Flexisip is a complete, modular and scalable SIP server suite written in C++11, comprising proxy, presence and group chat functions.
Flexisip offers an easy-to-install SIP server solution, offering all the features required to deploy your own SIP service tuned for mobile or desktop applications, “out of the box”.
Flexisip can be integrated into your SIP infrastructure for various purposes :
FLEXISIP IN THE CLOUD
Flexisip instances can be deployed on server machines to run a SIP VoIP service.
The free linphone.org SIP service has run on Flexisip since 2011, and enables Linphone users to create SIP addresses in order to connect with each other.
FLEXISIP EMBEDDED
Thanks to its modular architecture and its limited number of required dependencies, Flexisip can run perfectly on small hardware systems (embedded systems).
FLEXISIP PUSH GATEWAY
The Push Gateway is a specific operation mode of Flexisip, and was developed by Belledonne Communications to deliver SIP incoming calls or text messages on mobile device platforms where push notifications are required to receive information when the app is not active in the foreground.
Supporting push notifications was already highly recommended and has now become mandatory in some OS (iOS ≥ 10, Android ≥ 8). The push system is promoted as an efficient, highly reliable, bug-free system for receiving information while the phone is switched off.
Flexisip Push Gateway can be integrated into existing SIP infrastructures that do not support push notifications, and in most cases without requiring any configuration changes.
Flexisip installation on Debian 9
This guide will show you how to install and configure Flexisip on Debian 9.
Only Debian 8 and Debian 9 are supported.
1. Create the Belledonne Communications APT repo in /etc/apt/sources.list.d/belledonne.list. You may uncomment ‘beta’ and/or ‘alpha’ branches if you need access to pre-release and/or development packages.
- For Debian 9:
|
1 |
deb [arch=amd64] http://linphone.org/snapshots/debian stretch stable # beta alpha |
- For Debian 8:
|
1 |
deb [arch=amd64] http://linphone.org/snapshots/debian jessie stable # beta alpha |
2. Install Belledonne Communications’ PGP key for package sign checking
|
1 |
wget https://linphone.org/snapshots/debian/keyring.gpg -O - | sudo apt-key add - |
3. Update APT cache and install Flexisip and additional components if you need MariaDB and Redis
|
1 2 |
apt update apt install bc-flexisip redis-server mariadb-server mariadb-client |
4. Set paths for binary and library
Binary Path: /opt/belledonne-communications/bin
Library Path: /opt/belledonne-communications/lib
Export binary path
Add the following line at the tail in .bashrc under home folder.
|
1 |
export PATH=$PATH:/opt/belledonne-communications/bin |
Export library path
|
1 2 3 |
$ sudo nano /etc/ld.so.conf.d/flexisip.conf /opt/belledonne-communications/lib |
Activate library path
|
1 |
$ sudo ldconfig |
Temporary
|
1 2 |
$ export PATH=$PATH:/opt/belledonne-communications/bin $ export LD_LIBRARY_PATH=/opt/belledonne-communications/lib |
5. Install SOCI MySQL backend and fix errors:
liblinphone-warning-Unable to build db session with uri: Failed to find shared library for backend mysql
liblinphone-error-Unable to open linphone database with uri
6. Configure Redis
Modify /etc/redis/redis.conf, set the items “bind“, “systemd” and “password”
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 |
sudo nano /etc/redis/redis.conf ################################## NETWORK ##################################### # By default, if no "bind" configuration directive is specified, Redis listens # for connections from all the network interfaces available on the server. # It is possible to listen to just one or multiple selected interfaces using # the "bind" configuration directive, followed by one or more IP addresses. bind 127.0.0.1 ::1 ################################# GENERAL ##################################### # By default Redis does not run as a daemon. Use 'yes' if you need it. # Note that Redis will write a pid file in /var/run/redis.pid when daemonized. daemonize yes # If you run Redis from upstart or systemd, Redis can interact with your # supervision tree. Options: # supervised no - no supervision interaction # supervised upstart - signal upstart by putting Redis into SIGSTOP mode # supervised systemd - signal systemd by writing READY=1 to $NOTIFY_SOCKET # supervised auto - detect upstart or systemd method based on # UPSTART_JOB or NOTIFY_SOCKET environment variables # Note: these supervision methods only signal "process is ready." # They do not enable continuous liveness pings back to your supervisor. supervised systemd ################################## SECURITY ################################### # Require clients to issue AUTH before processing any other # commands. This might be useful in environments in which you do not trust # others with access to the host running redis-server. # # This should stay commented out for backward compatibility and because most # people do not need auth (e.g. they run their own servers). # # Warning: since Redis is pretty fast an outside user can try up to # 150k passwords per second against a good box. This means that you should # use a very strong password otherwise it will be very easy to break. # requirepass xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx |
7. Install and configure SNMP (optional)
Install SNMP daemon to monitor and manage the SIP server status(CPU, Memory, Disk, Network usage and so on).
