Navigation


source: freeDiameter/doc/freediameter.conf.sample @ 20:277ec00d793e

Last change on this file since 20:277ec00d793e was 20:277ec00d793e, checked in by Sebastien Decugis <sdecugis@nict.go.jp>, 12 years ago

Backup before typhoon... Progress on server side

File size: 7.8 KB
Line 
1# This is a sample configuration file for freeDiameter daemon.
2
3# Only the "TLS_Cred" directive is really mandatory in this file.
4
5##############################################################
6##  Peer identity and realm
7
8# The Diameter Identity of this daemon.
9# This must be a valid FQDN that resolves to the local host.
10# Default: hostname's FQDN
11#Identity = "aaa.koganei.wide.ad.jp";
12
13# The Diameter Realm of this daemon.
14# Default: the domain part of Identity.
15#Realm = "wide.ad.jp";
16
17##############################################################
18##  Transport protocol configuration
19
20# The port this peer is listening on for incoming connections (TCP and SCTP).
21# Default: 3868
22#Port = 3868;
23
24# The port this peer is listening on for incoming TLS connections (TCP and SCTP).
25# See TLS_old_method for more information.
26# Default: 3869
27#SecPort = 3869;
28
29# Use RFC3588 method for TLS protection, where TLS is negociated after CER/CEA
30# on the same port. This only affects outgoing connections. It can be overwritten
31# on per peer basis.
32# Default: use RFC3588bis method with separate port for TLS.
33#TLS_old_method;
34
35# Disable use of TCP protocol (only listen and connect in SCTP)
36# Default : TCP enabled
37#No_TCP;
38
39# Disable use of SCTP protocol (only listen and connect in TCP)
40# Default : SCTP enabled
41#No_SCTP;
42# This option has no effect if freeDiameter is compiled with DISABLE_SCTP option,
43# in which case the value is forced to "SCTP disabled".
44
45# Prefer TCP over SCTP for establishing new connections.
46# It may be overwritten per peer in peer configuration blocs.
47# Default : SCTP is prefered.
48#Prefer_TCP;
49
50# Default number of streams per SCTP associations.
51# It can be overwritten per peer basis.
52# Default : 30 streams
53#SCTP_streams = 30;
54
55##############################################################
56##  Endpoints configuration
57
58# Disable use of IP addresses (only IPv6)
59# Default : IP enabled
60#No_IP;
61
62# Disable use of IPv6 addresses (only IP)
63# Default : IPv6 enabled
64#No_IPv6;
65
66# Specify local addresses where the server must listen
67# Default : listen on all addresses available.
68#ListenOn = "202.249.37.5";
69#ListenOn = "2001:200:903:2::202:1";
70
71##############################################################
72##  TLS Configuration
73
74# TLS is managed by the GNUTLS library in the freeDiameter daemon.
75# You may find more information about parameters and special behaviors
76# in the relevant documentation.
77# http://www.gnu.org/software/gnutls/manual/
78
79# Credentials of the local peer
80# The X509 certificate and private key file to use for the local peer.
81# The files must contain PKCS-1 encoded RSA key, in PEM format.
82# (These parameters are passed to gnutls_certificate_set_x509_key_file function)
83# Default : NO DEFAULT
84#TLS_Cred = "<x509 certif file.PEM>" , "<x509 private key file.PEM>";
85
86# Certificate authority / trust anchors
87# The file containing the list of trusted Certificate Authorities (PEM list)
88# (This parameter is passed to gnutls_certificate_set_x509_trust_file function)
89# The directive can appear several times to specify several files.
90# Default : GNUTLS default behavior
91#TLS_CA = "<file.PEM>";
92
93# Certificate Revocation List file
94# The information about revoked certificates.
95# The file contains a list of trusted CRLs in PEM format. They should have been verified before.
96# (This parameter is passed to gnutls_certificate_set_x509_crl_file function)
97# Note: currently, openssl CRL seems not supported...
98# Default : GNUTLS default behavior
99#TLS_CRL = "<file.PEM>";
100
101# GNU TLS Priority string
102# This string allows to configure the behavior of GNUTLS key exchanges
103# algorithms. See gnutls_priority_init function documentation for information.
104# You should also refer to the Diameter required TLS support here:
105#   http://tools.ietf.org/html/draft-ietf-dime-rfc3588bis-18#section-13.1
106# Default : "NORMAL"
107# Example: TLS_Prio = "NONE:+VERS-TLS1.1:+AES-128-CBC:+RSA:+SHA1:+COMP-NULL";
