# Configuration file for radsecproxy(8). # Refer to man page radsecproxy.conf(5) or example config with all options # /usr/share/doc/radsecproxy/radsecproxy.conf-example. ## Global options # Log to syslog. LOG_DAEMON used if facility not specified. The supported # facilities are LOG_DAEMON, LOG_MAIL, LOG_USER and LOG_LOCAL0 ... LOG_LOCAL7. LogDestination x-syslog:/// # Optional log level. 3 is default, 1 is less, 5 is more #LogLevel 3 # Enable simple loop prevention. Note that this directive can be used in server # blocks too, overriding what's set here in the basic settings. #LoopPrevention on # Add TTL attribute with value 20 if not present (prevents endless loops) #AddTTL 20 # If we have TLS clients or servers we must define at least one tls block. # The simplest configuration you can do is: #tls default { # You must specify at least one of CACertificateFile or CACertificatePath # for TLS to work. We always verify peer certificate (client and server) #CACertificatePath /etc/ssl/certs # You must specify the below for TLS, we always present our certificate #CertificateFile /etc/ssl/radsecproxy/host.example.com.crt #CertificateKeyFile /etc/ssl/radsecproxy/host.example.com.key #} ## Clients, servers and realms # Example config for localhost, rejecting all users. client localhost { type udp secret change-me } server 127.0.0.1 { type udp secret change-me } realm * { replymessage "User unknown" }