Navigation


source: freeDiameter/doc/freediameter.conf.sample @ 24:bd83ce9328ed

Last change on this file since 24:bd83ce9328ed was 24:bd83ce9328ed, checked in by Sebastien Decugis <sdecugis@nict.go.jp>, 11 years ago

Cleanups and completed sctp code (not finished)

File size: 7.8 KB
Line 
1# This is a sample configuration file for freeDiameter daemon.
2
3# Only the "TLS_Cred" directive is really mandatory in this file.
4
5##############################################################
6##  Peer identity and realm
7
8# The Diameter Identity of this daemon.
9# This must be a valid FQDN that resolves to the local host.
10# Default: hostname's FQDN
11#Identity = "aaa.koganei.wide.ad.jp";
12
13# The Diameter Realm of this daemon.
14# Default: the domain part of Identity.
15#Realm = "wide.ad.jp";
16
17##############################################################
18##  Transport protocol configuration
19
20# The port this peer is listening on for incoming connections (TCP and SCTP).
21# Default: 3868
22#Port = 3868;
23
24# The port this peer is listening on for incoming TLS connections (TCP and SCTP).
25# See TLS_old_method for more information.
26# Default: 3869
27#SecPort = 3869;
28
29# Use RFC3588 method for TLS protection, where TLS is negociated after CER/CEA
30# on the same port. This only affects outgoing connections. It can be overwritten
31# on per peer basis.
32# Default: use RFC3588bis method with separate port for TLS.
33#TLS_old_method;
34
35# Disable use of TCP protocol (only listen and connect in SCTP)
36# Default : TCP enabled
37#No_TCP;
38
39# Disable use of SCTP protocol (only listen and connect in TCP)
40# Default : SCTP enabled
41#No_SCTP;
42# This option has no effect if freeDiameter is compiled with DISABLE_SCTP option,
43# in which case the value is forced to "SCTP disabled".
44
45# Prefer TCP over SCTP for establishing new connections.
46# It may be overwritten per peer in peer configuration blocs.
47# Default : SCTP is prefered.
48#Prefer_TCP;
49
50# Default number of streams per SCTP associations.
51# It can be overwritten per peer basis.
52# Default : 30 streams
53#SCTP_streams = 30;
54
55##############################################################
56##  Endpoints configuration
57
58# Disable use of IP addresses (only IPv6)
59# Default : IP enabled
60#No_IP;
61
62# Disable use of IPv6 addresses (only IP)
63# Default : IPv6 enabled
64#No_IPv6;
65
66# Specify local addresses where the server must listen
67# Default : listen on all addresses available.
68#ListenOn = "202.249.37.5";
69#ListenOn = "2001:200:903:2::202:1";
70#ListenOn = "fe80::21c:5ff:fe98:7d62%eth0";
71
72##############################################################
73##  TLS Configuration
74
75# TLS is managed by the GNUTLS library in the freeDiameter daemon.
76# You may find more information about parameters and special behaviors
77# in the relevant documentation.
78# http://www.gnu.org/software/gnutls/manual/
79
80# Credentials of the local peer
81# The X509 certificate and private key file to use for the local peer.
82# The files must contain PKCS-1 encoded RSA key, in PEM format.
83# (These parameters are passed to gnutls_certificate_set_x509_key_file function)
84# Default : NO DEFAULT
85#TLS_Cred = "<x509 certif file.PEM>" , "<x509 private key file.PEM>";
86
87# Certificate authority / trust anchors
88# The file containing the list of trusted Certificate Authorities (PEM list)
89# (This parameter is passed to gnutls_certificate_set_x509_trust_file function)
90# The directive can appear several times to specify several files.
91# Default : GNUTLS default behavior
92#TLS_CA = "<file.PEM>";
93
94# Certificate Revocation List file
95# The information about revoked certificates.
96# The file contains a list of trusted CRLs in PEM format. They should have been verified before.
97# (This parameter is passed to gnutls_certificate_set_x509_crl_file function)
98# Note: currently, openssl CRL seems not supported...
99# Default : GNUTLS default behavior
100#TLS_CRL = "<file.PEM>";
101
102# GNU TLS Priority string
103# This string allows to configure the behavior of GNUTLS key exchanges
104# algorithms. See gnutls_priority_init function documentation for information.
105# You should also refer to the Diameter required TLS support here:
106#   http://tools.ietf.org/html/draft-ietf-dime-rfc3588bis-18#section-13.1
107# Default : "NORMAL"
