| # This is a sample configuration file for freeDiameter daemon. |
| |
| # Most of the options can be omitted, as they default to reasonable values. |
| # Only TLS-related options must be configured properly in usual setups. |
| |
| # It is possible to use "include" keyword to import additional files |
| # e.g.: include "/etc/freeDiameter.d/*.conf" |
| # This is exactly equivalent as copy & paste the content of the included file(s) |
| # where the "include" keyword is found. |
| |
| |
| ############################################################## |
| ## Peer identity and realm |
| |
| # The Diameter Identity of this daemon. |
| # This must be a valid FQDN that resolves to the local host. |
| # Default: hostname's FQDN |
| #Identity = "aaa.koganei.freediameter.net"; |
| |
| # The Diameter Realm of this daemon. |
| # Default: the domain part of Identity (after the first dot). |
| #Realm = "koganei.freediameter.net"; |
| |
| ############################################################## |
| ## Transport protocol configuration |
| |
| # The port this peer is listening on for incoming connections (TCP and SCTP). |
| # Default: 3868. Use 0 to disable. |
| #Port = 3868; |
| |
| # The port this peer is listening on for incoming TLS-protected connections (TCP and SCTP). |
| # See TLS_old_method for more information about TLS flavours. |
| # Note: we use TLS/SCTP instead of DTLS/SCTP at the moment. This will change in future version of freeDiameter. |
| # Default: 5868. Use 0 to disable. |
| #SecPort = 5868; |
| |
| # Use RFC3588 method for TLS protection, where TLS is negociated after CER/CEA exchange is completed |
| # on the unsecure connection. The alternative is RFC6733 mechanism, where TLS protects also the |
| # CER/CEA exchange on a dedicated secure port. |
| # This parameter only affects outgoing connections. |
| # The setting can be also defined per-peer (see Peers configuration section). |
| # Default: use RFC6733 method with separate port for TLS. |
| #TLS_old_method; |
| |
| # Disable use of TCP protocol (only listen and connect over SCTP) |
| # Default : TCP enabled |
| #No_TCP; |
| |
| # Disable use of SCTP protocol (only listen and connect over TCP) |
| # Default : SCTP enabled |
| #No_SCTP; |
| # This option is ignored if freeDiameter is compiled with DISABLE_SCTP option. |
| |
| # Prefer TCP instead of SCTP for establishing new connections. |
| # This setting may be overwritten per peer in peer configuration blocs. |
| # Default : SCTP is attempted first. |
| #Prefer_TCP; |
| |
| # Default number of streams per SCTP associations. |
| # This setting may be overwritten per peer basis. |
| # Default : 30 streams |
| #SCTP_streams = 30; |
| |
| ############################################################## |
| ## Endpoint configuration |
| |
| # Disable use of IP addresses (only IPv6) |
| # Default : IP enabled |
| #No_IP; |
| |
| # Disable use of IPv6 addresses (only IP) |
| # Default : IPv6 enabled |
| #No_IPv6; |
| |
| # Specify local addresses the server must bind to |
| # Default : listen on all addresses available. |
| #ListenOn = "202.249.37.5"; |
| #ListenOn = "2001:200:903:2::202:1"; |
| #ListenOn = "fe80::21c:5ff:fe98:7d62%eth0"; |
| |
| |
| ############################################################## |
| ## Server configuration |
| |
| # How many Diameter peers are allowed to be connecting at the same time ? |
| # This parameter limits the number of incoming connections from the time |
| # the connection is accepted until the first CER is received. |
| # Default: 5 unidentified clients in paralel. |
| #ThreadsPerServer = 5; |
| |
| ############################################################## |
| ## TLS Configuration |
| |
| # TLS is managed by the GNUTLS library in the freeDiameter daemon. |
| # You may find more information about parameters and special behaviors |
| # in the relevant documentation. |
| # http://www.gnu.org/software/gnutls/manual/ |
| |
| # Credentials of the local peer |
| # The X509 certificate and private key file to use for the local peer. |
| # The files must contain PKCS-1 encoded RSA key, in PEM format. |
| # (These parameters are passed to gnutls_certificate_set_x509_key_file function) |
| # Default : NO DEFAULT |
| #TLS_Cred = "<x509 certif file.PEM>" , "<x509 private key file.PEM>"; |
| #TLS_Cred = "/etc/ssl/certs/freeDiameter.pem", "/etc/ssl/private/freeDiameter.key"; |
| |
| # Certificate authority / trust anchors |
| # The file containing the list of trusted Certificate Authorities (PEM list) |
| # (This parameter is passed to gnutls_certificate_set_x509_trust_file function) |
| # The directive can appear several times to specify several files. |
| # Default : GNUTLS default behavior |
| #TLS_CA = "<file.PEM>"; |
| |
| # Certificate Revocation List file |
| # The information about revoked certificates. |
| # The file contains a list of trusted CRLs in PEM format. They should have been verified before. |
| # (This parameter is passed to gnutls_certificate_set_x509_crl_file function) |
| # Note: openssl CRL format might have interoperability issue with GNUTLS format. |
| # Default : GNUTLS default behavior |
| #TLS_CRL = "<file.PEM>"; |
| |
| # GNU TLS Priority string |
| # This string allows to configure the behavior of GNUTLS key exchanges |
| # algorithms. See gnutls_priority_init function documentation for information. |
| # You should also refer to the Diameter required TLS support here: |
| # http://tools.ietf.org/html/rfc6733#section-13.1 |
| # Default : "NORMAL" |
| # Example: TLS_Prio = "NONE:+VERS-TLS1.1:+AES-128-CBC:+RSA:+SHA1:+COMP-NULL"; |
| #TLS_Prio = "NORMAL"; |
| |
| # Diffie-Hellman parameters size |
| # Set the number of bits for generated DH parameters |
