diff options
Diffstat (limited to 'recipes-security/freediameter/files/freeDiameter.conf')
-rw-r--r-- | recipes-security/freediameter/files/freeDiameter.conf | 250 |
1 files changed, 0 insertions, 250 deletions
diff --git a/recipes-security/freediameter/files/freeDiameter.conf b/recipes-security/freediameter/files/freeDiameter.conf deleted file mode 100644 index 7b56d74..0000000 --- a/recipes-security/freediameter/files/freeDiameter.conf +++ /dev/null | |||
@@ -1,250 +0,0 @@ | |||
1 | # This is a sample configuration file for freeDiameter daemon. | ||
2 | |||
3 | # Most of the options can be omitted, as they default to reasonable values. | ||
4 | # Only TLS-related options must be configured properly in usual setups. | ||
5 | |||
6 | # It is possible to use "include" keyword to import additional files | ||
7 | # e.g.: include "/etc/freeDiameter.d/*.conf" | ||
8 | # This is exactly equivalent as copy & paste the content of the included file(s) | ||
9 | # where the "include" keyword is found. | ||
10 | |||
11 | |||
12 | ############################################################## | ||
13 | ## Peer identity and realm | ||
14 | |||
15 | # The Diameter Identity of this daemon. | ||
16 | # This must be a valid FQDN that resolves to the local host. | ||
17 | # Default: hostname's FQDN | ||
18 | #Identity = "aaa.koganei.freediameter.net"; | ||
19 | |||
20 | # The Diameter Realm of this daemon. | ||
21 | # Default: the domain part of Identity (after the first dot). | ||
22 | #Realm = "koganei.freediameter.net"; | ||
23 | |||
24 | ############################################################## | ||
25 | ## Transport protocol configuration | ||
26 | |||
27 | # The port this peer is listening on for incoming connections (TCP and SCTP). | ||
28 | # Default: 3868. Use 0 to disable. | ||
29 | #Port = 3868; | ||
30 | |||
31 | # The port this peer is listening on for incoming TLS-protected connections (TCP and SCTP). | ||
32 | # See TLS_old_method for more information about TLS flavours. | ||
33 | # Note: we use TLS/SCTP instead of DTLS/SCTP at the moment. This will change in future version of freeDiameter. | ||
34 | # Default: 5868. Use 0 to disable. | ||
35 | #SecPort = 5868; | ||
36 | |||
37 | # Use RFC3588 method for TLS protection, where TLS is negociated after CER/CEA exchange is completed | ||
38 | # on the unsecure connection. The alternative is RFC6733 mechanism, where TLS protects also the | ||
39 | # CER/CEA exchange on a dedicated secure port. | ||
40 | # This parameter only affects outgoing connections. | ||
41 | # The setting can be also defined per-peer (see Peers configuration section). | ||
42 | # Default: use RFC6733 method with separate port for TLS. | ||
43 | #TLS_old_method; | ||
44 | |||
45 | # Disable use of TCP protocol (only listen and connect over SCTP) | ||
46 | # Default : TCP enabled | ||
47 | #No_TCP; | ||
48 | |||
49 | # Disable use of SCTP protocol (only listen and connect over TCP) | ||
50 | # Default : SCTP enabled | ||
51 | #No_SCTP; | ||
52 | # This option is ignored if freeDiameter is compiled with DISABLE_SCTP option. | ||
53 | |||
54 | # Prefer TCP instead of SCTP for establishing new connections. | ||
55 | # This setting may be overwritten per peer in peer configuration blocs. | ||
56 | # Default : SCTP is attempted first. | ||
57 | #Prefer_TCP; | ||
58 | |||
59 | # Default number of streams per SCTP associations. | ||
60 | # This setting may be overwritten per peer basis. | ||
61 | # Default : 30 streams | ||
62 | #SCTP_streams = 30; | ||
63 | |||
64 | ############################################################## | ||
65 | ## Endpoint configuration | ||
66 | |||
67 | # Disable use of IP addresses (only IPv6) | ||
68 | # Default : IP enabled | ||
69 | #No_IP; | ||
70 | |||
71 | # Disable use of IPv6 addresses (only IP) | ||
72 | # Default : IPv6 enabled | ||
73 | #No_IPv6; | ||
74 | |||
75 | # Specify local addresses the server must bind to | ||
76 | # Default : listen on all addresses available. | ||
77 | #ListenOn = "202.249.37.5"; | ||
78 | #ListenOn = "2001:200:903:2::202:1"; | ||
79 | #ListenOn = "fe80::21c:5ff:fe98:7d62%eth0"; | ||
80 | |||
81 | |||
82 | ############################################################## | ||
83 | ## Server configuration | ||
84 | |||
85 | # How many Diameter peers are allowed to be connecting at the same time ? | ||
86 | # This parameter limits the number of incoming connections from the time | ||
87 | # the connection is accepted until the first CER is received. | ||
