blob: aa77835c06c08a4c47b4dc5c75416587bb4d2701 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
|
server proxy-default {
listen {
type = auth+acct
ipaddr = 127.0.0.1
port = ${{port-proxy-auth}}
}
authorize {
update control {
&Proxy-To-Realm := "tls"
}
}
authenticate {
Auth-Type PAP {
pap
}
Auth-Type MS-CHAP {
mschap
}
Auth-Type EAP {
eap
}
}
pre-proxy {
update {
&Acct-Session-Id += "proxy-default:pre-proxy"
}
}
post-proxy {
update {
&Acct-Session-Id += "proxy-default:post-proxy"
}
detail_test.recv-coa
}
recv-coa {
update {
&Acct-Session-Id += "proxy-default:recv-coa"
}
detail_test.recv-coa
}
send-coa {
update {
&Acct-Session-Id += "proxy-default:send-coa"
}
}
}
server proxy-tls-default {
listen {
type = coa
ipaddr = 127.0.0.1
port = ${{port-proxy-coa}}
}
recv-coa {
update {
&control:Home-Server-Pool := coa-nas
&request:Acct-Session-Id += "proxy-tls-default:recv-coa"
}
}
send-coa {
update {
&reply:Acct-Session-Id += "proxy-tls-default:send-coa"
}
}
}
#
# Proxy To CoA server
#
server proxy-originate-coa-relay {
pre-proxy {
update {
&proxy-request:Acct-Session-Id += "proxy-originate-coa-relay:pre-proxy"
}
}
post-proxy {
switch &proxy-reply:Packet-Type {
case CoA-ACK {
update {
&proxy-reply:Acct-Session-Id += "proxy-originate-coa-relay:post-proxy-coa-ack"
}
}
case CoA-NAK {
update {
&proxy-reply:Acct-Session-Id += "proxy-originate-coa-relay:post-proxy-coa-nak"
}
}
case Disconnect-ACK {
update {
&proxy-reply:Acct-Session-Id += "proxy-originate-coa-relay:post-proxy-disconnect-ack"
}
}
case Disconnect-NAK {
update {
&proxy-reply:Acct-Session-Id += "proxy-originate-coa-relay:post-proxy-disconnect-nak"
}
}
case {
fail
}
}
Post-Proxy-Type Fail-CoA {
ok
}
Post-Proxy-Type Fail-Disconnect {
ok
}
}
}
home_server coa-nas {
type = coa
ipaddr = 127.0.0.1
port = ${{port-coa}} # A placeholder to be set in test makefile
secret = testing123
coa {
irt = 2
mrt = 16
mrc = 5
mrd = 30
}
}
home_server_pool coa-nas {
type = fail-over
home_server = coa-nas
virtual_server = proxy-originate-coa-relay
}
#
# Proxy To RADSEC Home server
#
server coa_tls {
recv-coa {
update control {
&request:Acct-Session-Id += "coa_tls:recv-coa"
&Home-Server-Pool := coa-nas
}
}
# When a packet is sent, it is processed through the
# send-coa section. This applies to *both* CoA-Request and
# Disconnect-Request packets.
send-coa {
update control {
&reply:Acct-Session-Id += "coa_tls:send-coa"
}
}
# You can use pre-proxy and post-proxy sections here, too.
# They will be processed for sending && receiving proxy packets.
}
home_server tls {
ipaddr = 127.0.0.1
port = ${{port-home-auth}} # A placeholder to be set in test makefile
type = auth+acct+coa
secret = radsec
proto = tcp
status_check = none
tls {
tls_max_version="1.2"
private_key_password = whatever
private_key_file = ${certdir}/client.key
certificate_file = ${certdir}/client.pem
ca_file = ${certdir}/ca.pem
random_file = /dev/urandom
fragment_size = 8192
ca_path = ${cadir}
cipher_list = "DEFAULT"
}
recv_coa {
virtual_server = coa_tls
}
}
home_server_pool tls {
type = fail-over
home_server = tls
virtual_server = coa_tls
}
realm tls {
auth_pool = tls
}
|
