxy.recording.output_single: Create separate audio files for each contributing audio stream.
  • rtpproxy.recording.resample: Resample all audio to a fixed bitrate (yes or no).
  • rtpproxy.recording.resample_to: If resampling is enabled, resample to this sample rate.
  • rtpproxy.recording.spool_dir: Local directory for temporary metadata file storage.
  • rtpproxy.rtp_timeout: Consider a call dead if no RTP is received for this long (60 seconds).
  • rtpproxy.rtp_timeout_onhold: Maximum limit in seconds for an onhold (1h).

1.29. security

The following is the security section. Usage of the firewall subsection is described in Section 16.2, “Firewalling”:

    enable: no
      days_kept: '7'
      enable: yes
      file: /var/log/firewall.log
      tag: NGCPFW
    nat_rules4: ~
    nat_rules6: ~
      forward: DROP
      input: DROP
      output: ACCEPT
    rules4: ~
    rules6: ~
  • security.firewall.enable: Enable/disable iptables configuration and rule generation for IPv4 and IPv6 (default: no)
  • security.firewall.logging.days_kept: Number of days logfiles are kept on the system before being deleted (log files are rotated daily, default: 7)
  • security.firewall.logging.enable: Enables/disables logging of all packets dropped by the NGCP firewall (default: yes)
  • security.firewall.logging.file: File firewall log messages go to (default: /var/log/firewall.log)
  • security.firewall.logging.tag: String prepended to all log messages (internally DROP is added to any tag indicating the action triggering the message, default: NGCPFW)
  • security.firewall.nat_rules4: Optional list of IPv4 firewall rules added to table nat using iptables-persistent syntax (default: undef)
  • security.firewall.nat_rules6: Optional list of IPv6 firewall rules added to table nat using iptables-persistent syntax (default: undef)
  • security.firewall.policies.forward: Default policy for iptables FORWARD chain (default: DROP)
  • security.firewall.policies.input: Default policy for iptables INPUT chain (default: DROP)
  • security.firewall.policies.output: Default policy for iptables OUTPUT chain (default: ACCEPT)
  • security.firewall.rules4: Optional list of IPv4 firewall rules added to table filter using iptables-persistent syntax (default: undef)
  • security.firewall.rules6: Optional list of IPv6 firewall rules added to table filter using iptables-persistent syntax (default: undef)

1.30. sems

The following is the SEMS section:

  bindport: 5080
    enable: 'yes'
    max_participants: 10
  debug: 'no'
  highport: 50000
  lowport: 40001
  media_processor_threads: 10
    enable: 'yes'
    calltimer_enable: 'yes'
    calltimer_max: 3600
    outbound_timeout: 6000
      codecs: PCMA,PCMU,telephone-event
      enable: 'yes'
      mode: whitelist
      enable: 'yes'
      max_timer: 7200
      min_timer: 90
      session_expires: 300
  session_processor_threads: 10
    block_override_code: 80
    cfb_code: 90
    cfna_code: 93
    cft_code: 92
    cfu_code: 72
    clir_code: 31
    directed_pickup_code: 99
    enable: 'yes'
    park_code: 97
    reminder_code: 55
    speedial_code: 50
    unpark_code: 98
    voicemail_number: 2000
  xmlrpcport: 8090
  • sems.conference.enable: Enable/Disable conference feature.
  • sems.conference.max_participants: Sets the number of concurrent participant.
  • sems.highport: Maximum ports used by sems for RTP traffic.
  • sems.debug: Enable/Disable debug mode.
  • sems.lowport: Minimum ports used by sems for RTP traffic.
  • sems.prepaid.enable: Enable/Disable prepaid feature.
  • sems.sbc.calltimer_max: Set the default maximum call duration (used if otherwise is not defined by preference).
  • sems.sbc.outbound_timeout: Set INVITE transaction timeout if the destination is not responding with provisional response message.
  • sems.sbc.session_timer.enable: Enable/Disable session timers (deprecated, use the web interface configuration).
  • sems.vsc.*: Define here the VSC codes.

1.31. sms

This section provides configuration of Short Message Service on the NGCP. Description of the SMS module is provided earlier in this handbook here Section 7.24, “SMS (Short Message Service) on Sipwise NGCP”.

In the below example you can see the default values of the configuration parameters.

    admin_port: '13000'
    smsbox_port: '13001'
  enable: no
  loglevel: '0'
    max_parts_per_message: '5'
    port: '13002'
    dest_addr_npi: '1'
    dest_addr_ton: '1'
    enquire_link_interval: '58'
    id: default_smsc
    max_pending_submits: '10'
    no_dlr: yes
    password: password
    port: '2775'
    source_addr_npi: '1'
    source_addr_ton: '1'
    system_type: ''
    throughput: '5'
    transceiver_mode: '1'
    username: username
  • sms.core.admin_port: Port number of admin interface of SMS core module (running on LB nodes).
  • sms.core.smsbox_port: Port number used for internal communication between bearerbox module on LB nodes and smsbox module on PRX nodes. This is a listening port of the bearerbox module (running on LB nodes).
  • sms.enable: Set to yes if you want to enable SMS module.
  • sms.loglevel: Log level of SMS module; the default 0 will result in writing only the most important information into the log file.
  • sms.sendsms.max_parts_per_message: If the SM needs to be sent as concatenated SM, this parameter sets the max. number of parts for a single (logical) message.
  • sms.sendsms.port: Port number of smsbox module (running on PRX nodes).
  • sms.smsc. : Parameters of the connection to an SMSC

