Table of Contents Table of contents: Radiator® AAA Server <AuthBy DNSROAM> 3.75 - <AuthBy DNSROAM> <AuthBy SAFEWORD> 3.77 - <AuthBy SAFEWORD>

3.76. <Route>

Route clauses can be used inside an <AuthBy DNSROAM> clause to explicitly specify target servers and protocols for certain Realms, or a DEFAULT fallback server.
The Route clause understands the following parameters. In general, all the Route parameters default to the parameter of the same name in the enclosing AuthBy DNSROAM.

3.76.1. Realm

Specifies the Realm that this Route will apply to. All requests with a User-Name whose Realm component (after applying any RewriteTargetRealm rules) match this realm will by processed using this Route. If the Realm is ‘DEFAULT’ then this Route will be used to process requests for which no explicit Route exists, and no route could be discovered through DNS and the <Resolver> clause.

3.76.2. Address

Specifies the name or address of the target server to be used to process requests for this Route. Defaults to ‘localhost’. There can be only one Address for a Route. For more information about handling a default route with more than one address, see Section 3.75.2. RedespatchIfNoTarget.

3.76.3. Transport

Specifies the transport to be used to contact the target server. Can be ‘sctp’, ‘tcp’, or ‘udp’. Defaults to ‘tcp’.

3.76.4. Protocol

Specifies the protocol to be used to contact the target server. Can be ‘radsec’ or ‘radius’. Defaults to ‘radsec’.

3.76.5. Port

Specifies the port number to be used to contact the target server. Defaults to 2083, the standard port number for RadSec protocol.

3.76.6. UseTLS and TLS_Protocols

Specifies whether TLS is to be used to encrypt the connection to the target server. Valid only for Protocol=radsec. Although it is possible to not use TLS for a RadSec connection, it is recommended that RadSec connections always be configured to use TLS. Defaults to true.
TLS_Protocols sets the allowed TLS versions. For more information, see Section 3.11.1. TLS_Protocols

3.76.7. Secret

Specifies the shared secret to be used with the target server. Defaults to radsec to comply with RadSec. You may want to change this if the enclosing Route is used for RADIUS forwarding. For more information, see Section 3.42.3. Secret and Section 3.71.2. Secret.

3.76.8. <AuthBy RADIUS> parameters

Any of the following <AuthBy RADIUS> parameters may be placed in <Route> as defaults for a RADIUS proxy. For more information, see Section 3.42. <AuthBy RADIUS>.
<AuthBy DNSROAM>
      # Defaults for all enclosed Routes:
      Port 1645 
      Transport udp
      Protocol radius
      Secret mysecret
      <Route>
            Realm realm3.open.com.au
            Address oscar.open.com.au
            # Override parameters for AuthBy RADIUS
            Secret xyzzy
      </Route>
      ...
</AuthBy>

3.76.9. <AuthBy RADSEC> parameters

Any of the following <AuthBy RADSEC> parameters may be placed in <Route> as defaults for a RADSEC proxy. For more information, see Section 3.71. <AuthBy RADSEC>.
<AuthBy DNSROAM>
      # Defaults for all enclosed Routes:
      Port 1645 
      Transport tcp
      Protocol radsec
      UseTLS 1
      Secret mysecret
      TLS_CAFile ....
      .....
      <Route>
            Realm realm3.open.com.au
            Address oscar.open.com.au
            # Override parameters for AuthBy RADSEC
            Secret xyzzy
            UseTLS 0
            ......
      </Route>
      ...
</AuthBy>
Table of Contents Table of contents: Radiator® AAA Server <AuthBy DNSROAM> 3.75 - <AuthBy DNSROAM> <AuthBy SAFEWORD> 3.77 - <AuthBy SAFEWORD>