Last modified by Buildbot on 2024/05/25 01:23

 Documentation based on repostory git version commit 2.4.0-alpha-189-g543b1e64 


Some global settings of the flexisip proxy.

Configuration options:

NameDescriptionDefault ValueDefault UnitType

Servers started by default when no --server option is specified on command line. Possible values are 'proxy', 'presence', 'conference', 'regevent' separated by whitespaces.

 proxy StringList

Automatically respawn flexisip in case of abnormal termination (crashes). This has an effect if Flexisip has been launched with '--daemon' option only

 true Boolean

Path to the directory where plugins can be found.

 /opt/belledonne-communications/lib/flexisip/plugins String

Plugins to load. Look at <prefix>/lib/flexisip/plugins to know the list of installed plugin. The name of a plugin can be derivated from the according library name by striping out the extension part and the leading 'lib' prefix.
E.g. putting 'jweauth' in this setting will make library to be load on runtime.


Generate a core file on crash.
On GNU/Linux, the action to do on core dump is defined by the kernel file '/proc/sys/kernel/core_pattern'. On recent distributions like RHEL 8, the generated cores is given by default to the core manager of SystemD and the core can be easily listed by using coredumpctl(1) command.
On older distributions, the cores are often written in '/' directory. If your root directory has little available space, it is recommended to relocate your core dumps in another place by modifying the 'core_pattern' file on system boot. This may be done by adding this line in '/etc/rc.local':
    echo '/home/cores/core.%e.%t.%p' > /proc/sys/kernel/core_pattern

See core(5) manual for more information about core handling on GNU/Linux.

 false Boolean

Enable SNMP.

 false Boolean

Directory where to create log files. Create logs are named as 'flexisip-<server_type>.log'. If If several server types have been specified by '--server' option or 'global/default-servers' parameter, then <server_type> is expanded by a concatenation of all the server types joined with '+' character.
WARNING: Flexisip has no embedded log rotation system but provides a configuration file for logrotate. Please ensure that logrotate is installed and running on your system if you want to have Flexisip's logs rotated. Log rotation can be customized by editing /etc/logrotate.d/flexisip-logrotate.

 /var/opt/belledonne-communications/log/flexisip String

Name of the log file. Any occurrences of '{server}' will be replaced by the server type which has been given by '--server' option or 'default-servers' parameter. If several server types have been given, then '{server}' will be replaced by the concatenation of these separated by '+' character (e.g. 'proxy+presence')

 flexisip-{server}.log String

Log file verbosity. Possible values are debug, message, warning and error

 error String

Syslog verbosity. Possible values are debug, message, warning and error

 error String

Log (on a different log domain) user errors like authentication, registration, routing, etc...

 false Boolean

A boolean expression applied to current SIP message being processed. When matched, logs are output provided that there level is greater than the value defined in contextual-log-level. The definition of the SIP boolean expression is the same as for entry filters of modules, which is documented here:


Verbosity of contextual logs to output when the condition defined in 'contextual-log-filter' is met.

 debug String

Filter expression applied to all messages, if true message body is shown, if false not. Can not be empty, use 'true' or 'false' constants instead. The definition of the SIP boolean expression is documented here:
Example : content-type == 'application/sdp' && request.method == 'MESSAGE'

 content-type == 'application/sdp' String

List of white space separated SIP URIs where the proxy must listen.
Wildcard star can be used to mean 'all local ip addresses'. If 'transport' parameter is unspecified, it will listen to both udp and tcp. A local address to bind onto can be indicated in the 'maddr' parameter, while the domain part of the uris are used as public domain or ip address.
The 'sips' transport definitions accept two optional parameters:
 - 'tls-certificates-dir' taking for value a path, with the same meaning as the 'tls-certificates-dir' property of this section and overriding it for this given transport.
 - 'tls-certificates-file' taking for value a file path, with the same meaning as the 'tls-certificates-file' property of this section and overriding it for this given transport.
 - 'tls-certificates-private-key' taking for value a file path, with the same meaning as the 'tls-certificates-private-key' property of this section and overriding it for this given transport.
 - 'tls-certificates-ca-file' taking for value a file path, with the same meaning as the 'tls-certificates-ca-file' property of this section and overriding it for this given transport.
 - 'tls-verify-incoming' taking for value '0' or '1', to indicate whether clients connecting are required to present a valid client certificate. Default value is 0.
 - 'tls-allow-missing-client-certificate' taking for value '0' or '1', to allow connections from clients which have no certificate even if `tls-verify-incoming` has been enabled. That's useful if you wish to have Flexisip to ask for a client certificate, but without failing if the client cannot provide one.
 - 'tls-verify-outgoing' taking for value '0' or '1', whether flexisip should check the peer certificate when it make an outgoing TLS connection to another server. Default value is 1.
 - 'require-peer-certificate' (deprecated) same as tls-verify-incoming

