From 50b37d4a27d3295a29afca2286f1a5a086142cec Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 28 Apr 2024 11:49:46 +0200 Subject: Adding upstream version 3.2.1+dfsg. Signed-off-by: Daniel Baumann --- raddb/home_servers/tls.conf | 58 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) create mode 100644 raddb/home_servers/tls.conf (limited to 'raddb/home_servers/tls.conf') diff --git a/raddb/home_servers/tls.conf b/raddb/home_servers/tls.conf new file mode 100644 index 0000000..7a0a61c --- /dev/null +++ b/raddb/home_servers/tls.conf @@ -0,0 +1,58 @@ +# +# This file contains the configuration for the "outgoing" +# radsec connections. It should be included by all of the +# dynamic home server configuration files. +# +# This file should be customized for your local system. +# +# See sites-available/tls for an example of configuring a home_server +# with TLS. + + # + # The server does not (yet) support RadSec over DTLS. + # + proto = tcp + + # + # Use "auth" for Eduroam, as it does not do accounting. + # + # Other sites may allow "auth+acct". + # + type = auth + + # + # The secret for RadSec is ALWAYS "radsec". + # + secret = radsec + + # + # Similarly to HTTP, the client can use Server Name + # Indication to inform the RadSec server as to which + # domain it is requesting. This selection allows + # multiple sites to exist at the same IP address. + # + # This configuration sets the hostname sent in SNI. + # +# hostname = example.org + + # + # Outbound radsec requires a "tls" subsection. + # + tls { + # + # This is the *client* certificate used to connect outbound to the radsec server. + # + # It MUST be signed by a CA which is known to the radsec server. + # + certificate_file = ${certdir}/radsec-client.pem + + private_key_file = ${certdir}/radsec-client.key + private_key_password = whatever + + ca_path = ${cadir} + + # + # See sites-available/tls, and the "home_server tls" subsection for more + # documentation on which configuration items are allowed here. + # + } -- cgit v1.2.3