88 | # Default: 5 unidentified clients in paralel. | ||
89 | #ThreadsPerServer = 5; | ||
90 | |||
91 | ############################################################## | ||
92 | ## TLS Configuration | ||
93 | |||
94 | # TLS is managed by the GNUTLS library in the freeDiameter daemon. | ||
95 | # You may find more information about parameters and special behaviors | ||
96 | # in the relevant documentation. | ||
97 | # http://www.gnu.org/software/gnutls/manual/ | ||
98 | |||
99 | # Credentials of the local peer | ||
100 | # The X509 certificate and private key file to use for the local peer. | ||
101 | # The files must contain PKCS-1 encoded RSA key, in PEM format. | ||
102 | # (These parameters are passed to gnutls_certificate_set_x509_key_file function) | ||
103 | # Default : NO DEFAULT | ||
104 | #TLS_Cred = "<x509 certif file.PEM>" , "<x509 private key file.PEM>"; | ||
105 | #TLS_Cred = "/etc/ssl/certs/freeDiameter.pem", "/etc/ssl/private/freeDiameter.key"; | ||
106 | |||
107 | # Certificate authority / trust anchors | ||
108 | # The file containing the list of trusted Certificate Authorities (PEM list) | ||
109 | # (This parameter is passed to gnutls_certificate_set_x509_trust_file function) | ||
110 | # The directive can appear several times to specify several files. | ||
111 | # Default : GNUTLS default behavior | ||
112 | #TLS_CA = "<file.PEM>"; | ||
113 | |||
114 | # Certificate Revocation List file | ||
115 | # The information about revoked certificates. | ||
116 | # The file contains a list of trusted CRLs in PEM format. They should have been verified before. | ||
117 | # (This parameter is passed to gnutls_certificate_set_x509_crl_file function) | ||
118 | # Note: openssl CRL format might have interoperability issue with GNUTLS format. | ||
119 | # Default : GNUTLS default behavior | ||
120 | #TLS_CRL = "<file.PEM>"; | ||
121 | |||
122 | # GNU TLS Priority string | ||
123 | # This string allows to configure the behavior of GNUTLS key exchanges | ||
124 | # algorithms. See gnutls_priority_init function documentation for information. | ||
125 | # You should also refer to the Diameter required TLS support here: | ||
126 | # http://tools.ietf.org/html/rfc6733#section-13.1 | ||
127 | # Default : "NORMAL" | ||
128 | # Example: TLS_Prio = "NONE:+VERS-TLS1.1:+AES-128-CBC:+RSA:+SHA1:+COMP-NULL"; | ||
129 | #TLS_Prio = "NORMAL"; | ||
130 | |||
131 | # Diffie-Hellman parameters size | ||
132 | # Set the number of bits for generated DH parameters | ||
133 | # Valid value should be 768, 1024, 2048, 3072 or 4096. | ||
134 | # (This parameter is passed to gnutls_dh_params_generate2 function, | ||
135 | # it usually should match RSA key size) | ||
136 | # Default : 1024 | ||
137 | #TLS_DH_Bits = 1024; | ||
138 | |||
139 | # Alternatively, you can specify a file to load the PKCS#3 encoded | ||
140 | # DH parameters directly from. This accelerates the daemon start | ||
141 | # but is slightly less secure. If this file is provided, the | ||
142 | # TLS_DH_Bits parameters has no effect. | ||
143 | # Default : no default. | ||
144 | #TLS_DH_File = "<file.PEM>"; | ||
145 | |||
146 | |||
147 | ############################################################## | ||
148 | ## Timers configuration | ||
149 | |||
150 | # The Tc timer of this peer. | ||
151 | # It is the delay before a new attempt is made to reconnect a disconnected peer. | ||
152 | # The value is expressed in seconds. The recommended value is 30 seconds. | ||
153 | # Default: 30 | ||
154 | #TcTimer = 30; | ||
155 | |||
156 | # The Tw timer of this peer. | ||
157 | # It is the delay before a watchdog message is sent, as described in RFC 3539. | ||
158 | # The value is expressed in seconds. The default value is 30 seconds. Value must | ||
159 | # be greater or equal to 6 seconds. See details in the RFC. | ||
160 | # Default: 30 | ||
161 | #TwTimer = 30; | ||
162 | |||
163 | ############################################################## | ||
164 | ## Applications configuration | ||
165 | |||
166 | # Disable the relaying of Diameter messages? | ||
167 | # For messages not handled locally, the default behavior is to forward the | ||
168 | # message to another peer if any is available, according to the routing | ||
169 | # algorithms. In addition the "0xffffff" application is advertised in CER/CEA | ||
170 | # exchanges. | ||
171 | # Default: Relaying is enabled. | ||
172 | #NoRelay; | ||
173 | |||
174 | # Number of server threads that can handle incoming messages at the same time. | ||
