summaryrefslogtreecommitdiff
path: root/data/templates/ipsec/charon/eap-radius.conf.tmpl
diff options
context:
space:
mode:
Diffstat (limited to 'data/templates/ipsec/charon/eap-radius.conf.tmpl')
-rw-r--r--data/templates/ipsec/charon/eap-radius.conf.tmpl115
1 files changed, 0 insertions, 115 deletions
diff --git a/data/templates/ipsec/charon/eap-radius.conf.tmpl b/data/templates/ipsec/charon/eap-radius.conf.tmpl
deleted file mode 100644
index b58022521..000000000
--- a/data/templates/ipsec/charon/eap-radius.conf.tmpl
+++ /dev/null
@@ -1,115 +0,0 @@
-eap-radius {
- # Send RADIUS accounting information to RADIUS servers.
- # accounting = no
-
- # Close the IKE_SA if there is a timeout during interim RADIUS accounting
- # updates.
- # accounting_close_on_timeout = yes
-
- # Interval in seconds for interim RADIUS accounting updates, if not
- # specified by the RADIUS server in the Access-Accept message.
- # accounting_interval = 0
-
- # If enabled, accounting is disabled unless an IKE_SA has at least one
- # virtual IP. Only for IKEv2, for IKEv1 a virtual IP is strictly necessary.
- # accounting_requires_vip = no
-
- # If enabled, adds the Class attributes received in Access-Accept message to
- # the RADIUS accounting messages.
- # accounting_send_class = no
-
- # Use class attributes in Access-Accept messages as group membership
- # information.
- # class_group = no
-
- # Closes all IKE_SAs if communication with the RADIUS server times out. If
- # it is not set only the current IKE_SA is closed.
- # close_all_on_timeout = no
-
- # Send EAP-Start instead of EAP-Identity to start RADIUS conversation.
- # eap_start = no
-
- # Use filter_id attribute as group membership information.
- # filter_id = no
-
- # Prefix to EAP-Identity, some AAA servers use a IMSI prefix to select the
- # EAP method.
- # id_prefix =
-
- # Whether to load the plugin. Can also be an integer to increase the
- # priority of this plugin.
- load = yes
-
- # NAS-Identifier to include in RADIUS messages.
- nas_identifier = {{ remote_access.radius.nas_identifier if remote_access.radius.nas_identifier is vyos_defined else 'strongSwan' }}
-
- # Port of RADIUS server (authentication).
- # port = 1812
-
- # Base to use for calculating exponential back off.
- # retransmit_base = 1.4
-
- # Timeout in seconds before sending first retransmit.
- # retransmit_timeout = 2.0
-
- # Number of times to retransmit a packet before giving up.
- # retransmit_tries = 4
-
- # Shared secret between RADIUS and NAS. If set, make sure to adjust the
- # permissions of the config file accordingly.
- # secret =
-
- # IP/Hostname of RADIUS server.
- # server =
-
- # Number of sockets (ports) to use, increase for high load.
- # sockets = 1
-
- # Whether to include the UDP port in the Called- and Calling-Station-Id
- # RADIUS attributes.
- # station_id_with_port = yes
-
- dae {
- # Enables support for the Dynamic Authorization Extension (RFC 5176).
- # enable = no
-
- # Address to listen for DAE messages from the RADIUS server.
- # listen = 0.0.0.0
-
- # Port to listen for DAE requests.
- # port = 3799
-
- # Shared secret used to verify/sign DAE messages. If set, make sure to
- # adjust the permissions of the config file accordingly.
- # secret =
- }
-
- forward {
- # RADIUS attributes to be forwarded from IKEv2 to RADIUS.
- # ike_to_radius =
-
- # Same as ike_to_radius but from RADIUS to IKEv2.
- # radius_to_ike =
- }
-
- # Section to specify multiple RADIUS servers.
- servers {
-{% if remote_access.radius.server is vyos_defined %}
-{% for server, server_options in remote_access.radius.server.items() if server_options.disable is not vyos_defined %}
- {{ server | replace('.', '-') }} {
- address = {{ server }}
- secret = {{ server_options.key }}
- auth_port = {{ server_options.port }}
-{% if server_options.disable_accounting is not vyos_defined %}
- acct_port = {{ server_options.port | int +1 }}
-{% endif %}
- sockets = 20
- }
-{% endfor %}
-{% endif %}
- }
-
- # Section to configure multiple XAuth authentication rounds via RADIUS.
- xauth {
- }
-}