listen {

	ipaddr = 127.0.0.1
	port = ${{port-home-auth}}
	type = auth+coa
	proto = tcp

	virtual_server = default

	clients = radsec

	tls {
		tls_max_version="1.2"
		private_key_password = whatever
		private_key_file = ${certdir}/server.pem
		certificate_file = ${certdir}/server.pem
		ca_file = ${cadir}/ca.pem
		fragment_size = 8192
		ca_path = ${cadir}
		cipher_list = "DEFAULT"
		cipher_server_preference = no

		cache {
		      enable = no
		      lifetime = 24 # hours
		}

		require_client_cert = yes
	}

	# Specify the CoA retransmit parameters for CoA single tunnel
	coa {
		irt = 1
		mrt = 16
		mrc = 0
		mrd = 5
	}
}

clients radsec {
	client localhost {
		ipaddr      = 127.0.0.1
		secret      = radsec
		proto       = tls
	
		limit {
			max_connections = 16
			lifetime = 0        # do not close connection
			idle_timeout = 0    # do not close connection even after an idle period
		}
	}
}

server default {
	authorize {
		update control {
			Originating-Realm-Key := &Called-Station-Id
			Auth-Type := Accept
		}
	}

	authenticate {
		Auth-Type PAP {
			pap
		}

		Auth-Type MS-CHAP {
			mschap
		}

		Auth-Type EAP {
			eap
		}
	}

	post-auth {
		if(User-Name && User-Name == "PostAuthCoA") {
			update coa {
				&Acct-Session-Id += "default:post-auth"
			    &Proxy-To-Originating-Realm := &Called-Station-Id
			}
		}
	}

	pre-proxy {
		update {
			&proxy-request:Acct-Session-Id += "default:pre-proxy"
		}
	}

	post-proxy {
		switch &proxy-reply:Packet-Type {
			case CoA-ACK {
				update proxy-reply {
					&Acct-Session-Id += "default:post-proxy-coa-ack"
				}
			}

			case CoA-NAK {
				update proxy-reply {
					&Acct-Session-Id += "default:post-proxy-coa-nak"
				}
			}

			case Disconnect-ACK {
				update proxy-reply {
					&Acct-Session-Id += "default:post-proxy-disconnect-ack"
				}
			}

			case Disconnect-NAK {
				update proxy-reply {
					&Acct-Session-Id += "default:post-proxy-disconnect-nak"
				}
			}

			case {
				fail
			}
		}

		# If there was no response at all
		Post-Proxy-Type Fail-CoA {
			ok
		}

		Post-Proxy-Type Fail-Disconnect {
			ok
		}

		detail_test.post-proxy
	}
}

#
# CoA Relay
#
listen {
	type = coa
	ipaddr = 127.0.0.1
	port = ${{port-home-coa}}
	virtual_server = coa
}

server coa {
	recv-coa {

		update request {
			COA-Packet-Type := "%{Packet-Type}"
		}

		if(&User-Name == "TcpSessionKey-Proxy") {
			# Proxying CoA
			update control {
				&Proxy-To-Originating-Realm := &Called-Station-Id
			}
		} else {
			# Originating CoA
			detail_coa.accounting
		}
	}
}

server coa-buffered-reader {
	listen {
		type = detail
		filename = "${radacctdir}/detail_coa"
		load_factor = 90
		track = yes
	}

	accounting {
		switch &User-Name {
			case "IpAddress" {
				update {
					coa:Packet-DST-IP-Address := &NAS-IP-Address
					coa:Packet-DST-Port:= &Called-Station-Id
				}
			}
			case "IpAddressSingleTunnel" {
				update {
					coa:Packet-DST-IP-Address := &NAS-IP-Address
				}
			}
			case "HomePoolCoA" {
				update {
					coa:Home-Server-Pool := &Called-Station-Id
				}
			}
			case "TcpSessionKey"{
				update {
					coa:Proxy-To-Originating-Realm := &Called-Station-Id
				}
			}
		}

		switch &COA-Packet-Type {
			case "Disconnect-Request" {
				update {
					#  Include given attributes
					&disconnect: += request:[*]
					&disconnect:Packet-DST-IP-Address := &COA-Packet-DST-IP-Address
					&disconnect:Packet-DST-Port := &COA-Packet-DST-Port
					&disconnect:Acct-Session-Id := &COA-Acct-Session-Id
					&disconnect:Acct-Delay-Time !* ANY
				}
			}

			case "CoA-Request" {
				update {
					&coa:Acct-Session-Id = "coa-buffered-reader:accounting:coa-request"
				}
			}
		}
		ok
	} # accounting

	pre-proxy {
		update {
			&proxy-request:Acct-Session-Id += "coa-buffered-reader:pre-proxy"
		}
	}

	post-proxy {
		update {
			&proxy-reply:Acct-Session-Id += "coa-buffered-reader:post-proxy"
		}
		detail_test.post-proxy
	}
}

server home-originate-coa-relay {

	pre-proxy {
		update {
			&proxy-request:Acct-Session-Id += "home-originate-coa-relay:pre-proxy"
		}
	}

	post-proxy {
		switch &proxy-reply:Packet-Type {
			case CoA-ACK {
				update {
					&proxy-reply:Acct-Session-Id += "home-originate-coa-relay:post-proxy-coa-ack"
				}
			}

			case CoA-NAK {
				update {
					&proxy-reply:Acct-Session-Id += "home-originate-coa-relay:post-proxy-coa-nak"
				}
			}

			case Disconnect-ACK {
				update {
					&proxy-reply:Acct-Session-Id += "home-originate-coa-relay:post-proxy-disconnect-ack"
				}
			}

			case Disconnect-NAK {
				update {
					&proxy-reply:Acct-Session-Id += "home-originate-coa-relay:post-proxy-disconnect-nak"
				}
			}

			case {
				fail
			}
		}

		# If there was no response at all
		Post-Proxy-Type Fail-CoA {
			ok
		}

		Post-Proxy-Type Fail-Disconnect {
			ok
		}

		detail_test.post-proxy
	}
}

home_server coa-nas {
	type = coa
	ipaddr = 127.0.0.1
	port = ${{port-coa}} # A placeholder to be set in test makefile
	secret =  testing123

	coa {
		irt = 2
		mrt = 16
		mrc = 5
		mrd = 30
	}
}

home_server_pool coa-nas {
	type = fail-over
	home_server = coa-nas
	virtual_server = home-originate-coa-relay
}

home_server coa-nas-tls {
	type = coa
	ipaddr = 127.0.0.1
	port = ${{port-proxy-coa}} # A placeholder to be set in test makefile
	secret =  testing123

	coa {
		irt = 2
		mrt = 16
		mrc = 5
		mrd = 30
	}
}

home_server_pool coa-nas-tls {
	type = fail-over
	home_server = coa-nas-tls
	virtual_server = home-originate-coa-relay
}