    • dest_addr_npi: Telephony numbering plan indicator for the SM destination, as defined by standards (e.g. 1 stands for E.164)
    • dest_addr_ton: Type of number for the SM destination, as defined by standards (e.g. 1 stands for "international" format)
    • enquire_link_interval: Interval of SMSC link status check in seconds
    • host: IP address of the SMSC
    • id: An arbitrary string for identification of the SMSC; may be used in log files and for routing SMs.
    • max_pending_submits: The maximum number of outstanding (i.e. not acknowledged) SMPP operations between the NGCP and SMSC. As a guideline it is recommended that no more than 10 (default) SMPP messages are outstanding at any time.
    • no_dlr: Do not request delivery report; when sending an SM and this parameter is set to yes, NGCP will not request DR for the message(s). May be required for some particular SMSCs, in order to avoid "Incorrect status report request parameter usage" error messages from the SMSC.
    • password: This is the password used for authentication on the SMSC.
    • port: Port number of the SMSC where NGCP will connect to.
    • source_addr_npi: Telephony numbering plan indicator for the SM source, as defined by standards (e.g. 1 stands for E.164)
    • source_addr_ton: Type of number for the SM source, as defined by standards (e.g. 1 stands for "international" format)
    • system_type: Defines the SMSC client category in which NGCP belongs to; defaults to "VMA" (Voice Mail Alert) when no value is given. (No need to set any value)
    • throughput: The max. number of messages per second that NGCP will send towards the SMSC. (Value type: float)
    • transceiver_mode: If set to 1 (yes / true), NGCP will attempt to use a TRANSCEIVER mode connection to the SMSC. It uses the standard transmit port of the SMSC for receiving SMs too.
    • username: This is the username used for authentication on the SMSC.

1.32. snmpagent

The following is the SNMP Agent section:

  daemonize: '1'
  debug: '0'
  update_interval: '30'
  • daemonize: Enable/Disable ngcp-snmp-agent daemonization.
  • debug: Enable/Disable debug output.
  • update_interval: Sets the interval in seconds used to update the fetched data.

1.33. sshd

The following is the sshd section:

  • sshd: specify interface where SSHD should run on. By default sshd listens on all IPs found in network.yml with type ssh_ext. Unfortunately sshd can be limited to IPs only and not to interfaces. The current option makes it possible to specify allowed IPs (or all IPs with

1.34. sudo

The following is in the sudo section:

  logging: no
  max_log_sessions: 0
  • logging: enable/disable the I/O logging feature of sudo. See man page of sudoreplay(8).
  • max_log_sessions: when I/O logging is enabled, specifies how many log sessions per individual user sudo should keep before it starts overwriting old ones. The default 0 means no limit.

1.35. www_admin

The following is the WEB Admin interface (www_admin) section:

  ac_dial_prefix: 0
    autoprov_port: 1444
  billing_features: 1
  callingcard_features: 0
  callthru_features: 0
  cc_dial_prefix: 00
  conference_features: 1
  contactmail: adjust@example.org
    enabled: 1
    call_data: 0
    is_active: 1
    is_master: 0
    read_only: 0
    show_passwords: 1
    preference_features: 1
    rewrite_features: 1
    vsc_features: 0
  fastcgi_workers: 2
  fax_features: 1
      - source
      - destination
      - direction
      - zone
      - zone_detail
      - onpeak_init_rate
      - onpeak_init_interval
      - onpeak_follow_rate
      - onpeak_follow_interval
      - offpeak_init_rate
      - offpeak_init_interval
      - offpeak_follow_rate
      - offpeak_follow_interval
      - use_free_time
    autoprov_port: 1444
    port: 1443
    serveradmin: support@sipwise.com
    servername: "\"myserver\""
    ssl_enable: 'yes'
    sslcertfile: '/etc/ngcp-config/ssl/myserver.crt'
    sslcertkeyfile: '/etc/ngcp-config/ssl/myserver.key'
    autoprov_bootstrap_port: 1445
    autoprov_port: 1444
    port: 443
    serveradmin: support@sipwise.com
    servername: "\"myserver\""
    ssl_enable: 'yes'
    sslcertfile: '/etc/ngcp-config/ssl/myserver.crt'
    sslcertkeyfile: '/etc/ngcp-config/ssl/myserver.key'
        facility: daemon
        identity: oss
        level: info
        facility: local7
        level: info
    preference_features: 1
  peering_features: 1
    password_allow_recovery: 0
    password_max_length: 40
    password_min_length: 6
    password_musthave_digit: 0
    password_musthave_lowercase: 1
    password_musthave_specialchar: 0
    password_musthave_uppercase: 0
    password_sip_autogenerate: 0
    password_sip_expose_subadmin: 1
    password_web_autogenerate: 0
    password_web_expose_subadmin: 1
      - '*0'
      - '*1'
      - '*2'
      - '*3'
      - '*4'
      - '*5'
      - '*6'
      - '*7'
      - '*8'
      - '*9'
    auto_allow_cli: 0
    extension_features: 0
  voicemail_features: 1
  • www_admin.http_admin.*: Define the Administration interface and certificates.
  • www_admin.http_csc.*: Define the Customers interface and certificates.
  • www_admin.contactmail: Email to show in the GUI’s Error page.