OpenSIPS is the public SIP edge for pbx2. It accepts SIP over UDP, TCP, and TLS, proxies most signaling to FreeSWITCH, controls rtpproxy, and owns the scenario's INVITE-based enumeration and digest-leak-specific routing behavior.
- public SIP on
5060/UDPand5060/TCP - SIP/TLS on
5061/TCPwhen certificate material exists underdata/certs rtpproxycontrol via UDP on127.0.0.1:7722- forwarding of normal registrations and calls to FreeSWITCH on
127.0.0.1:5090/UDP - a dedicated loopback-only registration path for extension
2000 - shared memory set by
OPENSIPS_SHM_MB, defaulting to128MB - no WS or WSS browser signaling path in this scenario
| File | Purpose |
|---|---|
build/opensips/config/opensips.cfg |
main routing logic and intentional vulnerabilities |
build/opensips/config/tls.cfg |
TLS settings for SIP/TLS |
build/opensips/run.sh |
runtime listen-address generation for IPv4 and optional IPv6 |
compose/pbx2.yml |
service wiring, health check, and environment |
- unauthenticated
INVITErequests return different SIP responses for valid, valid-but-unregistered, and invalid targets, which enables thepbx2enumeration path - extension
2000is special-cased for the digest-leak exercise and routed through usrloc-backed helper registration instead of the normal FreeSWITCH path - extension
2000only acceptsREGISTERfrom loopback, so the local helper can keep it online while public clients cannot register it directly - there is no active SIP request throttling in the OpenSIPS routing logic, which supports SIP flood exercises
verify_certandrequire_certare disabled for the default TLS domain in the current lab setup
1200is the routable echo target used by theinvite-enumcheck1000is a known user path that is intentionally left unregistered by default9999falls through the invalid-extension path- the regression suite treats those three outcomes as
routable,known-unregistered, andinvalid
build/opensips/run.sh builds listeners from PUBLIC_IPV4, optional PUBLIC_IPV6, and loopback. This means the proxy stays reachable on 127.0.0.1:5060 for local service traffic even when the public bind address is a specific host IP.
OPENSIPS_SHM_MB defaults to 128 MB. This keeps flood exercises from immediately exhausting transaction shared memory while preserving the intentionally vulnerable lack of SIP request throttling.
./scripts/compose.sh --scenario pbx2 run --rm testing dvrtc-checks invite-enum --host 127.0.0.1 --extensions 1200,1000,9999 --expect 1200=routable --expect 1000=known-unregistered --expect 9999=invalid
./scripts/compose.sh --scenario pbx2 run --rm testing dvrtc-checks digestleak-auth --host 127.0.0.1
./scripts/compose.sh --scenario pbx2 run --rm testing dvrtc-checks sip-transport --scenario pbx2 --host 127.0.0.1
./scripts/compose.sh --scenario pbx2 logs opensips