Permalink
Cannot retrieve contributors at this time
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
radsecproxy/radsecproxy.8.in
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
92 lines (76 sloc)
2.85 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
.TH radsecproxy 8 "5 July 2018" | |
.SH "NAME" | |
radsecproxy - a generic RADIUS proxy that provides both RADIUS UDP and TCP/TLS (RadSec) transport. | |
.SH "SYNOPSIS" | |
.HP 12 | |
radsecproxy [\-c \fIconfigfile\fR] [\-d \fIdebuglevel\fR] [\-f] [\-i \fIpidfile\fR] [\-p] [\-v] | |
.sp | |
.SH "DESCRIPTION" | |
radsecproxy is a \fBgeneric RADIUS proxy\fR that in addition to to | |
usual \fBRADIUS UDP\fR transport, also supports \fBTLS (RadSec)\fR. The | |
aim is for the proxy to have sufficient features to be flexible, | |
while at the same time to be small, efficient and easy to configure. | |
The proxy was initially made to be able to deploy \fBRadSec\fR (RADIUS | |
over TLS) so that all RADIUS communication across network links | |
could be done using TLS, without modifying existing RADIUS software. | |
This can be done by running this proxy on the same host as an existing | |
RADIUS server or client, and configure the existing client/server to | |
talk to localhost (the proxy) rather than other clients and servers | |
directly. | |
There are however other situations where a RADIUS proxy might be | |
useful. Some people deploy RADIUS topologies where they want to | |
route RADIUS messages to the right server. The nodes that do purely | |
routing could be using a proxy. Some people may also wish to deploy | |
a proxy on a site boundary. Since the proxy \fBsupports both IPv4 | |
and IPv6\fR, it could also be used to allow communication in cases | |
where some RADIUS nodes use only IPv4 and some only IPv6. | |
.SH "OPTIONS" | |
.TP | |
.B \-f | |
Run in foreground. | |
.br | |
By specifying this option, the proxy will run in foreground mode. That | |
is, it won't detach. Also all logging will be done to stderr. | |
.TP | |
.B \-d \fIdebuglevel\fR | |
This specifies the debug level. It must be set to 1, 2, 3, 4 or 5, where | |
1 logs only serious errors, and 5 logs everything. The default is 2 which | |
logs errors, warnings and a few informational messages. | |
.TP | |
.B \-p | |
Pretend | |
.br | |
The proxy reads configuration files and performs initialisation as | |
usual, but exits prior to creating any sockets. It will return different | |
exit codes depending on whether the configuration files are okay. This | |
may be used to verify configuration files, and can be done while another | |
instance is running. | |
.TP | |
.B \-v | |
Print version and exit. | |
.TP | |
.B \-c \fIconfigfile\fR | |
This option allows you to specify which config file to use. This is useful | |
if you want to use a config file that is not in any of the default locations. | |
.TP | |
.B \-i \fIpidfile\fR | |
This option tells the proxy to create a PID file with the specified path. | |
.SH "SIGNALS" | |
The proxy generally exits on all signals. The exceptions are listed below. | |
.TP | |
.B SIGHUP | |
.br | |
When logging to a file, this signal forces a reopen of the log file. | |
.br | |
When using TLS or DTLS, reload certificate CRLs. | |
.TP | |
.B SIGPIPE | |
.br | |
This signal is ignored. | |
.SH "FILES" | |
.TP | |
.B @SYSCONFDIR@/radsecproxy.conf | |
.sp | |
The default configuration file. | |
.SH "SEE ALSO" | |
radsecproxy.conf(5), radsecproxy-hash(8) |