Changeset 1165:515a5b8f930a in freeDiameter for doc/freediameter.conf.sample
- Timestamp:
- Jun 1, 2013, 12:46:02 AM (10 years ago)
- Branch:
- default
- Phase:
- public
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
doc/freediameter.conf.sample
r972 r1165 1 1 # This is a sample configuration file for freeDiameter daemon. 2 2 3 # Only the "TLS_Cred" directive is really mandatory in this file. 3 # Most of the options can be omitted, as they default to reasonable values. 4 # Only TLS-related options must be configured properly in usual setups. 4 5 5 6 # It is possible to use "include" keyword to import additional files 6 7 # e.g.: include "/etc/freeDiameter.d/*.conf" 8 # This is exactly equivalent as copy & paste the content of the included file(s) 9 # where the "include" keyword is found. 7 10 8 11 … … 23 26 24 27 # The port this peer is listening on for incoming connections (TCP and SCTP). 25 # Default: 3868 28 # Default: 3868. Use 0 to disable. 26 29 #Port = 3868; 27 30 28 # The port this peer is listening on for incoming TLS connections (TCP and SCTP). 29 # See TLS_old_method for more information. 30 # Default: 3869 31 #SecPort = 3869; 32 33 # Use RFC3588 method for TLS protection, where TLS is negociated after CER/CEA 34 # on the same port. This only affects outgoing connections. It can be overwritten 35 # on per peer basis. 36 # Default: use RFC3588bis method with separate port for TLS. 31 # The port this peer is listening on for incoming TLS-protected connections (TCP and SCTP). 32 # See TLS_old_method for more information about TLS flavours. 33 # Default: 5658. Use 0 to disable. 34 #SecPort = 5658; 35 36 # Use RFC3588 method for TLS protection, where TLS is negociated after CER/CEA exchange is completed 37 # on the unsecure connection. The alternative is RFC6733 mechanism, where TLS protects also the 38 # CER/CEA exchange on a dedicated secure port. 39 # This parameter only affects outgoing connections. 40 # The setting can be also defined per-peer (see Peers configuration section). 41 # Default: use RFC6733 method with separate port for TLS. 37 42 #TLS_old_method; 38 43 39 # Disable use of TCP protocol (only listen and connect inSCTP)44 # Disable use of TCP protocol (only listen and connect over SCTP) 40 45 # Default : TCP enabled 41 46 #No_TCP; 42 47 43 # Disable use of SCTP protocol (only listen and connect inTCP)48 # Disable use of SCTP protocol (only listen and connect over TCP) 44 49 # Default : SCTP enabled 45 50 #No_SCTP; 46 # This option has no effect if freeDiameter is compiled with DISABLE_SCTP option, 47 # in which case the value is forced to "SCTP disabled". 48 49 # Prefer TCP over SCTP for establishing new connections. 50 # It may be overwritten per peer in peer configuration blocs. 51 # Default : SCTP is prefered. 51 # This option is ignored if freeDiameter is compiled with DISABLE_SCTP option. 52 53 # Prefer TCP instead of SCTP for establishing new connections. 54 # This setting may be overwritten per peer in peer configuration blocs. 55 # Default : SCTP is attempted first. 52 56 #Prefer_TCP; 53 57 54 58 # Default number of streams per SCTP associations. 55 # It canbe overwritten per peer basis.59 # This setting may be overwritten per peer basis. 56 60 # Default : 30 streams 57 61 #SCTP_streams = 30; 58 62 59 63 ############################################################## 60 ## Endpoint sconfiguration64 ## Endpoint configuration 61 65 62 66 # Disable use of IP addresses (only IPv6) … … 68 72 #No_IPv6; 69 73 70 # Specify local addresses where the server must listen74 # Specify local addresses the server must bind to 71 75 # Default : listen on all addresses available. 72 76 #ListenOn = "202.249.37.5"; 73 77 #ListenOn = "2001:200:903:2::202:1"; 74 78 #ListenOn = "fe80::21c:5ff:fe98:7d62%eth0"; 75 76 # Note: although by default freeDiameter listens also on the loopback interface, it77 # will not be able to connect to the loopback address.78 79 79 80 ############################################################## … … 104 105 # The file contains a list of trusted CRLs in PEM format. They should have been verified before. 