It is HIGHLY RECOMMENDED to specify a canonical name for 'sips' transport, so that the proxy can advertise this information in Record-Route headers, which allows TLS cname check to be performed by clients.
Specifying a sip uri with transport=tls is not allowed: the 'sips' scheme must be used instead. As requested by SIP RFC, IPv6 address must be enclosed within brakets.
Here are some examples to understand:
 - listen on all local interfaces for udp and tcp, on standard port:
 - listen on all local interfaces for udp,tcp and tls, on standard ports:
 transports=sip:* sips:*
 - listen only a specific IPv6 interface, on standard ports, with udp, tcp and tls
 transports=sip:[2a01:e34:edc3:4d0:7dac:4a4f:22b6:2083] sips:[2a01:e34:edc3:4d0:7dac:4a4f:22b6:2083]
 - listen on tls localhost with 2 different ports and SSL certificates:
 transports=sips:localhost:5061;tls-certificates-dir=path_a sips:localhost:5062;tls-certificates-dir=path_b
 - listen on tls localhost with 2 peer certificate requirements:
 transports=sips:localhost:5061;tls-verify-incoming=0 sips:localhost:5062;tls-verify-incoming=1
 - listen on with tls, but public hostname is '' used in SIP messages. Bind address won't appear in messages:;maddr=

 sip:* StringList

List of white space separated host names pointing to this machine. This is to prevent loops while routing SIP messages.

 localhost StringList

Time interval after which inactive connections are closed.

 3600 secondDurationS

Time interval for sending "\r\n\r\n" keepalives packets on inbound and outbound connections. A value of zero stands for no keepalive. The main purpose of sending keepalives is to keep connection alive across NATs, but it also helps in detecting silently broken connections which can reduce the number socket descriptors used by flexisip.

 1800 secondDurationS

Time interval for sending "\r\n\r\n" keepalives packets specifically for proxy to proxy connections. Indeed, while it is undesirable to send frequent keepalives to mobile clients because it drains their battery, sending frequent keepalives has proven to be helpful to keep connections up between proxy nodes in a very popular US virtualized datacenter. A value of zero stands for no keepalive.

 0 secondDurationS

SIP transaction timeout. It is T1*64 by default.

 32000 millisecondDurationMS

The UDP MTU. Flexisip will fallback to TCP when sending a message whose size exceeds the UDP MTU. Please read for more details. If sending large packets over UDP is not a problem, then set a big value such as 65535. Unlike the recommendation of the RFC, the default value of UDP MTU is 1460 in Flexisip (instead of 1300).

 1460 Integer

You can specify the bind address for all RTP streams (MediaRelay and Transcoder). This parameter is only useful for some specific networks, keeping the default value is recommended. ::0 StringList

Path to the file containing the server certificate chain. The file must be in PEM format, see OpenSSLSSL_CTX_use_certificate_chain_file documentation. If used tls-certificates-private-key MUST be set.


Path to the file containing the private key. See OpenSSL SSL_CTX_use_PrivateKey_file documentation. If used tls-certificates-file MUST be set.


Path to the file contain CA certificates. See OpenSSL SSL_CTX_load_verify_locations and SSL_CTX_set_client_CA_list documentation. Can be empty.


Ciphers string to pass to OpenSSL in order to limit the cipher suites to use while establishing TLS sessions. Please take a look to ciphers(1) UNIX manual to get the list of keywords supported by your current version of OpenSSL. You might visit too. The default value set by Flexisip should provide a high level of security while keeping an acceptable level of interoperability with currently deployed clients on the market.

 HIGH:!SSLv2:!SSLv3:!TLSv1:!EXP:!ADH:!RC4:!3DES:!aNULL:!eNULL String

Ask for client certificate on TLS session establishing.

 false Boolean

Unique ID used to identify that instance of Flexisip. It must be a randomly generated 16-sized hexadecimal number. If empty, it will be randomly generated on each start of Flexisip.


Number of SIP message that sofia can queue in a tport (a connection). It is 64 by default, hardcoded in sofia-sip (sofia-sip also used to hardcode a max value, 1000). This is not sufficient for IM.

 1000 Integer

Flexisip version.

 2.4.0-alpha-189-g543b1e64 String

Retrieve current runtime error state.