108#TLS_Prio = "NORMAL";
109
110# Diffie-Hellman parameters size
111# Set the number of bits for generated DH parameters
112# Valid value should be 768, 1024, 2048, 3072 or 4096.
113# (This parameter is passed to gnutls_dh_params_generate2 function,
114# it usually should match RSA key size)
115# Default : 1024
116#TLS_DH_Bits = 1024;
117
118
119##############################################################
120##  Timers configuration
121
122# The Tc timer of this peer.
123# It is the delay before a new attempt is made to reconnect a disconnected peer.
124# The value is expressed in seconds. The recommended value is 30 seconds.
125# Default: 30
126#TcTimer = 30;
127
128# The Tw timer of this peer.
129# It is the delay before a watchdog message is sent, as described in RFC 3539.
130# The value is expressed in seconds. The default value is 30 seconds. Value must
131# be greater or equal to 6 seconds. See details in the RFC.
132# Default: 30
133#TwTimer = 30;
134
135##############################################################
136##  Applications configuration
137
138# Disable the relaying of Diameter messages?
139# For messages not handled locally, the default behavior is to forward the
140# message to another peer if any is available, according to the routing
141# algorithms. In addition the "0xffffff" application is advertised in CER/CEA
142# exchanges.
143# Default: Relaying is enabled.
144#NoRelay;
145
146# Other applications are configured by loading appropriate extensions.
147
148##############################################################
149##  Extensions configuration
150
151#  The freeDiameter daemon merely provides support for
152# Diameter Base Protocol. The specific application behaviors,
153# as well as advanced functions of the daemon, are provided
154# by loadable extensions (plug-ins).
155#  These extensions may in addition receive the name of a
156# configuration file, the format of which is extension-specific.
157#
158# Format:
159#LoadExtension = "/path/to/extension" [ : "/optional/configuration/file" ] ;
160#
161# Exemples:
162#LoadExtension = "extensions/sample.so";
163#LoadExtension = "extensions/sample.so":"conf/sample.conf";
164
165
166##############################################################
167##  Peers configuration
168
169#  The local server listens for incoming connections. By default,
170# all unknown connecting peers are rejected. Extensions can override this behavior.
171#
172#  In addition to incoming connections, the local peer can
173# be configured to establish and maintain connections to some
174# Diameter nodes and allow connections from these nodes.
175#  This is achieved with the ConnectPeer directive described bellow.
176#
177# Note that the configured Diameter Id MUST match
178# the information received inside CEA, or the connection will be aborted.
179#
180# Format:
181#ConnectPeer = "diameterid" [ { parameter1; parameter2; ...} ] ;
182# Parameters that can be specified in the peer's parameter list:
183#  No_TCP; No_SCTP; No_IP; No_IPv6; Prefer_TCP; TLS_old_method;
184#  No_TLS;       # assume transparent security instead of TLS
185#  Port = 3868;  # The port to connect to
186#  SCTP_streams = 30;
187#  TcTimer = 30;
188#  TwTimer = 30;
189#  ConnectTo = "202.249.37.5";
190#  ConnectTo = "2001:200:903:2::202:1";
191# Examples:
192#ConnectPeer = "aaa.wide.ad.jp";
193#ConnectPeer = "old.diameter.serv" { TcTimer = 60; TLS_old_method; No_SCTP; } ;
194
195
196##############################################################
197# -------- Test configuration ---------
198Identity = "aaa.koganei.wide.ad.jp";
199Realm = "wide.ad.jp";
200Port = 3866;
201SecPort = 3867;
202TLS_old_method;
203No_IP;
204Prefer_TCP;
205SCTP_streams = 50;
206ListenOn = "202.249.37.5";
207ListenOn = "2001:200:903:2::202:1";
208TcTimer = 60;
209TwTimer = 6;
210NoRelay;
211LoadExtension = "extensions/dbg_monitor.fdx";
212LoadExtension = "extensions/dict_nasreq.fdx";
213LoadExtension = "extensions/dict_eap.fdx";
214ConnectPeer = "jules.nautilus6.org" ;
215ConnectPeer = "aaa.nautilus6.org" { No_TLS; No_IP; No_TCP; SCTP_streams = 60; } ;
216TLS_Cred = "/etc/openssl-ca/clients/certs/fdtest.cert" , "/etc/openssl-ca/clients/privkeys/fdtest.key.pem";
217TLS_CA = "/etc/openssl-ca/public-www/cacert.pem";
218# TLS_CRL = "/etc/openssl-ca/public-www/crl.pem";
219
Note: See TracBrowser for help on using the repository browser.