105 106 # (This parameter is passed to gnutls_certificate_set_x509_crl_file function) 106 # Note: currently, openssl CRL seems not supported...107 # Note: openssl CRL format might have interoperability issue with GNUTLS format. 107 108 # Default : GNUTLS default behavior 108 109 #TLS_CRL = "<file.PEM>"; … … 112 113 # algorithms. See gnutls_priority_init function documentation for information. 113 114 # You should also refer to the Diameter required TLS support here: 114 # http://tools.ietf.org/html/ draft-ietf-dime-rfc3588bis-18#section-13.1115 # http://tools.ietf.org/html/rfc6733#section-13.1 115 116 # Default : "NORMAL" 116 117 # Example: TLS_Prio = "NONE:+VERS-TLS1.1:+AES-128-CBC:+RSA:+SHA1:+COMP-NULL"; … … 161 162 162 163 # Number of server threads that can handle incoming messages at the same time. 163 # TODO: implement dynamic # of threads depending on the length of the queue.164 164 # Default: 4 165 165 #AppServThreads = 4; 166 166 167 # Other applications are configured by load ing appropriateextensions.167 # Other applications are configured by loaded extensions. 168 168 169 169 ############################################################## 170 170 ## Extensions configuration 171 171 172 # The freeDiameter daemonmerely provides support for172 # The freeDiameter framework merely provides support for 173 173 # Diameter Base Protocol. The specific application behaviors, 174 # as well as advanced functions of the daemon, are provided174 # as well as advanced functions, are provided 175 175 # by loadable extensions (plug-ins). 176 176 # These extensions may in addition receive the name of a … … 184 184 #LoadExtension = "extensions/sample.fdx":"conf/sample.conf"; 185 185 186 # Extensions are named as follow: 187 # dict_* for extensions that add content to the dictionary definitions. 188 # dbg_* for extensions useful only to retrieve more information on the framework execution. 189 # acl_* : Access control list, to control which peers are allowed to connect. 190 # rt_* : routing extensions that impact how messages are forwarded to other peers. 191 # app_* : applications, these extensions usually register callbacks to handle specific messages. 192 # test_* : dummy extensions that are useful only in testing environments. 193 186 194 187 195 ############################################################## … … 189 197 190 198 # The local server listens for incoming connections. By default, 191 # all unknown connecting peers are rejected. Extensions can override this behavior .199 # all unknown connecting peers are rejected. Extensions can override this behavior (e.g., acl_wl). 192 200 # 193 201 # In addition to incoming connections, the local peer can … … 196 204 # This is achieved with the ConnectPeer directive described below. 197 205 # 198 # Note that the configured Diameter Id MUST match206 # Note that the configured Diameter Identity MUST match 199 207 # the information received inside CEA, or the connection will be aborted. 200 #201 # Note also, loopback addresses are not allowed currently in freeDiameter202 # (because of a bad behavior if they are allowed).203 # As a workaround, one might provide a public address of the local machine to204 # test locally.205 208 # 206 209 # Format: … … 209 212 # No_TCP; No_SCTP; No_IP; No_IPv6; Prefer_TCP; TLS_old_method; 210 213 # No_TLS; # assume transparent security instead of TLS 211 # Port = 3868; # The port to connect to214 # Port = 5658; # The port to connect to 212 215 # TcTimer = 30; 213 216 # TwTimer = 30; … … 218 221 # Examples: 219 222 #ConnectPeer = "aaa.wide.ad.jp"; 220 #ConnectPeer = "old.diameter.serv" { TcTimer = 60; TLS_old_method; No_SCTP; } ;221 222 223 ############################################################## 223 #ConnectPeer = "old.diameter.serv" { TcTimer = 60; TLS_old_method; No_SCTP; Port=3868; } ; 224 225 226 ##############################################################
Note: See TracChangeset
for help on using the changeset viewer.