1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
|
<!-- Creator : groff version 1.22.2 -->
<!-- CreationDate: Mon Mar 14 15:43:25 2016 -->
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta name="generator" content="groff -Thtml, see www.gnu.org">
<meta http-equiv="Content-Type" content="text/html; charset=US-ASCII">
<meta name="Content-Style" content="text/css">
<style type="text/css">
p { margin-top: 0; margin-bottom: 0; vertical-align: top }
pre { margin-top: 0; margin-bottom: 0; vertical-align: top }
table { margin-top: 0; margin-bottom: 0; vertical-align: top }
h1 { text-align: center }
</style>
<title>radsecproxy</title>
</head>
<body>
<h1 align="center">radsecproxy</h1>
<a href="#NAME">NAME</a><br>
<a href="#SYNOPSIS">SYNOPSIS</a><br>
<a href="#DESCRIPTION">DESCRIPTION</a><br>
<a href="#OPTIONS">OPTIONS</a><br>
<a href="#SIGNALS">SIGNALS</a><br>
<a href="#FILES">FILES</a><br>
<a href="#SEE ALSO">SEE ALSO</a><br>
<hr>
<h2>NAME
<a name="NAME"></a>
</h2>
<p style="margin-left:11%; margin-top: 1em">radsecproxy - a
generic RADIUS proxy that provides both RADIUS UDP and
TCP/TLS (RadSec) transport.</p>
<h2>SYNOPSIS
<a name="SYNOPSIS"></a>
</h2>
<table width="100%" border="0" rules="none" frame="void"
cellspacing="0" cellpadding="0">
<tr valign="top" align="left">
<td width="11%"></td>
<td width="89%">
<p style="margin-top: 1em">radsecproxy [−c
configfile] [−d debuglevel] [−f] [−i
pidfile] [−p] [−v]</p></td></tr>
</table>
<h2>DESCRIPTION
<a name="DESCRIPTION"></a>
</h2>
<p style="margin-left:11%; margin-top: 1em">radsecproxy is
a <b>generic RADIUS proxy</b> that in addition to to usual
<b>RADIUS UDP</b> transport, also supports <b>TLS
(RadSec)</b>. The aim is for the proxy to have sufficient
features to be flexible, while at the same time to be small,
efficient and easy to configure. Currently the executable on
Linux is only about <i>48 KB</i>, and it uses about <i>64
KB</i> (depending on the number of peers) while running.</p>
<p style="margin-left:11%; margin-top: 1em">The proxy was
initially made to be able to deploy <b>RadSec</b> (RADIUS
over TLS) so that all RADIUS communication across network
links could be done using TLS, without modifying existing
RADIUS software. This can be done by running this proxy on
the same host as an existing RADIUS server or client, and
configure the existing client/server to talk to localhost
(the proxy) rather than other clients and servers
directly.</p>
<p style="margin-left:11%; margin-top: 1em">There are
however other situations where a RADIUS proxy might be
useful. Some people deploy RADIUS topologies where they want
to route RADIUS messages to the right server. The nodes that
do purely routing could be using a proxy. Some people may
also wish to deploy a proxy on a site boundary. Since the
proxy <b>supports both IPv4 and IPv6</b>, it could also be
used to allow communication in cases where some RADIUS nodes
use only IPv4 and some only IPv6.</p>
<h2>OPTIONS
<a name="OPTIONS"></a>
</h2>
<table width="100%" border="0" rules="none" frame="void"
cellspacing="0" cellpadding="0">
<tr valign="top" align="left">
<td width="11%"></td>
<td width="3%">
<p style="margin-top: 1em"><b>−f</b></p></td>
<td width="8%"></td>
<td width="26%">
<p style="margin-top: 1em"><i>Run in foreground</i></p></td>
<td width="52%">
</td></tr>
</table>
<p style="margin-left:22%; margin-top: 1em">By specifying
this option, the proxy will run in foreground mode. That is,
it won’t detach. Also all logging will be done to
stderr.</p>
<p style="margin-left:11%;"><b>−d <debug
level></b></p>
<p style="margin-left:22%; margin-top: 1em"><i>Debug
level</i></p>
<p style="margin-left:22%; margin-top: 1em">This specifies
the debug level. It must be set to 1, 2, 3, 4 or 5, where 1
logs only serious errors, and 5 logs everything. The default
is 2 which logs errors, warnings and a few informational
messages.</p>
<table width="100%" border="0" rules="none" frame="void"
cellspacing="0" cellpadding="0">
<tr valign="top" align="left">
<td width="11%"></td>
<td width="3%">
<p><b>−p</b></p></td>
<td width="8%"></td>
<td width="10%">
<p><i>Pretend</i></p></td>
<td width="68%">
</td></tr>
</table>
<p style="margin-left:22%; margin-top: 1em">The proxy reads
configuration files and performs initialisation as usual,
but exits prior to creating any sockets. It will return
different exit codes depending on whether the configuration
files are okay. This may be used to verify configuration
files, and can be done while another instance is
running.</p>
<table width="100%" border="0" rules="none" frame="void"
cellspacing="0" cellpadding="0">
<tr valign="top" align="left">
<td width="11%"></td>
<td width="3%">
<p style="margin-top: 1em"><b>−v</b></p></td>
<td width="8%"></td>
<td width="20%">
<p style="margin-top: 1em"><i>Print version</i></p></td>
<td width="58%">
</td></tr>
</table>
<p style="margin-left:22%; margin-top: 1em">When this
option is specified, the proxy will simply print version
information and exit.</p>
<p style="margin-left:11%;"><b>−c <config file
path></b></p>
<p style="margin-left:22%; margin-top: 1em"><i>Config file
path</i></p>
<p style="margin-left:22%; margin-top: 1em">This option
allows you to specify which config file to use. This is
useful if you want to use a config file that is not in any
of the default locations.</p>
<p style="margin-left:11%;"><b>−i <pid file
path></b></p>
<p style="margin-left:22%; margin-top: 1em"><i>PID file
path</i></p>
<p style="margin-left:22%; margin-top: 1em">This option
tells the proxy to create a PID file with the specified
path.</p>
<h2>SIGNALS
<a name="SIGNALS"></a>
</h2>
<p style="margin-left:11%; margin-top: 1em">The proxy
generally exits on all signals. The exceptions are listed
below.</p>
<table width="100%" border="0" rules="none" frame="void"
cellspacing="0" cellpadding="0">
<tr valign="top" align="left">
<td width="11%"></td>
<td width="9%">
<p><b>SIGHUP</b></p></td>
<td width="2%"></td>
<td width="78%">
<p>When logging to a file, this signal forces a reopen of
the log file.</p></td></tr>
</table>
<p style="margin-left:11%;"><b>SIGPIPE</b></p>
<p style="margin-left:22%; margin-top: 1em">This signal is
ignored.</p>
<h2>FILES
<a name="FILES"></a>
</h2>
<p style="margin-left:11%; margin-top: 1em"><b>/etc/radsecproxy.conf</b></p>
<p style="margin-left:22%; margin-top: 1em">The default
configuration file.</p>
<h2>SEE ALSO
<a name="SEE ALSO"></a>
</h2>
<p style="margin-left:11%; margin-top: 1em">radsecproxy.conf(5),
radsecproxy-hash(1)</p>
<hr>
</body>
</html>
|
