# Master config file for radsecproxy

# Radius UDP Traffic
ListenUDP *:1812
ListenUDP *:1813

# needed for logging of usernames
LogLevel		3
LogDestination          x-syslog:///LOG_LOCAL0

LoopPrevention		on


# The simplest configuration you can do is:
tls default {
  CACertificatePath   /etc/radsecproxy/ca-certificates/
  CertificateFile     /etc/radsecproxy/radius-ext-cert-with-chain.pem
  CertificateKeyFile  /etc/radsecproxy/radius-ext-key.pem
}

# Clients

client wireswitch-cbf01 {
   host 10.32.35.240
   type udp
   secret another_secret
}

client wireswitch-cvk01 {
   host 10.32.35.241
   type udp
   secret another_secret
}

client wireswitch-labor {
   host 10.32.35.242
   type udp
   secret another_secret
}

client wireswitch-ccm01 {
   host 10.32.35.243
   type udp
   secret another_secret
}

client wifiswitch05 {
   host 10.32.35.244
   type udp
   secret another_secret
}

client wifiswitch-ent03 {
   host 10.32.35.247
   type udp
   secret another_secret
}

client wifiswitch-ent04 {
   host 10.32.35.248
   type udp
   secret another_secret
}

client nac-wifi-labor {
   host 10.32.36.23
   type udp
   secret another_secret
}

client nac-wifi-01 {
   host 10.32.36.24
   type udp
   secret another_secret
}

client transit {
   host 141.42.1.192/26
   type udp
   secret another_secret
}

client netz-dev2 {
   host 10.32.36.250
   type udp
   secret another_secret
}

client radius-wlan2 {
   host 10.32.36.38
   type udp
   secret another_secret
}

client tlr1 {
   host 193.174.75.134
   type tls
   certificatenamecheck off
   matchCertificateAttribute CN:/^(radius1\.dfn|tld1\.eduroam)\.de$/
}

client tlr2 {
   host 193.174.75.138
   type tls
   certificatenamecheck off
   matchCertificateAttribute CN:/^(radius2\.dfn|tld2\.eduroam)\.de$/
}

# Servers
server radius-wlan2 {
   host radius-wlan2.charite.de
   type udp
   port 21812
   secret another_secret
}

server radius-wlan2-accounting {
   host radius-wlan2.charite.de
   type udp
   port 21813
   secret another_secret
}

server tlr1 {
   host 193.174.75.134
   type tls
   certificatenamecheck off
   matchCertificateAttribute CN:/^(radius1\.dfn|tld1\.eduroam)\.de$/     
   StatusServer on
}

server tlr2 {
   host 193.174.75.138
   type tls
   certificatenamecheck off
   matchCertificateAttribute CN:/^(radius2\.dfn|tld2\.eduroam)\.de$/
   StatusServer on
}

# Unser Realm
realm charite.de {
   server radius-wlan2
#   accountingServer radius-wlan2-accounting
}

realm * {
   server tlr1
   server tlr2
   accountingserver tlr1
   accountingserver tlr2
}