# You can optionally specify addresses and ports to listen on
# Multiple statements can be used for multiple ports/addresses
#ListenUDP *:1814
-#listenUDP localhost
+#ListenUDP localhost
#ListenTCP [2001:700:1:7:215:f2ff:fe35:307d]:1812
-#listenTLS 10.10.10.10:2084
+#ListenTLS 10.10.10.10:2084
#ListenTLS [2001:700:1:7:215:f2ff:fe35:307d]:2084
#ListenDTLS [2001:700:1:7:215:f2ff:fe35:307d]:2084
#LogDestination x-syslog:///log_local2
# For generating log entries conforming to the F-Ticks system, specify
-# F-Ticks-Reporting with one of
+# FTicksReporting with one of the following values.
# None -- Do not log in F-Ticks format. This is the default.
# Basic -- Do log in F-Ticks format but do not log VISINST.
# Full -- Do log in F-Ticks format and do log VISINST.
+# Please note that in order to get F-Ticks logging for a given client,
+# its matching client configuration block has to contain the
+# fticksVISCOUNTRY option.
-# You can optionally specify F-Ticks-MAC in order to determine if and
-# how Calling-Station-Id is logged.
+# You can optionally specify FTicksMAC in order to determine if and
+# how Calling-Station-Id (users Ethernet MAC address) is being logged.
# Static -- Use a static string as a placeholder for
-# Calling-Station-Id. This is the default.
+# Calling-Station-Id.
# Original -- Log Calling-Station-Id as-is.
# VendorHashed -- Keep first three segments as-is, hash the rest.
-# VendorKeyHashed -- Like VendorHashed but salt with F-Ticks-Key.
+# VendorKeyHashed -- Like VendorHashed but salt with F-Ticks-Key. This
+# is the default.
# FullyHashed -- Hash the entire string.
# FullyKeyHashed -- Like FullyHashed but salt with F-Ticks-Key.
-# In order to use F-Ticks-MAC with one of VendorKeyHashed or
-# FullyKeyHashed, specify a key with F-Ticks-Key.
-# F-Ticks-Key <key>
+# In order to use FTicksMAC with one of VendorKeyHashed or
+# FullyKeyHashed, specify a key with FTicksKey.
+# FTicksKey <key>
# Default F-Ticks configuration:
-#F-Ticks-Reporting None
-#F-Ticks-Mac FullyKeyHashed
+#FTicksReporting None
+#FTicksMAC Static
+
+# You can optionally specify FTicksSyslogFacility to use a dedicated
+# syslog facility for F-Ticks messages. This allows for easier filtering
+# of F-Ticks messages.
+# F-Ticks messages are always logged using the log level LOG_DEBUG.
+# Note that specifying a file (using the file:/// prefix) is not supported.
+#FTicksSyslogFacility log_local1
+#FTicksSyslogFacility x-syslog:///log_local1
# There is an option for doing some simple loop prevention. Note that
# the LoopPrevention directive can be used in server blocks too,
# overriding what's set here in the basic settings.
#LoopPrevention on
# Add TTL attribute with value 20 if not present (prevents endless loops)
-#addTTL 20
+#AddTTL 20
# If we have TLS clients or servers we must define at least one tls block.
# You can name them whatever you like and then reference them by name when
# modifyAttribute 1:/^(.*)@local$/\1@example.com/
# }
-client 2001:db8::1 {
+client [2001:db8::1] {
type tls
secret verysecret
# we could specify tls here, e.g.
# accountingServer 127.0.0.1
}
-server 2001:db8::1 {
+server [2001:db8::1] {
type TLS
port 2283
# secret is optional for TLS
projects / libradsec.git / blobdiff