diff options
Diffstat (limited to 'src/tests/radsec/config-home')
-rw-r--r-- | src/tests/radsec/config-home/main.conf | 322 |
1 files changed, 322 insertions, 0 deletions
diff --git a/src/tests/radsec/config-home/main.conf b/src/tests/radsec/config-home/main.conf new file mode 100644 index 0000000..98966fd --- /dev/null +++ b/src/tests/radsec/config-home/main.conf @@ -0,0 +1,322 @@ +listen { + + ipaddr = 127.0.0.1 + port = ${{port-home-auth}} + type = auth+coa + proto = tcp + + virtual_server = default + + clients = radsec + + tls { + tls_max_version="1.2" + private_key_password = whatever + private_key_file = ${certdir}/server.pem + certificate_file = ${certdir}/server.pem + ca_file = ${cadir}/ca.pem + fragment_size = 8192 + ca_path = ${cadir} + cipher_list = "DEFAULT" + cipher_server_preference = no + + cache { + enable = no + lifetime = 24 # hours + } + + require_client_cert = yes + } + + # Specify the CoA retransmit parameters for CoA single tunnel + coa { + irt = 1 + mrt = 16 + mrc = 0 + mrd = 5 + } +} + +clients radsec { + client localhost { + ipaddr = 127.0.0.1 + secret = radsec + proto = tls + + limit { + max_connections = 16 + lifetime = 0 # do not close connection + idle_timeout = 0 # do not close connection even after an idle period + } + } +} + +server default { + authorize { + update control { + Originating-Realm-Key := &Called-Station-Id + Auth-Type := Accept + } + } + + authenticate { + Auth-Type PAP { + pap + } + + Auth-Type MS-CHAP { + mschap + } + + Auth-Type EAP { + eap + } + } + + post-auth { + if(User-Name && User-Name == "PostAuthCoA") { + update coa { + &Acct-Session-Id += "default:post-auth" + &Proxy-To-Originating-Realm := &Called-Station-Id + } + } + } + + pre-proxy { + update { + &proxy-request:Acct-Session-Id += "default:pre-proxy" + } + } + + post-proxy { + switch &proxy-reply:Packet-Type { + case CoA-ACK { + update proxy-reply { + &Acct-Session-Id += "default:post-proxy-coa-ack" + } + } + + case CoA-NAK { + update proxy-reply { + &Acct-Session-Id += "default:post-proxy-coa-nak" + } + } + + case Disconnect-ACK { + update proxy-reply { + &Acct-Session-Id += "default:post-proxy-disconnect-ack" + } + } + + case Disconnect-NAK { + update proxy-reply { + &Acct-Session-Id += "default:post-proxy-disconnect-nak" + } + } + + case { + fail + } + } + + # If there was no response at all + Post-Proxy-Type Fail-CoA { + ok + } + + Post-Proxy-Type Fail-Disconnect { + ok + } + + detail_test.post-proxy + } +} + +# +# CoA Relay +# +listen { + type = coa + ipaddr = 127.0.0.1 + port = ${{port-home-coa}} + virtual_server = coa +} + +server coa { + recv-coa { + + update request { + COA-Packet-Type := "%{Packet-Type}" + } + + if(&User-Name == "TcpSessionKey-Proxy") { + # Proxying CoA + update control { + &Proxy-To-Originating-Realm := &Called-Station-Id + } + } else { + # Originating CoA + detail_coa.accounting + } + } +} + +server coa-buffered-reader { + listen { + type = detail + filename = "${radacctdir}/detail_coa" + load_factor = 90 + track = yes + } + + accounting { + switch &User-Name { + case "IpAddress" { + update { + coa:Packet-DST-IP-Address := &NAS-IP-Address + coa:Packet-DST-Port:= &Called-Station-Id + } + } + case "IpAddressSingleTunnel" { + update { + coa:Packet-DST-IP-Address := &NAS-IP-Address + } + } + case "HomePoolCoA" { + update { + coa:Home-Server-Pool := &Called-Station-Id + } + } + case "TcpSessionKey"{ + update { + coa:Proxy-To-Originating-Realm := &Called-Station-Id + } + } + } + + switch &COA-Packet-Type { + case "Disconnect-Request" { + update { + # Include given attributes + &disconnect: += request:[*] + &disconnect:Packet-DST-IP-Address := &COA-Packet-DST-IP-Address + &disconnect:Packet-DST-Port := &COA-Packet-DST-Port + &disconnect:Acct-Session-Id := &COA-Acct-Session-Id + &disconnect:Acct-Delay-Time !* ANY + } + } + + case "CoA-Request" { + update { + &coa:Acct-Session-Id = "coa-buffered-reader:accounting:coa-request" + } + } + } + ok + } # accounting + + pre-proxy { + update { + &proxy-request:Acct-Session-Id += "coa-buffered-reader:pre-proxy" + } + } + + post-proxy { + update { + &proxy-reply:Acct-Session-Id += "coa-buffered-reader:post-proxy" + } + detail_test.post-proxy + } +} + +server home-originate-coa-relay { + + pre-proxy { + update { + &proxy-request:Acct-Session-Id += "home-originate-coa-relay:pre-proxy" + } + } + + post-proxy { + switch &proxy-reply:Packet-Type { + case CoA-ACK { + update { + &proxy-reply:Acct-Session-Id += "home-originate-coa-relay:post-proxy-coa-ack" + } + } + + case CoA-NAK { + update { + &proxy-reply:Acct-Session-Id += "home-originate-coa-relay:post-proxy-coa-nak" + } + } + + case Disconnect-ACK { + update { + &proxy-reply:Acct-Session-Id += "home-originate-coa-relay:post-proxy-disconnect-ack" + } + } + + case Disconnect-NAK { + update { + &proxy-reply:Acct-Session-Id += "home-originate-coa-relay:post-proxy-disconnect-nak" + } + } + + case { + fail + } + } + + # If there was no response at all + Post-Proxy-Type Fail-CoA { + ok + } + + Post-Proxy-Type Fail-Disconnect { + ok + } + + detail_test.post-proxy + } +} + +home_server coa-nas { + type = coa + ipaddr = 127.0.0.1 + port = ${{port-coa}} # A placeholder to be set in test makefile + secret = testing123 + + coa { + irt = 2 + mrt = 16 + mrc = 5 + mrd = 30 + } +} + +home_server_pool coa-nas { + type = fail-over + home_server = coa-nas + virtual_server = home-originate-coa-relay +} + +home_server coa-nas-tls { + type = coa + ipaddr = 127.0.0.1 + port = ${{port-proxy-coa}} # A placeholder to be set in test makefile + secret = testing123 + + coa { + irt = 2 + mrt = 16 + mrc = 5 + mrd = 30 + } +} + +home_server_pool coa-nas-tls { + type = fail-over + home_server = coa-nas-tls + virtual_server = home-originate-coa-relay +} |