| Brian Waters | 13d9601 | 2017-12-08 16:53:31 -0600 | [diff] [blame] | 1 | # This file contains information for configuring the app_radgw extension. |
| 2 | # To find how to have freeDiameter load this extension, please refer to the freeDiameter documentation. |
| 3 | # |
| 4 | # The app_radgw extension allows a freeDiameter agent to serve as a |
| 5 | # RADIUS/Diameter gateway. Typically, a RADIUS client (e.g. a NAS) will connect to |
| 6 | # this agent, and the message will be converted to Diameter and sent to a Diameter server. |
| 7 | # |
| 8 | # Note that this extension does not provide a fully functionnal RADIUS/Diameter gateway. |
| 9 | # You need to load plugins to handle specific RADIUS messages and convert them to |
| 10 | # Diameter apps such as NASREQ, EAP, ... See the next section for information. |
| 11 | |
| 12 | |
| 13 | ########### |
| 14 | # PLUGINS # |
| 15 | ########### |
| 16 | |
| 17 | # Additional plugins must be loaded to support specific RADIUS messages and attributes. |
| 18 | |
| 19 | # Plugins are registered either for every message, or by port (auth or acct), or by port and code. |
| 20 | # The general format is: |
| 21 | # RGWX = plugin [: conf_file] [: port] [: code(s)] ; |
| 22 | # Where: |
| 23 | # plugin is the quoted file name (relative or absolute) of the plugin to load (.rgwx files). |
| 24 | # conf_file (optional) is the quoted name of the configuration file. |
| 25 | # port (optional), either auth or acct. |
| 26 | # If not specified, extension is called for messages incoming on both ports |
| 27 | # code(s): space-separated list of command codes for which this extension must be called. |
| 28 | # If not specified, the extension is called for all incoming messages. |
| 29 | # The values are interpreted as hexadecimal. |
| 30 | # |
| 31 | # The plugins are called in the order they appear in this file. |
| 32 | # Here are some explained examples: |
| 33 | # RGWX = "3579.rgwx"; Load this extension and call it for all messages. No configuration file. |
| 34 | # RGWX = "3579.rgwx" : "3579.conf"; Same as previous but with a configuration file specified. |
| 35 | # RGWX = "3579.rgwx" : auth; No configuration file, but called only for RADIUS messages received on authentication port. |
| 36 | # RGWX = "3579.rgwx" : 4 8 b; Called for messages with command code 4, 8, or 11 only. |
| 37 | # RGWX = "3579.rgwx" : "3579.conf" : auth : 4 8 b; All parameters combined. |
| 38 | |
| 39 | # Once the list of extensions for an incoming message has been called (or if the list is empty), |
| 40 | # an error is logged if some RADIUS attributes of the message have not been handled. |
| 41 | |
| 42 | RGWX = "extensions/echodrop.rgwx" : "echodrop.rgwx.conf"; # See echodrop.rgwx.conf.sample file |
| 43 | RGWX = "extensions/auth.rgwx" : auth; |
| 44 | RGWX = "extensions/acct.rgwx" : acct; |
| 45 | # RGWX = "extensions/debug.rgwx"; # Uncomment to see the result of the translation plugins. |
| 46 | |
| 47 | # For some extensions (auth, acct), a false configuration file name |
| 48 | # can be passed to specify flags, such as "nonai" to ignore NAI-based routing. |
| 49 | |
| 50 | ################## |
| 51 | # RADIUS Clients # |
| 52 | ################## |
| 53 | |
| 54 | # Each RADIUS client must be declared in the form: |
| 55 | # nas = IP / shared-secret ; |
| 56 | # IP can be ipv4 or ipv6 |
| 57 | # port can be additionaly restricted with brackets: IP[port] (ex: 192.168.0.1[1812]) |
| 58 | # shared-secret can be a quoted string, or a list of hexadecimal values. |
| 59 | # examples: |
| 60 | # nas = 192.168.100.1 / "secret key" ; # the shared secret buffer is 0x736563726574206b6579 (length 10 bytes) |
| 61 | # nas = fe00::1 / 73 65 63 72 65 74 20 6b 65 79; # same shared secret as previously |
| 62 | # When a packet is received from an IP not declared here, it is discarded. |
| 63 | |
| 64 | # If the RADIUS client is a Proxy that forwards messages from different peers, it must be |
| 65 | # declared instead as follow: |
| 66 | # pxy = IP / shared-secret ; |
| 67 | # Note that it is not recommended to use this gateway implementation with a proxy currently, |
| 68 | # since the management of duplicate messages might be insufficient. |
| 69 | |
| 70 | # The old notation cli = ... is equivalent to nas = ... and kept for backward compatibility. |
| 71 | |
| 72 | |
| 73 | #################### |
| 74 | # Authentication # |
| 75 | # Authorization # |
| 76 | #################### |
| 77 | |
| 78 | # Enable the RADIUS/Diameter authentication/authorization gateway? |
| 79 | # auth_server_enable = 1; |
| 80 | |
| 81 | # The port on which the accounting server listens |
| 82 | # auth_server_port = 1812; |
| 83 | |
| 84 | # The IPv4 on which to bind the server, or "disable" if IPv4 must not be used. |
| 85 | # auth_server_ip4 = 0.0.0.0; |
| 86 | |
| 87 | # The IPv6 address to which the server is bound, or "disable" |
| 88 | # auth_server_ip6 = :: ; |
| 89 | |
| 90 | |
| 91 | ################ |
| 92 | # Accounting # |
| 93 | ################ |
| 94 | |
| 95 | # Enable the RADIUS/Diameter accounting gateway? |
| 96 | # acct_server_enable = 1; |
| 97 | |
| 98 | # The port on which the accounting server listens |
| 99 | # acct_server_port = 1813; |
| 100 | |
| 101 | # The IPv4 on which to bind the server, or "disable" if no IPv4 is wanted. |
| 102 | # acct_server_ip4 = 0.0.0.0; |
| 103 | |
| 104 | # The IPv6 address to which the server is bound, or "disable" |
| 105 | # acct_server_ip6 = :: ; |