SNMP: “Simple Network Management Protocol.” Install the following pakages.
https://wiki.linphone.org/xwiki/wiki/public/view/Flexisip/Configuration/SNMP/
Modify /etc/snmp/snmpd.conf
|
1 |
$ sudo apt install snmp snmpd snmp-mibs-downloader |
To enable SNMP Manager import the MIB file, Commented out “mibs :” in /etc/snmp/snmp.conf.
|
1 2 3 4 |
# As the snmp packages come without MIB files due to license reasons, loading # of MIBs is disabled by default. If you added the MIBs you can reenable # loading them by commenting out the following line. #mibs : comment out |
Modify /etc/snmp/snmpd.conf
|
1 2 3 4 5 6 7 8 9 10 |
sudo pico /etc/snmp/snmpd.conf agentAddress udp:127.0.0.1:161 master agentx rocommunity public localhost rwcommunity private localhost rouser authOnlyUser rwuser authPrivUser priv |
8. Configure MariaDB
Password setting
|
1 |
$ sudo mysql_secure_installation |
Login by root
|
1 |
$ mysql -u root -p |
Make user “flexisip” and database “flexisip”, exit root login and re-login by user “flexisip”, and make a table “accounts”.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 |
MariaDB [(none)]> create user 'flexisip'@'localhost' identified by 'password'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> grant all privileges on flexisip.* to 'flexisip'@'localhost'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> create database flexisip; MariaDB [(none)]> system mysql -u flexisip -p MariaDB [(none)]> use flexisip; MariaDB [flexisip]> create table if not exists accounts ( registerID INT UNSIGNED NOT NULL AUTO_INCREMENT, login VARCHAR(20) NOT NULL DEFAULT 'loginid', domain VARCHAR(20) NOT NULL DEFAULT 'sip.server.com', authid VARCHAR(20) NOT NULL DEFAULT 'authid', password VARCHAR(40) NOT NULL DEFAULT 'dd02c7c2232759874e1c205587017bed', algorithm VARCHAR(10) NOT NULL DEFAULT 'MD5', phone VARCHAR(20) NOT NULL DEFAULT '818012345678', PRIMARY KEY (registerID) ); Query OK, 0 rows affected (0.51 sec) MariaDB [flexisip]> SHOW TABLES; +--------------------+ | Tables_in_flexisip | +--------------------+ | accounts | +--------------------+ 1 row in set (0.00 sec) MariaDB [flexisip]> DESCRIBE accounts; +------------+------------------+------+-----+----------------------------------+----------------+ | Field | Type | Null | Key | Default | Extra | +------------+------------------+------+-----+----------------------------------+----------------+ | registerID | int(10) unsigned | NO | PRI | NULL | auto_increment | | login | varchar(20) | NO | | loginid | | | domain | varchar(20) | NO | | sip.server.com | | | authid | varchar(20) | NO | | authid | | | password | varchar(40) | NO | | dd02c7c2232759874e1c205587017bed | | | algorithm | varchar(10) | NO | | MD5 | | | phone | varchar(20) | NO | | 818012345678 | | +------------+------------------+------+-----+----------------------------------+----------------+ 7 rows in set (0.00 sec) MariaDB [flexisip]> SHOW CREATE TABLE accounts \G *************************** 1. row *************************** Table: accounts Create Table: CREATE TABLE `accounts` ( `registerID` int(10) unsigned NOT NULL AUTO_INCREMENT, `login` varchar(20) NOT NULL DEFAULT 'loginid', `domain` varchar(20) NOT NULL DEFAULT 'sip.server.com', `authid` varchar(20) NOT NULL DEFAULT 'authid', `password` varchar(40) NOT NULL DEFAULT 'dd02c7c2232759874e1c205587017bed', `algorithm` varchar(10) NOT NULL DEFAULT 'MD5', `phone` varchar(20) NOT NULL DEFAULT '818012345678', PRIMARY KEY (`registerID`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 1 row in set (0.01 sec) MariaDB [flexisip]> INSERT INTO accounts VALUES (1001, 'friend1','sip.server.com', 'friend1', '', '', ''); Query OK, 1 row affected (0.06 sec) MariaDB [flexisip]> select * from accounts; +------------+---------+----------------------+---------+----------+------------+-------+ | registerID | login | domain | authid | password | algorithm | phone | +------------+---------+----------------------+---------+----------+------------+-------+ | 1001 | friend1 | sip.server.com | friend1 | | | | +------------+---------+----------------------+---------+----------+------------+-------+ 1 row in set (0.00 sec) |
9. Configure the Flexisip and run
Output the Flexisip default configuration file “flexisip.conf” to /etc/flexisip/ directory.
