radsecproxy - a generic RADIUS proxy that provides both RADIUS UDP and

NAME

       radsecproxy  - a generic RADIUS proxy that provides both RADIUS UDP and
       TCP/TLS (RadSec) transport.

SYNOPSIS

       radsecproxy [-c configfile] [-d debuglevel] [-f] [-i pidfile] [-p] [-v]

DESCRIPTION

       radsecproxy  is  a  generic  RADIUS  proxy that in addition to to usual
       RADIUS UDP transport, also supports TLS (RadSec). The aim  is  for  the
       proxy  to  have  sufficient  features to be flexible, while at the same
       time to be small, efficient  and  easy  to  configure.   Currently  the
       executable  on  Linux  is  only  about  48  KB, and it uses about 64 KB
       (depending on the number of peers) while running.

       The proxy was initially made to be able to deploy RadSec  (RADIUS  over
       TLS)  so  that  all  RADIUS communication across network links could be
       done using TLS, without modifying existing RADIUS software.   This  can
       be  done  by  running this proxy on the same host as an existing RADIUS
       server or client, and configure the existing client/server to  talk  to
       localhost (the proxy) rather than other clients and servers directly.

       There  are  however  other  situations  where  a  RADIUS proxy might be
       useful. Some people deploy RADIUS topologies where they want  to  route
       RADIUS  messages  to the right server. The nodes that do purely routing
       could be using a proxy. Some people may also wish to deploy a proxy  on
       a  site boundary. Since the proxy supports both IPv4 and IPv6, it could
       also be used to allow communication in cases where  some  RADIUS  nodes
       use only IPv4 and some only IPv6.

OPTIONS

       -f

              Run in foreground

              By  specifying  this  option,  the  proxy will run in foreground
              mode. That is, it won’t detach. Also all logging will be done to
              stderr.

       -d <debug level>

              Debug level

              This  specifies the debug level. It must be set to 1, 2, 3, 4 or
              5, where 1 logs only serious errors, and 5 logs everything.  The
              default is 2 which logs errors, warnings and a few informational
              messages.

       -p

              Pretend

              The proxy reads configuration files and performs  initialisation
              as  usual,  but  exits  prior  to  creating any sockets. It will
              return  different  exit   codes   depending   on   whether   the
              configuration  files  are  okay.  This  may  be  used  to verify
              configuration files, and can be done while another  instance  is
              running.

       -v

              Print version

              When  this  option  is  specified,  the  proxy will simply print
              version information and exit.

       -c <config file path>

              Config file path

              This option allows you to specify which config file to use. This
              is useful if you want to use a config file that is not in any of
              the default locations.

       -i <pid file path>

              PID file path

              This option tells the proxy  to  create  a  PID  file  with  the
              specified path.

SIGNALS

       The  proxy  generally  exits  on all signals. The exceptions are listed
       below.

       SIGHUP

              When logging to a file, this signal forces a reopen of  the  log
              file.

       SIGPIPE

              This signal is ignored.

FILES

       /etc/radsecproxy.conf

              The default configuration file.

NAME

SYNOPSIS

DESCRIPTION

OPTIONS

SIGNALS

FILES

SEE ALSO