Mercurial > hg > freeDiameter
view doc/app_radgw.conf.sample @ 1515:8430dabbc637
Add 3GPP TS 29.109 V15.0.0 (2017-06)
Add AVPs:
- GBA-UserSecSettings, OctetString, code 400, section 6.3.1.1
- Transaction-Identifier, OctetString, code 401, section 6.3.1.2
- NAF-Id, OctetString, code 402, section 6.3.1.3
- GAA-Service-Identifier, OctetString, code 403, section 6.3.1.4
- Key-ExpiryTime, Time, code 404, section 6.3.1.5
- ME-Key-Material, OctetString, code 405, section 6.3.1.6
- UICC-Key-Material, OctetString, code 406, section 6.3.1.7
- GBA-U-Awareness-Indicator, Enumerated, code 407, section 6.3.1.8
- BootstrapInfoCreationTime, Time, code 408, section 6.3.1.9
- GUSS-Timestamp, Time, code 409, section 6.3.1.10
- GBA-Type, Enumerated, code 410, section 6.3.1.11
- UE-Id, OctetString, code 411, section 6.3.1.12
- UE-Id-Type, Enumerated, code 412, section 6.3.1.13
- UICC-App-Label, OctetString, code 413, section 6.3.1.14
- UICC-ME, Enumerated, code 414, section 6.3.1.15
- Requested-Key-Lifetime, Time, code 415, section 6.3.1.16
- Private-Identity-Request, Enumerated, code 416, section 6.3.1.17
- GBA-Push-Info, OctetString, code 417, section 6.3.1.18
- NAF-SA-Identifier, OctetString, code 418, section 6.3.1.19
- Security-Feature-Request, OctetString, code 419, section 6.3.1.20
- Security-Feature-Response, OctetString, code 420, section 6.3.1.21
Note: 3GPP TS 29.109 table 6.1 row GBA_U-Awareness-Indicator (407)
has an underscore in the name (contrary to RFC 6733 section 4.1).
Fix: GBA_U-Awareness-Indicator (407) renamed to GBA-U-Awareness-Indicator (407).
author | Luke Mewburn <luke@mewburn.net> |
---|---|
date | Thu, 09 Apr 2020 00:34:15 +1000 |
parents | 6fe3e5cf9fb2 |
children |
line wrap: on
line source
# This file contains information for configuring the app_radgw extension. # To find how to have freeDiameter load this extension, please refer to the freeDiameter documentation. # # The app_radgw extension allows a freeDiameter agent to serve as a # RADIUS/Diameter gateway. Typically, a RADIUS client (e.g. a NAS) will connect to # this agent, and the message will be converted to Diameter and sent to a Diameter server. # # Note that this extension does not provide a fully functionnal RADIUS/Diameter gateway. # You need to load plugins to handle specific RADIUS messages and convert them to # Diameter apps such as NASREQ, EAP, ... See the next section for information. ########### # PLUGINS # ########### # Additional plugins must be loaded to support specific RADIUS messages and attributes. # Plugins are registered either for every message, or by port (auth or acct), or by port and code. # The general format is: # RGWX = plugin [: conf_file] [: port] [: code(s)] ; # Where: # plugin is the quoted file name (relative or absolute) of the plugin to load (.rgwx files). # conf_file (optional) is the quoted name of the configuration file. # port (optional), either auth or acct. # If not specified, extension is called for messages incoming on both ports # code(s): space-separated list of command codes for which this extension must be called. # If not specified, the extension is called for all incoming messages. # The values are interpreted as hexadecimal. # # The plugins are called in the order they appear in this file. # Here are some explained examples: # RGWX = "3579.rgwx"; Load this extension and call it for all messages. No configuration file. # RGWX = "3579.rgwx" : "3579.conf"; Same as previous but with a configuration file specified. # RGWX = "3579.rgwx" : auth; No configuration file, but called only for RADIUS messages received on authentication port. # RGWX = "3579.rgwx" : 4 8 b; Called for messages with command code 4, 8, or 11 only. # RGWX = "3579.rgwx" : "3579.conf" : auth : 4 8 b; All parameters combined. # Once the list of extensions for an incoming message has been called (or if the list is empty), # an error is logged if some RADIUS attributes of the message have not been handled. RGWX = "extensions/echodrop.rgwx" : "echodrop.rgwx.conf"; # See echodrop.rgwx.conf.sample file RGWX = "extensions/auth.rgwx" : auth; RGWX = "extensions/acct.rgwx" : acct; # RGWX = "extensions/debug.rgwx"; # Uncomment to see the result of the translation plugins. # For some extensions (auth, acct), a false configuration file name # can be passed to specify flags, such as "nonai" to ignore NAI-based routing. ################## # RADIUS Clients # ################## # Each RADIUS client must be declared in the form: # nas = IP / shared-secret ; # IP can be ipv4 or ipv6 # port can be additionaly restricted with brackets: IP[port] (ex: 192.168.0.1[1812]) # shared-secret can be a quoted string, or a list of hexadecimal values. # examples: # nas = 192.168.100.1 / "secret key" ; # the shared secret buffer is 0x736563726574206b6579 (length 10 bytes) # nas = fe00::1 / 73 65 63 72 65 74 20 6b 65 79; # same shared secret as previously # When a packet is received from an IP not declared here, it is discarded. # If the RADIUS client is a Proxy that forwards messages from different peers, it must be # declared instead as follow: # pxy = IP / shared-secret ; # Note that it is not recommended to use this gateway implementation with a proxy currently, # since the management of duplicate messages might be insufficient. # The old notation cli = ... is equivalent to nas = ... and kept for backward compatibility. #################### # Authentication # # Authorization # #################### # Enable the RADIUS/Diameter authentication/authorization gateway? # auth_server_enable = 1; # The port on which the accounting server listens # auth_server_port = 1812; # The IPv4 on which to bind the server, or "disable" if IPv4 must not be used. # auth_server_ip4 = 0.0.0.0; # The IPv6 address to which the server is bound, or "disable" # auth_server_ip6 = :: ; ################ # Accounting # ################ # Enable the RADIUS/Diameter accounting gateway? # acct_server_enable = 1; # The port on which the accounting server listens # acct_server_port = 1813; # The IPv4 on which to bind the server, or "disable" if no IPv4 is wanted. # acct_server_ip4 = 0.0.0.0; # The IPv6 address to which the server is bound, or "disable" # acct_server_ip6 = :: ;