|
1 |
$ sudo /opt/belledonne-communications/bin/flexisip --dump-default all > /etc/flexisip/flexisip.conf |
Modify /etc/flexisip/flexisip.conf. There are many options for functions, so the following settings might not be optimized.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 |
[global] log-directory=/var/opt/belledonne-communications/log/flexisip log-level=error syslog-level=error user-errors-logs=false contextual-log-filter= contextual-log-level=debug dump-corefiles=true auto-respawn=true aliases=sip.testsite.com localhost default-servers=proxy presence transports=sip:sip.testsite.com:5070;maddr=192.168.x.xxx idle-timeout=3600 keepalive-interval=1800 proxy-to-proxy-keepalive-interval=0 require-peer-certificate=false transaction-timeout=32000 udp-mtu=1460 enable-snmp=true unique-id= plugins-dir=/opt/belledonne-communications/lib/flexisip/plugins plugins= [stun-server] enabled=true bind-address=0.0.0.0 port=3478 [presence-server] enabled=true transports=sip:127.0.0.1:5065;transport=tcp expires=600 notify-limit=200 leak-detector=false long-term-enabled=true bypass-condition=false external-list-subscription-request= soci-connection-string=db=flexisip user=flexisip password='password' host=localhost max-thread=50 max-thread-queue-size=50 [conference-server] enabled=true transport=sip:127.0.0.1:6064;transport=tcp conference-factory-uri= enable-one-to-one-chat-room=true outbound-proxy=sip:127.0.0.1:5070;transport=tcp database-backend=mysql database-connection-string=db=flexisip user=flexisip password='password' host=localhost check-capabilities=true [module::DoSProtection] enabled=true filter= time-period=15000 packet-rate-limit=20 ban-time=1 iptables-chain=FLEXISIP [module::SanityChecker] enabled=true filter= [module::NatHelper] enabled=true filter= !(user-agent contains 'No NatHelper') contact-verified-param=verified fix-record-routes=false fix-record-routes-policy=safe [module::Authentication] enabled=true filter= auth-domains=sip.testsite.com localhost disable-qop-auth=false no-403=false nonce-expires=3600 realm-regex= trusted-hosts=127.0.0.1 db-implementation=soci cache-expire=1800 reject-wrong-client-certificates=false new-auth-on-407=false enable-test-accounts-creation=false trust-domain-certificates=false soci-password-request=select password from accounts where login = :id and domain = :domain soci-user-with-phone-request=select login from accounts where phone = :phone soci-users-with-phones-request=select login, domain, phone from accounts where phone in (:phones) soci-poolsize=100 soci-backend=mysql soci-connection-string=db=flexisip user=flexisip password='password' host=localhost soci-max-queue-size=1000 [module::Presence] enabled=true filter=is_request && (request.method-name == 'PUBLISH' || request.method-name == 'NOTIFY' || request.method-name == 'SUBSCRIBE') presence-server=sip:127.0.0.1:5065;transport=tcp only-list-subscription=false check-domain-in-presence-results=false [module::Registrar] enabled=true filter= reg-domains=sip.testsite.com reg-on-response=false max-contacts-by-aor=12 unique-id-parameters=+sip.instance pn-tok line max-expires=86400 min-expires=60 force-expires= -1 static-records-file= static-records-timeout=600 db-implementation=redis redis-server-domain=localhost redis-server-port=6379 redis-auth-password=xxxxxxxxxxxxxxxxxxxxxxxxxx redis-server-timeout=1500 redis-record-serializer=protobuf redis-slave-check-period=60 service-route= name-message-expires=message-expires register-expire-randomizer-max=0 [module::StatisticsCollector] enabled=true filter=is_request && request.method-name == 'PUBLISH' collector-address=sip:sip.testsite.com:5070 [module::Router] enabled=true filter= use-global-domain=false fork=true stateful=true fork-late=false fork-no-global-decline=false treat-decline-as-urgent=false treat-all-as-urgent=false call-fork-timeout=20 call-fork-urgent-timeout=5 call-fork-current-branches-timeout=10 call-push-response-timeout=0 message-fork-late=true message-delivery-timeout=60 message-accept-timeout=15 fallback-route= allow-target-factorization=false