# You can optionally specify addresses and ports to listen on
# Multiple statements can be used for multiple ports/addresses
#ListenUDP *:1814
-#listenUDP localhost
+#ListenUDP localhost
#ListenTCP [2001:700:1:7:215:f2ff:fe35:307d]:1812
-#listenTLS 10.10.10.10:2084
+#ListenTLS 10.10.10.10:2084
#ListenTLS [2001:700:1:7:215:f2ff:fe35:307d]:2084
#ListenDTLS [2001:700:1:7:215:f2ff:fe35:307d]:2084
#SourceTCP *:33000
#SourceTLS *:33001
#SourceDTLS *:33001
-# Optional log level. 3 is default, 1 is less, 4 is more
+
+# Optional log level. 3 is default, 1 is less, 5 is more
#LogLevel 3
-# Optional LogDestinatinon, else stderr used for logging
+# Optional LogDestination, else stderr used for logging
# Logging to file
#LogDestination file:///tmp/rp.log
# Or logging with Syslog. LOG_DAEMON used if facility not specified
#LogDestination x-syslog:///
#LogDestination x-syslog:///log_local2
-# There is an option for doing some simple loop prevention
+# For generating log entries conforming to the F-Ticks system, specify
+# FTicksReporting with one of the following values.
+# None -- Do not log in F-Ticks format. This is the default.
+# Basic -- Do log in F-Ticks format but do not log VISINST.
+# Full -- Do log in F-Ticks format and do log VISINST.
+# Please note that in order to get F-Ticks logging for a given client,
+# its matching client configuration block has to contain the
+# fticksVISCOUNTRY option.
+
+# You can optionally specify FTicksMAC in order to determine if and
+# how Calling-Station-Id (users Ethernet MAC address) is being logged.
+# Static -- Use a static string as a placeholder for
+# Calling-Station-Id.
+# Original -- Log Calling-Station-Id as-is.
+# VendorHashed -- Keep first three segments as-is, hash the rest.
+# VendorKeyHashed -- Like VendorHashed but salt with F-Ticks-Key. This
+# is the default.
+# FullyHashed -- Hash the entire string.
+# FullyKeyHashed -- Like FullyHashed but salt with F-Ticks-Key.
+
+# In order to use FTicksMAC with one of VendorKeyHashed or
+# FullyKeyHashed, specify a key with FTicksKey.
+# FTicksKey <key>
+
+# Default F-Ticks configuration:
+#FTicksReporting None
+#FTicksMAC Static
+
+# You can optionally specify FTicksSyslogFacility to use a dedicated
+# syslog facility for F-Ticks messages. This allows for easier filtering
+# of F-Ticks messages.
+# F-Ticks messages are always logged using the log level LOG_DEBUG.
+# Note that specifying a file (using the file:/// prefix) is not supported.
+#FTicksSyslogFacility log_local1
+#FTicksSyslogFacility x-syslog:///log_local1
+
+# There is an option for doing some simple loop prevention. Note that
+# the LoopPrevention directive can be used in server blocks too,
+# overriding what's set here in the basic settings.
#LoopPrevention on
# Add TTL attribute with value 20 if not present (prevents endless loops)
-#addTTL 20
+#AddTTL 20
# If we have TLS clients or servers we must define at least one tls block.
# You can name them whatever you like and then reference them by name when
# Configure a rewrite block if you want to add/remove/modify attributes
# rewrite example {
+# # Remove NAS-Port.
# removeAttribute 5
+# # Remove vendor attribute 100.
# removeVendorAttribute 99:100
-# addAttribute 4 attribute%20value
-# modifyAttribute 1:/^(.*)@local$/$1@example.com/
+# # Called-Station-Id = "123456"
+# addAttribute 30:123456
+# # Vendor-99-Attr-101 = 0x0f
+# addVendorAttribute 99:101:%0f
+# # Change users @local to @example.com.
+# modifyAttribute 1:/^(.*)@local$/\1@example.com/
# }
-client 2001:db8::1 {
+client [2001:db8::1] {
type tls
secret verysecret
# we could specify tls here, e.g.
# rewriteIn example
# Can also do rewriting of outgoing messages
# rewriteOut example
+# Might override loop prevention here too:
+# LoopPrevention off
}
realm eduroam.cc {
server 127.0.0.1
# accountingServer 127.0.0.1
}
-server 2001:db8::1 {
+server [2001:db8::1] {
type TLS
port 2283
# secret is optional for TLS