This is an configuration file with TLS.
# RADIUS settings
# The name to be used to identify this NAS (server). If set it will
# be used in NAS-Identifier.
#nas-identifier my-server-name
# Override the IP (or IPv6) address of the NAS.
#nas-ip 10.100.5.3
#nas-ip ::1
# RADIUS server to use for authentication requests.
# optionally you can specify a the port number on which is remote
# RADIUS listens separated by a colon from the hostname. if
# no port is specified /etc/services is consulted of the radius
# service. if this fails also a compiled in default is used.
# For IPv6 addresses use the '[IPv6]:port' format, or
# simply '[IPv6]'. You may specify more than a single server
# in a comma-separated list.
#
authserver localhost:2083
#authserver 127.1.1.1:9999,172.17.0.1
# For DTLS with PSK authentication, the following format is valid:
#authserver localhost:2083:psk@username@hexkey
# In TLS/DTLS the acct server directive is ignored.
#
acctserver localhost:2083
# file holding PSKs used for the communication
# between the RADIUS client and server. They should
# be stored in "psk:username:hexkey" format.
#servers /usr/local/etc/radcli/servers-tls
# Dictionary of allowed attributes and values. That depends
# heavily on the features of your server. A default dictionary
# is installed in /usr/local/share/radcli/dictionary
dictionary /usr/local/etc/radcli/dictionary
# default authentication realm to append to all usernames if no
# realm was explicitly specified by the user
# the radiusd directly form Livingston doesn't use any realms, so leave
# it blank then
default_realm
# time to wait for a reply from the RADIUS server
radius_timeout 10
# resend request this many times before trying the next server
radius_retries 3
# local address from which radius packets have to be sent
bindaddr *
# Namespace in which all sockets of Radcli are to be opened. This is effectively same as the
# Radcli existing on that namespace.
# If commented out, the default existing Namespace will be used.
#namespace namespace-name
# Support for IPv6 non-temporary address support. This is an IPv6-only option
# and is valid only when IPv6 Privacy Extensions are enabled in system.
# If this option is set to "true", the radius packets will be sent with the
# IPv6 Global address and will not use the temporary addresses. If commented
# out, temporary IPv6 addresses will be used as source address for the packets
# sent.
#use-public-addr true
# TLS/DTLS settings
# Transport Protocol Support
# Available options - 'tcp', 'udp', 'tls' and 'dtls'.
# If commented out, udp will be used.
# TLS and DTLS authentication can be used with PSK keys or X.509 certificate
# authentication (see below).
serv-type tls
# The CA certificate to be used to verify the server's certificate.
# Does not need to be set if we are using PSK (pre-shared keys).
tls-ca-file /usr/local/etc/radcli/ca.pem
# Our certificate and key files. These identify this NAS to the
# radius servers. They don't need to be set if using PSK.
tls-cert-file /usr/local/etc/radcli/cert.pem
tls-key-file /usr/local/etc/radcli/key.pem
# Used for debugging purposed. It will disable hostname verification
# on the connected host. Not recommended to be enabled.
#tls-verify-hostname false
