ansible/ManagedSP/templates/radsecproxy/radsecproxy.conf.j2
ListenUDP localhost:1812
ListenTLS {{ radius_sp_ip }}:2083
SourceUDP localhost
SourceTCP {{ radius_sp_ip }}
LogLevel 3
LogDestination x-syslog:///LOG_LOCAL0
loopprevention on
tls edupkiclient {
CACertificatePath /opt/radsecproxy/etc/radsecproxy.conf.d/eduPKI/ca-certs/
CertificateFile /opt/radsecproxy/etc/radsecproxy.conf.d/eduPKI/clientcert.pem
CertificateKeyFile /opt/radsecproxy/etc/radsecproxy.conf.d/eduPKI/clientcert.key
policyOID 1.3.6.1.4.1.25178.3.1.1
CRLCheck On
}
tls edupkiserver {
CACertificateFile /opt/radsecproxy/etc/radsecproxy.conf.d/eduPKI/ca-certs/
CertificateFile /opt/radsecproxy/etc/radsecproxy.conf.d/eduPKI/clientcert.pem
CertificateKeyFile /opt/radsecproxy/etc/radsecproxy.conf.d/eduPKI/clientcert.key
policyOID 1.3.6.1.4.1.25178.3.1.2
CRLCheck On
}
# Clients
Client FR {
type udp
host 83.212.102.35
secret 1qazxsw2
}
Client FR-local {
type udp
host 127.0.0.1
secret 1qazxsw2
}
Client incoming-tls {
type tls
tls edupkiclient
host 0.0.0.0/0
secret radsec
certificateNameCheck off
}
include /opt/radsecproxy/etc/radsecproxy.conf.d/servers.conf
# all realms we handle
include /opt/radsecproxy/etc/radsecproxy.conf.d/realms.conf