Mercurial > hg > freeDiameter
diff doc/app_radgw.conf.sample @ 254:a857024cb48b
Ported the RADIUS/Diameter translation code from waaad project. Not tested yet. Gateway plugins to come later.
author | Sebastien Decugis <sdecugis@nict.go.jp> |
---|---|
date | Wed, 14 Apr 2010 18:30:22 +0900 |
parents | |
children | 411314907b43 |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/doc/app_radgw.conf.sample Wed Apr 14 18:30:22 2010 +0900 @@ -0,0 +1,89 @@ +# This file contains information for configuring the app_radgw extension. +# To find how to have freeDiameter load this extension, please refer to the freeDiameter documentation. +# +# The app_radgw extension allows a freeDiameter agent to serve as a +# RADIUS/Diameter gateway. Typically, a RADIUS client (e.g. a NAS) will connect to +# this agent, and the message will be converted to Diameter and sent to a Diameter server. +# +# Note that this extension does not provide a fully functionnal RADIUS/Diameter gateway. +# You need to load plugins to handle specific RADIUS messages and convert them to +# Diameter apps such as NASREQ, EAP, ... See the next section for information. + + +########### +# PLUGINS # +########### + +# Additional plugins must be loaded to support specific RADIUS messages and attributes. + +# Plugins are registered either for every message, or by port (auth or acct), or by port and code. +# The general format is: +# RGWX = plugin [: conf_file] [: port] [: code(s)] ; +# Where: +# plugin is the quoted file name (relative or absolute) of the plugin to load (.rgwx files). +# conf_file (optional) is the quoted name of the configuration file. +# port (optional), either auth or acct. +# If not specified, extension is called for messages incoming on both ports +# code(s): space-separated list of command codes for which this extension must be called. +# If not specified, the extension is called for all incoming messages. +# The values are interpreted as hexadecimal. +# +# The plugins are called in the order they appear in this file. +# Here are some explained examples: +# RGWX = "3579.rgwx"; Load this extension and call it for all messages. No configuration file. +# RGWX = "3579.rgwx" : "3579.conf"; Same as previous but with a configuration file specified. +# RGWX = "3579.rgwx" : auth; No configuration file, but called only for RADIUS messages received on authentication port. +# RGWX = "3579.rgwx" : 4 8 b; Called for messages with command code 4, 8, or 11 only. +# RGWX = "3579.rgwx" : "3579.conf" : auth : 4 8 b; All parameters combined. + +# Once the list of extensions for an incoming message has been called (or if the list is empty), +# an error is logged if some RADIUS attributes of the message have not been handled. + + +################## +# RADIUS Clients # +################## + +# Each RADIUS client must be declared in the form: cli = IP / shared-secret ; +# IP can be ipv4 or ipv6 +# port can be additionaly restricted with brackets: IP[port] (ex: 192.168.0.1[1812]) +# shared-secret can be a quoted string, or a list of hexadecimal values. +# examples: +# cli = 192.168.100.1 / "secret key" ; # the shared secret buffer is 0x736563726574206b6579 (length 10 bytes) +# cli = fe00::1 / 73 65 63 72 65 74 20 6b 65 79; # same shared secret as previously +# When a packet is received from an IP not declared here, it is discarded. + + +#################### +# Authentication # +# Authorization # +#################### + +# Enable the RADIUS/Diameter authentication/authorization gateway? +# auth_server_enable = 1; + +# The port on which the accounting server listens +# auth_server_port = 1812; + +# The IPv4 on which to bind the server, or "disable" if IPv4 must not be used. +# auth_server_ip4 = 0.0.0.0; + +# The IPv6 address to which the server is bound, or "disable" +# auth_server_ip6 = :: ; + + +################ +# Accounting # +################ + +# Enable the RADIUS/Diameter accounting gateway? +# acct_server_enable = 1; + +# The port on which the accounting server listens +# acct_server_port = 1813; + +# The IPv4 on which to bind the server, or "disable" if no IPv4 is wanted. +# acct_server_ip4 = 0.0.0.0; + +# The IPv6 address to which the server is bound, or "disable" +# acct_server_ip6 = :: ;