Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
radsecproxy(1)		    General Commands Manual		radsecproxy(1)

       radsecproxy  - a	generic	RADIUS proxy that provides both	RADIUS UDP and
       TCP/TLS (RadSec)	transport.

       radsecproxy [-c configfile] [-d debuglevel] [-f]	[-i pidfile] [-p] [-v]

       radsecproxy is a	generic	RADIUS proxy that in addition to to usual  RA-
       DIUS  UDP  transport,  also  supports  TLS (RadSec). The	aim is for the
       proxy to	have sufficient	features to be flexible,  while	 at  the  same
       time to be small, efficient and easy to configure.

       The  proxy  was initially made to be able to deploy RadSec (RADIUS over
       TLS) so that all	RADIUS communication across  network  links  could  be
       done  using  TLS, without modifying existing RADIUS software.  This can
       be done by running this proxy on	the same host as  an  existing	RADIUS
       server  or  client, and configure the existing client/server to talk to
       localhost (the proxy) rather than other clients and servers directly.

       There are however other situations where	a RADIUS proxy might  be  use-
       ful.  Some people deploy	RADIUS topologies where	they want to route RA-
       DIUS messages to	the right server. The nodes  that  do  purely  routing
       could  be using a proxy.	Some people may	also wish to deploy a proxy on
       a site boundary.	Since the proxy	supports both IPv4 and IPv6, it	 could
       also  be	 used  to allow	communication in cases where some RADIUS nodes
       use only	IPv4 and some only IPv6.

       -f     Run in foreground.
	      By specifying this option, the  proxy  will  run	in  foreground
	      mode. That is, it	won't detach. Also all logging will be done to

       -d debuglevel
	      This specifies the debug level. It must be set to	1, 2, 3, 4  or
	      5,  where	1 logs only serious errors, and	5 logs everything. The
	      default is 2 which logs errors, warnings and a few informational

       -p     Pretend
	      The  proxy reads configuration files and performs	initialisation
	      as usual,	but exits prior	to creating any	sockets. It  will  re-
	      turn different exit codes	depending on whether the configuration
	      files are	okay. This may be used to verify configuration	files,
	      and can be done while another instance is	running.

       -v     Print version and	exit.

       -c configfile
	      This option allows you to	specify	which config file to use. This
	      is useful	if you want to use a config file that is not in	any of
	      the default locations.

       -i pidfile
	      This option tells	the proxy to create a PID file with the	speci-
	      fied path.

       The proxy generally exits on all	signals. The exceptions	are listed be-

	      When  logging  to	a file,	this signal forces a reopen of the log
	      When using TLS or	DTLS, reload certificate CRLs.

	      This signal is ignored.


	      The default configuration	file.

       radsecproxy.conf(5), radsecproxy-hash(1)

				  5 July 2018			radsecproxy(1)


Want to link to this manual page? Use this URL:

home | help