#
# SOURCES
#

# For each port you specify here, the server creates an UDP socket to listen
# on, by default bound to the wildcard address 0.0.0.0. You an supply a list of
# addresses as well; the server will then take one from the list in order for
# each socket that is created.

source (port=1812,
	port=1813),

#
# INTERFACES
#

include configuration.postgres,

# Uncomment this and the corresponding block in the behaviour file
# if you want to run a proxy.

interface (name="Trustedproxy",
	   sendattr="rep:Target-Server",
	   sendattr="req:RAD-Code",
	   sendattr="req:RAD-ATR:Any",		# send: wildcards must be last
	   prog="radclient -C",
	   recvattr="rep:RAD-ATR:Any",
	   recvattr="rep:RAD-Code",
	   flags=Ascii + Short-Attr,
	   window=256,
	   jobticket="Radclient-Query-Id",
	   timeout=300),			# For async interfaces (window
						# > 1) this is the lifetime of
						# the oldest request. It's
						# a subprocess guard timer, not
						# a request timeout.

# Uncomment this if you run a multi-step authentication protocol 
# that involves statekeeping across RADIUS requests. All pseudo-attributes
# in the PERSIST space will be sent to the module and received to the 
# request list.

interface (name="Memory",
	   sendattr="op",
	   sendattr="key",
	   sendattr="req:PERSIST:Any",
	   prog="memory -d",
	   recvattr="req:PERSIST:Any",
	   recvattr="rep:key",
	   timeout=5),

# Uncomment this if you run EAP 

interface (name="Ascdebug",
	   prog="radlogger",
	   flags=Ascii + Double-Backslash,
	   timeout=60),

interface (name="Bindebug",
	   prog="debug",
	   timeout=60),

interface (name="Tls", 
	   sendattr="Transaction-Id",
	   sendattr="Response-TLS-Flags",
	   sendattr="Response-TLS-Data",
	   sendattr="Framed-MTU",
	   sendattr="TLS-Action",
	   sendattr="TLS-Payload",
	   prog="eaptls -d -s 37481301 -c",
	   pidattr="Pid-Tls",			# route whole session to same
	   					# subprocess
	   timeout=5),

interface (name="Ttls", 
	   sendattr="Transaction-Id",
	   sendattr="Response-TTLS-Flags",
	   sendattr="Response-TTLS-Data",
	   sendattr="Framed-MTU",
	   sendattr="TLS-Action",
	   sendattr="TLS-Payload",
	   prog="eaptls -d -s 37482101 -p 35880000 -td -l ttls#keying#material",
#	   prog="/usr/bin/strace -o /home/emile/work/or/current/st /usr/local/lib/openradius/eaptls -d -s 37482101 -p 35880000 -td",
#	   prog="/usr/bin/valgrind -v --log-file=/home/emile/work/or/current/vg --show-reachable=yes /usr/local/lib/openradius/eaptls -d -s 37482101 -p 35880000 -td",
	   pidattr="Pid-Tls",			# route whole session to same
	   					# subprocess
	   timeout=5),

# Keys for signing State and Class attributes

REQ:Process-Secret = random 8,		# Valid during lifetime of process
REQ:Server-Secret = random 8,		# You should replace this with static 
					# key that's valid for the lifetime of
					# the current configuration. There's
					# no default provided, because that
					# would defeat the point. We may later
					# generate something while installing.

