#
# SOURCES
#

# For each port you specify here, the server creates an UDP socket to listen
# on, by default bound to the wildcard address 0.0.0.0. You an supply a list of
# addresses as well; the server will then take one from the list in order for
# each socket that is created.

source (port=1812,
	port=1813),


#
# INTERFACES
#

include configuration.postgres,

# Uncomment this and the corresponding block in the behaviour file
# if you want to run a proxy.

interface (name="Trustedproxy",
	   sendattr="no:RAD-Packet",
	   sendattr="no:RAD-Identifier",
	   sendattr="no:RAD-Length",
	   sendattr="no:RAD-Authenticator",
	   sendattr="no:RAD-Attributes",
	   sendattr="rep:Target-Server",
	   sendattr="req:any",			# send: wildcard must be last
	   prog="radclient -C",
	   recvattr="rep:any",
	   recvattr="no:RAD-Packet",		# recv: all "no"s override rest 
	   recvattr="no:RAD-Identifier",
	   recvattr="no:RAD-Length",
	   recvattr="no:RAD-Authenticator",
	   recvattr="no:RAD-Attributes",
	   flags=Ascii + Short-Attr,
	   window=256,
	   jobticket="Radclient-Query-Id",
	   timeout=300),			# For async interfaces (window
						# > 1) this is the lifetime of
						# the oldest request. It's
						# a subprocess guard timer, not
						# a request timeout.

# Uncomment this if you run a multi-step authentication protocol 
# that involves statekeeping across RADIUS requests

interface (name="Memory",
	   sendattr="op",
	   sendattr="key",
	   sendattr="strval",
	   sendattr="ordval",
	   prog="memory",
	   timeout=5),

# Uncomment this if you run EAP 

interface (name="Ascdebug",
	   prog="radlogger",
	   flags=Ascii + Double-Backslash,
	   timeout=60),

interface (name="Bindebug",
	   prog="debug",
	   timeout=60),

interface (name="Ttls", 
	   sendattr="Transaction-Id",
	   sendattr="Response-TTLS-Flags",
	   sendattr="Response-TTLS-Data",
	   sendattr="Framed-MTU",
#	   prog="eaptls -d -s 37482101",
#	   prog="eaptls -d -s 37482101",
	   prog="eaptls -d -s 37482101",
	   pidattr="Pid-Tls",			# route whole session to same
	   					# subprocess
	   timeout=5),

# Keys for signing State and Class attributes

REQ:Process-Secret = random 8,		# Valid during lifetime of process
REQ:Server-Secret = random 8,		# You should replace this with static 
					# key that's valid for the lifetime of
					# the current configuration. There's
					# no default provided, because that
					# would defeat the point. We may later
					# generate something while installing.

