EVOLUTION-MANAGER

Edit File: radiusclient-tls.conf

# RADIUS settings

# The name to be used to identify this NAS (server). If set it will
# be used in NAS-Identifier.
#nas-identifier my-server-name

# Override the IP (or IPv6) address of the NAS.
#nas-ip 	10.100.5.3
#nas-ip		::1

# RADIUS server to use for authentication requests.
# optionally you can specify a the port number on which is remote
# RADIUS listens separated by a colon from the hostname. if
# no port is specified /etc/services is consulted of the radius
# service. if this fails also a compiled in default is used.
# For IPv6 addresses use the '[IPv6]:port' format, or
# simply '[IPv6]'. You may specify more than a single server
# in a comma-separated list.
#
authserver	localhost:2083
#authserver	127.1.1.1:9999,172.17.0.1

# For DTLS with PSK authentication, the following format is valid:
#authserver	localhost:2083:psk@username@hexkey

# In TLS/DTLS the acct server directive is ignored.
#
acctserver	localhost:2083

# file holding PSKs used for the communication
# between the RADIUS client and server. They should
# be stored in "psk:username:hexkey" format.
#servers	/etc/radcli/servers-tls

# Dictionary of allowed attributes and values. That depends
# heavily on the features of your server. A default dictionary
# is installed in /usr/share/radcli/dictionary
dictionary	/etc/radcli/dictionary

# default authentication realm to append to all usernames if no
# realm was explicitly specified by the user
# the radiusd directly form Livingston doesnt use any realms, so leave
# it blank then
default_realm

# time to wait for a reply from the RADIUS server
radius_timeout	10

# resend request this many times before trying the next server
radius_retries	3

# local address from which radius packets have to be sent
bindaddr	*

# Namespace in which all sockets of Radcli are to be opened. This is effectively same as the 
# Radcli existing on that namespace.
# If commented out, the default existing Namespace will be used.                                    
#namespace   namespace-name

# Support for IPv6 non-temporary address support. This is an IPv6-only option
# and is valid only when IPv6 Privacy Extensions are enabled in system.
# If this option is set to "true", the radius packets will be sent with the
# IPv6 Global address and will not use the temporary adresses. If commented
# out, temporary IPv6 addresses will be used as source address for the packets
# sent.
#use-public-addr	true

# TLS/DTLS settings

# Transport Protocol Support
# Available options - 'tcp', 'udp', 'tls' and 'dtls'. 
# If commented out, udp will be used.
# TLS and DTLS authentication can be used with PSK keys or X.509 certificate 
# authentication (see below).
serv-type	tls

# The CA certificate to be used to verify the server's certificate.
# Does not need to be set if we are using PSK (pre-shared keys).
tls-ca-file	/etc/radcli/ca.pem

# Our certificate and key files. These identify this NAS to the
# radius servers. They don't need to be set if using PSK.
tls-cert-file	/etc/radcli/cert.pem
tls-key-file	/etc/radcli/key.pem

# Used for debugging purposed. It will disable hostname verification
# on the connected host. Not recommended to be enabled.
#tls-verify-hostname	false