108# Example: TLS_Prio = "NONE:+VERS-TLS1.1:+AES-128-CBC:+RSA:+SHA1:+COMP-NULL";
109#TLS_Prio = "NORMAL";
110
111# Diffie-Hellman parameters size
112# Set the number of bits for generated DH parameters
113# Valid value should be 768, 1024, 2048, 3072 or 4096.
114# (This parameter is passed to gnutls_dh_params_generate2 function,
115# it usually should match RSA key size)
116# Default : 1024
117#TLS_DH_Bits = 1024;
118
119
120##############################################################
121##  Timers configuration
122
123# The Tc timer of this peer.
124# It is the delay before a new attempt is made to reconnect a disconnected peer.
125# The value is expressed in seconds. The recommended value is 30 seconds.
126# Default: 30
127#TcTimer = 30;
128
129# The Tw timer of this peer.
130# It is the delay before a watchdog message is sent, as described in RFC 3539.
131# The value is expressed in seconds. The default value is 30 seconds. Value must
132# be greater or equal to 6 seconds. See details in the RFC.
133# Default: 30
134#TwTimer = 30;
135
136##############################################################
137##  Applications configuration
138
139# Disable the relaying of Diameter messages?
140# For messages not handled locally, the default behavior is to forward the
141# message to another peer if any is available, according to the routing
142# algorithms. In addition the "0xffffff" application is advertised in CER/CEA
143# exchanges.
144# Default: Relaying is enabled.
145#NoRelay;
146
147# Other applications are configured by loading appropriate extensions.
148
149##############################################################
150##  Extensions configuration
151
152#  The freeDiameter daemon merely provides support for
153# Diameter Base Protocol. The specific application behaviors,
154# as well as advanced functions of the daemon, are provided
155# by loadable extensions (plug-ins).
156#  These extensions may in addition receive the name of a
157# configuration file, the format of which is extension-specific.
158#
159# Format:
160#LoadExtension = "/path/to/extension" [ : "/optional/configuration/file" ] ;
161#
162# Exemples:
163#LoadExtension = "extensions/sample.so";
164#LoadExtension = "extensions/sample.so":"conf/sample.conf";
165
166
167##############################################################
168##  Peers configuration
169
170#  The local server listens for incoming connections. By default,
171# all unknown connecting peers are rejected. Extensions can override this behavior.
172#
173#  In addition to incoming connections, the local peer can
174# be configured to establish and maintain connections to some
175# Diameter nodes and allow connections from these nodes.
176#  This is achieved with the ConnectPeer directive described bellow.
177#
178# Note that the configured Diameter Id MUST match
179# the information received inside CEA, or the connection will be aborted.
180#
181# Format:
182#ConnectPeer = "diameterid" [ { parameter1; parameter2; ...} ] ;
183# Parameters that can be specified in the peer's parameter list:
184#  No_TCP; No_SCTP; No_IP; No_IPv6; Prefer_TCP; TLS_old_method;
185#  No_TLS;       # assume transparent security instead of TLS
186#  Port = 3868;  # The port to connect to
187#  TcTimer = 30;
188#  TwTimer = 30;
189#  ConnectTo = "202.249.37.5";
190#  ConnectTo = "2001:200:903:2::202:1";
191#  TLS_Prio = "NORMAL";
192# Examples:
193#ConnectPeer = "aaa.wide.ad.jp";
194#ConnectPeer = "old.diameter.serv" { TcTimer = 60; TLS_old_method; No_SCTP; } ;
195
196
197##############################################################
198# -------- Test configuration ---------
199Identity = "aaa.koganei.wide.ad.jp";
200Realm = "wide.ad.jp";
201Port = 3866;
202SecPort = 3867;
203TLS_old_method;
204SCTP_streams = 50;
205TcTimer = 60;
206TwTimer = 6;
207#ListenOn = "133.243.146.201";
208#ListenOn = "fe80::21d:9ff:fe89:7d68%eth0";
209NoRelay;
210LoadExtension = "extensions/dbg_monitor.fdx";
211LoadExtension = "extensions/dict_nasreq.fdx";
212LoadExtension = "extensions/dict_eap.fdx";
213ConnectPeer = "jules.nautilus6.org" ;
214ConnectPeer = "aaa.nautilus6.org" { No_TLS; No_IP; } ;
215TLS_Cred = "/etc/openssl-ca/clients/certs/test.cert" , "/etc/openssl-ca/clients/privkeys/test.key.pem";
216TLS_CA = "/etc/openssl-ca/public-www/cacert.pem";
217# TLS_CRL = "/etc/openssl-ca/public-www/crl.pem";
218
Note: See TracBrowser for help on using the repository browser.