]> git.ipfire.org Git - thirdparty/freeradius-server.git/commitdiff
projects / thirdparty / freeradius-server.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 190a0d6)
Add basic radsecproxy.conf for testing
authorNick Porter <nick@portercomputing.co.uk>
Fri, 24 Jan 2025 18:59:01 +0000 (18:59 +0000)
committerNick Porter <nick@portercomputing.co.uk>
Fri, 24 Jan 2025 19:04:36 +0000 (19:04 +0000)
src/tests/tls/radsecproxy.conf [new file with mode: 0644] patch | blob

diff --git a/src/tests/tls/radsecproxy.conf b/src/tests/tls/radsecproxy.conf
new file mode 100644 (file)
index 0000000..1d8c194
--- /dev/null
+++ b/src/tests/tls/radsecproxy.conf
@@ -0,0 +1,84 @@
+# Minimal sample radsecproxy config
+#
+# Intended for use with radsecproxy > 1.11.1 for TLS PSK
+#
+# Checkout source from https://github.com/radsecproxy/radsecproxy
+# Then build with
+#   sh autogen.sh
+#   ./configure
+#   make
+
+# By default, the config file is expected to be in
+# /usr/local/etc/radsecproxy.conf
+
+# radsecproxy can be run with maximum debug and in the foreground with
+#
+# ./radsecproxy -f -d 5
+
+# Set some non-standard ports so radsecproxy can run
+# on the same host as FreeRADIUS
+ListenUDP      *:1814
+ListenTLS      *:2084
+
+#
+# To test interoperability with FreeRADIUS, both should use
+# the same certificates - either copy certificates from
+# raddb to the paths below, or adjust the paths to point
+# to certificates in raddb
+#
+tls default {
+  # Trust file / path for verifying peer
+  CACertificateFile  /usr/local/etc/cacerts/ca.pem
+  CACertificatePath  /usr/local/etc/cacerts
+
+  # Certificate presented by radsecproxy
+  CertificateFile     /usr/local/etc/hostcertkey/client.pem
+  CertificateKeyFile  /usr/local/etc/hostcertkey/client.key
+  CertificateKeyPassword    "whatever"
+}
+
+# "client" entries - where do we accept requests from
+# Add extra as required
+
+# Normal RADIUS over UDP
+client 127.0.0.1 {
+       type    udp
+       secret  testing123
+}
+
+# RadSec
+client 127.0.0.1 {
+       type    tls
+       secret  radsec
+       CertificateNameCheck off
+# If TLS-PSK is needed
+# Note: the pskkey is in ASCII, but non-printable
+# characters can be represented in %xx format, where
+# xx is the hex representation of the character.
+#      pskidentity     clientidentity
+#      pskkey          verysecretpresharedkey
+}
+
+# "server" entries - where do we send packets
+
+# Note: RadSec connections are created immediately
+server 127.0.0.1 {
+       type    tls
+       secret  radsec
+       CertificateNameCheck off
+#      pskidentity     radsecidentity
+#      pskkey          othertopsecretkey
+}
+
+# "realm" entries - determine how requests should be routed
+
+# Send @example.com authentication to the RadSec home server above
+realm example.com {
+       server 127.0.0.1
+}
+
+# Reject other users
+realm * {
+       replymessage "User unkown"
+}
+
Mirror of https://github.com/FreeRADIUS/freeradius-server.git