GEANT/CAT

ListenUDP       localhost:1812
ListenTLS       {{ radius_sp_ip }}:2083
SourceUDP       localhost
SourceTCP       {{ radius_sp_ip }}
LogLevel        3
LogDestination  x-syslog:///LOG_LOCAL0
loopprevention on

tls edupkiclient {
CACertificatePath    /opt/radsecproxy/etc/radsecproxy.conf.d/eduPKI/ca-certs/
CertificateFile      /opt/radsecproxy/etc/radsecproxy.conf.d/eduPKI/clientcert.pem
CertificateKeyFile   /opt/radsecproxy/etc/radsecproxy.conf.d/eduPKI/clientcert.key
policyOID 1.3.6.1.4.1.25178.3.1.1
CRLCheck On
}
tls edupkiserver {
CACertificateFile    /opt/radsecproxy/etc/radsecproxy.conf.d/eduPKI/ca-certs/
CertificateFile      /opt/radsecproxy/etc/radsecproxy.conf.d/eduPKI/clientcert.pem
CertificateKeyFile   /opt/radsecproxy/etc/radsecproxy.conf.d/eduPKI/clientcert.key
policyOID 1.3.6.1.4.1.25178.3.1.2
CRLCheck On
}

# Clients
Client FR {
type udp
host 83.212.102.35
secret 1qazxsw2
}
Client FR-local {
type udp
host 127.0.0.1
secret 1qazxsw2
}

Client incoming-tls {
type tls
tls edupkiclient
host 0.0.0.0/0
secret radsec
certificateNameCheck off
}

include /opt/radsecproxy/etc/radsecproxy.conf.d/servers.conf
# all realms we handle
include /opt/radsecproxy/etc/radsecproxy.conf.d/realms.conf