175 | # Default: 4 | ||
176 | #AppServThreads = 4; | ||
177 | |||
178 | # Other applications are configured by loaded extensions. | ||
179 | |||
180 | ############################################################## | ||
181 | ## Extensions configuration | ||
182 | |||
183 | # The freeDiameter framework merely provides support for | ||
184 | # Diameter Base Protocol. The specific application behaviors, | ||
185 | # as well as advanced functions, are provided | ||
186 | # by loadable extensions (plug-ins). | ||
187 | # These extensions may in addition receive the name of a | ||
188 | # configuration file, the format of which is extension-specific. | ||
189 | # | ||
190 | # Format: | ||
191 | #LoadExtension = "/path/to/extension" [ : "/optional/configuration/file" ] ; | ||
192 | # | ||
193 | # Examples: | ||
194 | #LoadExtension = "extensions/sample.fdx"; | ||
195 | #LoadExtension = "extensions/sample.fdx":"conf/sample.conf"; | ||
196 | |||
197 | # Extensions are named as follow: | ||
198 | # dict_* for extensions that add content to the dictionary definitions. | ||
199 | # dbg_* for extensions useful only to retrieve more information on the framework execution. | ||
200 | # acl_* : Access control list, to control which peers are allowed to connect. | ||
201 | # rt_* : routing extensions that impact how messages are forwarded to other peers. | ||
202 | # app_* : applications, these extensions usually register callbacks to handle specific messages. | ||
203 | # test_* : dummy extensions that are useful only in testing environments. | ||
204 | |||
205 | |||
206 | # The dbg_msg_dump.fdx extension allows you to tweak the way freeDiameter displays some | ||
207 | # information about some events. This extension does not actually use a configuration file | ||
208 | # but receives directly a parameter in the string passed to the extension. Here are some examples: | ||
209 | ## LoadExtension = "dbg_msg_dumps.fdx" : "0x1111"; # Removes all default hooks, very quiet even in case of errors. | ||
210 | ## LoadExtension = "dbg_msg_dumps.fdx" : "0x2222"; # Display all events with few details. | ||
211 | ## LoadExtension = "dbg_msg_dumps.fdx" : "0x0080"; # Dump complete information about sent and received messages. | ||
212 | # The four digits respectively control: connections, routing decisions, sent/received messages, errors. | ||
213 | # The values for each digit are: | ||
214 | # 0 - default - keep the default behavior | ||
215 | # 1 - quiet - remove any specific log | ||
216 | # 2 - compact - display only a summary of the information | ||
217 | # 4 - full - display the complete information on a single long line | ||
218 | # 8 - tree - display the complete information in an easier to read format spanning several lines. | ||
219 | |||
220 | |||
221 | ############################################################## | ||
222 | ## Peers configuration | ||
223 | |||
224 | # The local server listens for incoming connections. By default, | ||
225 | # all unknown connecting peers are rejected. Extensions can override this behavior (e.g., acl_wl). | ||
226 | # | ||
227 | # In addition to incoming connections, the local peer can | ||
228 | # be configured to establish and maintain connections to some | ||
229 | # Diameter nodes and allow connections from these nodes. | ||
230 | # This is achieved with the ConnectPeer directive described below. | ||
231 | # | ||
232 | # Note that the configured Diameter Identity MUST match | ||
233 | # the information received inside CEA, or the connection will be aborted. | ||
234 | # | ||
235 | # Format: | ||
236 | #ConnectPeer = "diameterid" [ { parameter1; parameter2; ...} ] ; | ||
237 | # Parameters that can be specified in the peer's parameter list: | ||
238 | # No_TCP; No_SCTP; No_IP; No_IPv6; Prefer_TCP; TLS_old_method; | ||
239 | # No_TLS; # assume transparent security instead of TLS. DTLS is not supported yet (will change in future versions). | ||
240 | # Port = 5868; # The port to connect to | ||
241 | # TcTimer = 30; | ||
242 | # TwTimer = 30; | ||
243 | # ConnectTo = "202.249.37.5"; | ||
244 | # ConnectTo = "2001:200:903:2::202:1"; | ||
245 | # TLS_Prio = "NORMAL"; | ||
246 | # Realm = "realm.net"; # Reject the peer if it does not advertise this realm. | ||
247 | # Examples: | ||
248 | #ConnectPeer = "aaa.wide.ad.jp"; | ||
249 | #ConnectPeer = "old.diameter.serv" { TcTimer = 60; TLS_old_method; No_SCTP; Port=3868; } ; | ||
250 | ############################################################## | ||