permit-self-generated-provisional-response=true generated-contact-route= generated-contact-expected-realm= generate-contact-even-on-filled-aor=false preroute= resolve-routes=true parent-domain-fallback=false [module::MediaRelay] enabled=true filter= nortpproxy=nortpproxy sdp-port-range-min=10000 sdp-port-range-max=10500 bye-orphan-dialogs=false max-calls=0 force-relay-for-non-ice-targets=true prevent-loops=true early-media-relay-single=true max-early-media-per-call=0 inactivity-period=3600 force-public-ip-for-sdp-masquerading=false drop-telephone-event=false [module::Forward] enabled=true filter= route= add-path=true rewrite-req-uri=false default-transport=udp params-to-remove=pn-tok pn-type app-id pn-msg-str pn-call-str pn-call-snd pn-msg-snd pn-timeout pn-silent |
10. Start the services
|
1 |
systemctl start flexisip-proxy flexisip-presence flexisip-conference |
11. Check Flexisip Server status
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
$ sudo service flexisip-proxy status ● flexisip-proxy.service - Flexisip proxy server Loaded: loaded (/lib/systemd/system/flexisip-proxy.service; disabled; vendor preset: enabled) Active: active (running) since Mon 2020-02-02 9:17:44 EET; 1h ago Docs: http://www.linphone.org/technical-corner/flexisip/overview Process: 26504 ExecStart=/opt/belledonne-communications/bin/flexisip --server proxy --daemon --syslog --pidfile /var/run/flexisip-proxy.pid (code=exited, status=0/SUCCESS) Main PID: 26527 (flexisipwd-prox) Tasks: 110 (limit: 4915) CGroup: /system.slice/flexisip-proxy.service ├─26527 /opt/belledonne-communications/bin/flexisip --server proxy --daemon --syslog --pidfile /var/run/flexisip-proxy.pid └─26528 /opt/belledonne-communications/bin/flexisip --server proxy --daemon --syslog --pidfile /var/run/flexisip-proxy.pid 11:06:42 flexiserver systemd[1]: Starting Flexisip proxy server... 11:06:42 flexiserver flexisip[26504]: Writing logs in : /var/opt/belledonne-communications/log/flexisip/flexisip-proxy.log 11:06:42 flexiserver flexisip[26504]: [LAUNCHER] Watchdog PID: 26527 11:06:43 flexiserver flexisip[26504]: NET-SNMP version 5.7.3 AgentX subagent connected 11:06:43 flexiserver systemd[1]: Started Flexisip proxy server. |
Now try to access to Flexisip SIP Server with the external devices from remote. Use the Linphone or ZoiPer as the SIP-VoIP Application.
Order SIP Port 5070/tcp(Depend on flexisip.conf)
DTMF:SIP
STUN server domain and port should be same as Flexisip domain and port.
Order Outbound Proxy(Call via SIP Proxy)
Configure MD5 or SHA-256 encryption in Flexisip
Not common to insert the password directly into the database, it should be encrypted.
Flexisip corresponds MD5 and SHA-256 encryption, but SHA-256 will be better.
Flexisip reads and write the password by the following format.
“youserID:domain:password”
MD5:
MD5(‘accountID:domain:password’)
SHA-256:
SHA2(‘accountID:domain:password’,256)
Examples:
MD5
|
1 2 |
mysql> update table_name set password = MD5('user1:test.site.com:secretpass') where id=1; |
SHA-256
|
1 2 |
mysql> update table_name set password = SHA2('user1:test.site.com:secretpass', 256) where id=1; |
Reference : Flexisip soci code
https://github.com/BelledonneCommunications/flexisip/blob/master/src/authdb-soci.cc
Flexisip TLS Confuguration(Works under Docker Container)
https://wiki.linphone.org/xwiki/wiki/public/view/Flexisip/Configuration/
cafile.pem created from fullchain.pem which is chained the medium certificate:chain.pem and the server certificate(issued from the certificate agency)cert.pem.
agent.pem created from the server certificate:cert.pem and the private key:key.pem.
|
1 2 |
$ docker exec -ti ubuntu(debian)-flexisip bash |
|
1 2 3 4 5 6 7 |
# cd /etc/flexisip/tls/www.example.com # ls account_key.json cert.pem chain.pem fullchain.pem key.pem # cp fullchain.pem cafile.pem # awk 1 key.pem cert.pem > agent.pem |
Edit the following items in /etc/flexisip/flexisip.conf
|
1 2 3 |
transports=sip:www.example.com:5070;maddr=172.18.0.5 sips:www.example.com:5071;maddr=172.18.0.5 tls-certificates-dir=/etc/flexisip/tls/www.example.com/ |
