Fix changelog syntax

[freeradius.git] / raddb / clients.conf

diff --git a/raddb/clients.conf b/raddb/clients.conf
index 81f4501..76b300d 100644 (file)
--- a/raddb/clients.conf
+++ b/raddb/clients.conf
@@ -28,23 +28,26 @@
 #  format is still accepted.
 #
 client localhost {
-       #  Allowed values are:
-       #       dotted quad (1.2.3.4)
-       #          hostname     (radius.example.com)
-       ipaddr = 127.0.0.1
-
-       #  OR, you can use an IPv6 address, but not both
-       #  at the same time.
-#      ipv6addr = ::   # any.  ::1 == localhost
-
+       #  Only *one* of ipaddr, ipv4addr, ipv6addr may be specified for
+       #  a client.
        #
-       #  The transport protocol.
+       #  ipaddr will accept IPv4 or IPv6 addresses with optional CIDR
+       #  notation '/<mask>' to specify ranges.
        #
-       #  If unspecified, defaults to "udp", which is the traditional
-       #  RADIUS transport.  It may also be "tcp", in which case the
-       #  server will accept connections from this client ONLY over TCP.
+       #  ipaddr will accept domain names e.g. example.org resolving
+       #  them via DNS.
        #
-       proto = *
+       #  If both A and AAAA records are found, A records will be
+       #  used in preference to AAAA.
+       ipaddr = 127.0.0.1
+
+       #  Same as ipaddr but allows v4 addresses only. Requires A
+       #  record for domain names.
+#      ipv4addr = *    # any.  127.0.0.1 == localhost
+
+       #  Same as ipaddr but allows v6 addresses only. Requires AAAA
+       #  record for domain names.
+#      ipv6addr = ::   # any.  ::1 == localhost
 
        #
        #  A note on DNS:  We STRONGLY recommend using IP addresses
@@ -58,27 +61,14 @@ client localhost {
        #  updated, the server WILL NOT see that update.
        #
 
-       #  One client definition can be applied to an entire network.
-       #  e.g. 127/8 should be defined with "ipaddr = 127.0.0.0" and
-       #  "netmask = 8"
-       #
-       #  If not specified, the default netmask is 32 (i.e. /32)
-       #
-       #  We do NOT recommend using anything other than 32.  There
-       #  are usually other, better ways to achieve the same goal.
-       #  Using netmasks of other than 32 can cause security issues.
        #
-       #  You can specify overlapping networks (127/8 and 127.0/16)
-       #  In that case, the smallest possible network will be used
-       #  as the "best match" for the client.
+       #  The transport protocol.
        #
-       #  Clients can also be defined dynamically at run time, based
-       #  on any criteria.  e.g. SQL lookups, keying off of NAS-Identifier,
-       #  etc.
-       #  See raddb/sites-available/dynamic-clients for details.
+       #  If unspecified, defaults to "udp", which is the traditional
+       #  RADIUS transport.  It may also be "tcp", in which case the
+       #  server will accept connections from this client ONLY over TCP.
        #
-
-#      netmask = 32
+       proto = *
 
        #
        #  The shared secret use to "encrypt" and "sign" packets between
@@ -125,7 +115,7 @@ client localhost {
        #  domain name, or the IP address.
        #
        #  It is accepted for compatibility with 1.x, but it is no
-       #  longer necessary in 2.0
+       #  longer necessary in >= 2.0
        #
 #      shortname = localhost
 
@@ -181,6 +171,17 @@ client localhost {
 #      coa_server = coa
 
        #
+       #  Response window for proxied packets.  If non-zero,
+       #  then the lower of (home, client) response_window
+       #  will be used.
+       #
+       #  i.e. it can be used to lower the response_window
+       #  packets from one client to a home server.  It cannot
+       #  be used to raise the response_window.
+       #
+#      response_window = 10.0
+
+       #
        #  Connection limiting for clients using "proto = tcp".
        #
        #  This section is ignored for clients sending UDP traffic
@@ -216,20 +217,20 @@ client localhost {
 }
 
 # IPv6 Client
-#client ::1 {
-#      secret          = testing123
-#      shortname       = localhost
-#}
-#
+client localhost_ipv6 {
+       ipv6addr        = ::1
+       secret          = testing123
+}
+
 # All IPv6 Site-local clients
-#client fe80::/16 {
+#client sitelocal_ipv6 {
+#      ipv6addr        = fe80::/16
 #      secret          = testing123
-#      shortname       = localhost
 #}
 
-#client some.host.org {
+#client example.org {
+#      ipaddr          = radius.example.org
 #      secret          = testing123
-#      shortname       = localhost
 #}
 
 #
@@ -237,29 +238,14 @@ client localhost {
 #  When a client request comes in, the BEST match is chosen.
 #  i.e. The entry from the smallest possible network.
 #
-#client 192.0.2.0/24 {
+#client private-network-1 {
+#      ipaddr          = 192.0.2.0/24
 #      secret          = testing123-1
-#      shortname       = private-network-1
 #}
-#
-#client 198.51.100.0/24 {
-#      secret          = testing123-2
-#      shortname       = private-network-2
-#}
-
-
-#client 203.0.113.1 {
-#      # secret and password are mapped through the "secrets" file.
-#      secret          = testing123
-#      shortname       = liv1
-#}
-
-# The following three fields are optional, but may be used by
-# checkrad.pl for simultaneous usage checks
 
-#      nas_type        = livingston
-#      login           = !root
-#      password        = someadminpas
+#client private-network-2 {
+#      ipaddr          = 198.51.100.0/24
+#      secret          = testing123-2
 #}
 
 #######################################################################
@@ -275,7 +261,8 @@ client localhost {
 #  will then accept ONLY the clients listed in this section.
 #
 #clients per_socket_clients {
-#      client 192.0.2.4 {
+#      client socket_client {
+#              ipaddr = 192.0.2.4
 #              secret = testing123
 #      }
 #}