| # Valid value should be 768, 1024, 2048, 3072 or 4096. |
| # (This parameter is passed to gnutls_dh_params_generate2 function, |
| # it usually should match RSA key size) |
| # Default : 1024 |
| #TLS_DH_Bits = 1024; |
| |
| # Alternatively, you can specify a file to load the PKCS#3 encoded |
| # DH parameters directly from. This accelerates the daemon start |
| # but is slightly less secure. If this file is provided, the |
| # TLS_DH_Bits parameters has no effect. |
| # Default : no default. |
| #TLS_DH_File = "<file.PEM>"; |
| |
| |
| ############################################################## |
| ## Timers configuration |
| |
| # The Tc timer of this peer. |
| # It is the delay before a new attempt is made to reconnect a disconnected peer. |
| # The value is expressed in seconds. The recommended value is 30 seconds. |
| # Default: 30 |
| #TcTimer = 30; |
| |
| # The Tw timer of this peer. |
| # It is the delay before a watchdog message is sent, as described in RFC 3539. |
| # The value is expressed in seconds. The default value is 30 seconds. Value must |
| # be greater or equal to 6 seconds. See details in the RFC. |
| # Default: 30 |
| #TwTimer = 30; |
| |
| ############################################################## |
| ## Applications configuration |
| |
| # Disable the relaying of Diameter messages? |
| # For messages not handled locally, the default behavior is to forward the |
| # message to another peer if any is available, according to the routing |
| # algorithms. In addition the "0xffffff" application is advertised in CER/CEA |
| # exchanges. |
| # Default: Relaying is enabled. |
| #NoRelay; |
| |
| # Number of server threads that can handle incoming messages at the same time. |
| # Default: 4 |
| #AppServThreads = 4; |
| |
| # Other applications are configured by loaded extensions. |
| |
| ############################################################## |
| ## Extensions configuration |
| |
| # The freeDiameter framework merely provides support for |
| # Diameter Base Protocol. The specific application behaviors, |
| # as well as advanced functions, are provided |
| # by loadable extensions (plug-ins). |
| # These extensions may in addition receive the name of a |
| # configuration file, the format of which is extension-specific. |
| # |
| # Format: |
| #LoadExtension = "/path/to/extension" [ : "/optional/configuration/file" ] ; |
| # |
| # Examples: |
| #LoadExtension = "extensions/sample.fdx"; |
| #LoadExtension = "extensions/sample.fdx":"conf/sample.conf"; |
| |
| # Extensions are named as follow: |
| # dict_* for extensions that add content to the dictionary definitions. |
| # dbg_* for extensions useful only to retrieve more information on the framework execution. |
| # acl_* : Access control list, to control which peers are allowed to connect. |
| # rt_* : routing extensions that impact how messages are forwarded to other peers. |
| # app_* : applications, these extensions usually register callbacks to handle specific messages. |
| # test_* : dummy extensions that are useful only in testing environments. |
| |
| |
| # The dbg_msg_dump.fdx extension allows you to tweak the way freeDiameter displays some |
| # information about some events. This extension does not actually use a configuration file |
| # but receives directly a parameter in the string passed to the extension. Here are some examples: |
| ## LoadExtension = "dbg_msg_dumps.fdx" : "0x1111"; # Removes all default hooks, very quiet even in case of errors. |
| ## LoadExtension = "dbg_msg_dumps.fdx" : "0x2222"; # Display all events with few details. |
| ## LoadExtension = "dbg_msg_dumps.fdx" : "0x0080"; # Dump complete information about sent and received messages. |
| # The four digits respectively control: connections, routing decisions, sent/received messages, errors. |
| # The values for each digit are: |
| # 0 - default - keep the default behavior |
| # 1 - quiet - remove any specific log |
| # 2 - compact - display only a summary of the information |
| # 4 - full - display the complete information on a single long line |
| # 8 - tree - display the complete information in an easier to read format spanning several lines. |
| |
| |
| ############################################################## |
| ## Peers configuration |
| |
| # The local server listens for incoming connections. By default, |
| # all unknown connecting peers are rejected. Extensions can override this behavior (e.g., acl_wl). |
| # |
| # In addition to incoming connections, the local peer can |
| # be configured to establish and maintain connections to some |
| # Diameter nodes and allow connections from these nodes. |
| # This is achieved with the ConnectPeer directive described below. |
| # |
| # Note that the configured Diameter Identity MUST match |
| # the information received inside CEA, or the connection will be aborted. |
| # |
| # Format: |
| #ConnectPeer = "diameterid" [ { parameter1; parameter2; ...} ] ; |
| # Parameters that can be specified in the peer's parameter list: |
| # No_TCP; No_SCTP; No_IP; No_IPv6; Prefer_TCP; TLS_old_method; |
| # No_TLS; # assume transparent security instead of TLS. DTLS is not supported yet (will change in future versions). |
| # Port = 5868; # The port to connect to |
| # TcTimer = 30; |
| # TwTimer = 30; |
| # ConnectTo = "202.249.37.5"; |
| # ConnectTo = "2001:200:903:2::202:1"; |
| # TLS_Prio = "NORMAL"; |
| # Realm = "realm.net"; # Reject the peer if it does not advertise this realm. |
| # Examples: |
| #ConnectPeer = "aaa.wide.ad.jp"; |
| #ConnectPeer = "old.diameter.serv" { TcTimer = 60; TLS_old_method; No_SCTP; Port=3868; } ; |
| ############################################################## |