# You can optionally specify addresses and ports to listen on
# Multiple statements can be used for multiple ports/addresses
#ListenUDP *:1814
-#listenUDP localhost
+#ListenUDP localhost
#ListenTCP [2001:700:1:7:215:f2ff:fe35:307d]:1812
-#listenTLS 10.10.10.10:2084
+#ListenTLS 10.10.10.10:2084
#ListenTLS [2001:700:1:7:215:f2ff:fe35:307d]:2084
#ListenDTLS [2001:700:1:7:215:f2ff:fe35:307d]:2084
#SourceTCP *:33000
#SourceTLS *:33001
#SourceDTLS *:33001
+
# Optional log level. 3 is default, 1 is less, 5 is more
#LogLevel 3
# Optional LogDestination, else stderr used for logging
#LogDestination x-syslog:///
#LogDestination x-syslog:///log_local2
+# For generating log entries conforming to the F-Ticks system, specify
+# FTicksReporting with one of the following values.
+# None -- Do not log in F-Ticks format. This is the default.
+# Basic -- Do log in F-Ticks format but do not log VISINST.
+# Full -- Do log in F-Ticks format and do log VISINST.
+# Please note that in order to get F-Ticks logging for a given client,
+# its matching client configuration block has to contain the
+# fticksVISCOUNTRY option.
+
+# You can optionally specify FTicksMAC in order to determine if and
+# how Calling-Station-Id (users Ethernet MAC address) is being logged.
+# Static -- Use a static string as a placeholder for
+# Calling-Station-Id.
+# Original -- Log Calling-Station-Id as-is.
+# VendorHashed -- Keep first three segments as-is, hash the rest.
+# VendorKeyHashed -- Like VendorHashed but salt with F-Ticks-Key. This
+# is the default.
+# FullyHashed -- Hash the entire string.
+# FullyKeyHashed -- Like FullyHashed but salt with F-Ticks-Key.
+
+# In order to use FTicksMAC with one of VendorKeyHashed or
+# FullyKeyHashed, specify a key with FTicksKey.
+# FTicksKey <key>
+
+# Default F-Ticks configuration:
+#FTicksReporting None
+#FTicksMAC Static
+
+# You can optionally specify FTicksSyslogFacility to use a dedicated
+# syslog facility for F-Ticks messages. This allows for easier filtering
+# of F-Ticks messages.
+# F-Ticks messages are always logged using the log level LOG_DEBUG.
+# Note that specifying a file (using the file:/// prefix) is not supported.
+#FTicksSyslogFacility log_local1
+#FTicksSyslogFacility x-syslog:///log_local1
+
# There is an option for doing some simple loop prevention. Note that
# the LoopPrevention directive can be used in server blocks too,
# overriding what's set here in the basic settings.
#LoopPrevention on
# Add TTL attribute with value 20 if not present (prevents endless loops)
-#addTTL 20
+#AddTTL 20
# If we have TLS clients or servers we must define at least one tls block.
# You can name them whatever you like and then reference them by name when
# modifyAttribute 1:/^(.*)@local$/\1@example.com/
# }
-client 2001:db8::1 {
+client [2001:db8::1] {
type tls
secret verysecret
# we could specify tls here, e.g.
# accountingServer 127.0.0.1
}
-server 2001:db8::1 {
+server [2001:db8::1] {
type TLS
port 2283
# secret is optional for TLS
projects / libradsec.git / blobdiff