3.76. <Route>

Route clauses can be used inside an <AuthBy DNSROAM> clause to explicitly specify target servers and protocols for certain Realms, or a DEFAULT fallback server.
The Route clause understands the following parameters. In general, all the Route parameters default to the parameter of the same name in the enclosing AuthBy DNSROAM.

3.76.1. Realm

Specifies the Realm that this Route will apply to. All requests with a User-Name whose Realm component (after applying any RewriteTargetRealm rules) match this realm will by processed using this Route. If the Realm is ‘DEFAULT’ then this Route will be used to process requests for which no explicit Route exists, and no route could be discovered through DNS and the <Resolver> clause.

3.76.2. Address

Specifies the name or address of the target server to be used to process requests for this Route. Defaults to ‘localhost’. There can be only one Address for a Route. For more information about handling a default route with more than one address, see Section 3.75.2. RedespatchIfNoTarget.

3.76.3. Transport

Specifies the transport to be used to contact the target server. Can be ‘sctp’, ‘tcp’, or ‘udp’. Defaults to ‘tcp’.

3.76.4. Protocol

Specifies the protocol to be used to contact the target server. Can be ‘radsec’ or ‘radius’. Defaults to ‘radsec’.

3.76.5. Port

Specifies the port number to be used to contact the target server. Defaults to 2083, the standard port number for RadSec protocol.

3.76.6. UseTLS and TSL_Protocols

Specifies whether TLS is to be used to encrypt the connection to the target server. Valid only for Protocol=radsec. Although it is possible to not use TLS for a RadSec connection, it is recommended that RadSec connections always be configured to use TLS. Defaults to true.
TLS_Protocols sets the allowed TLS versions. For more information, see Section 3.11.1. TLS_Protocols

3.76.7. Secret

Specifies the shared secret to be used with the target server. Defaults to radsec to comply with RadSec. You may want to change this if the enclosing Route is used for RADIUS forwarding. For more information, see Section 3.42.3. Secret and Section 3.71.2. Secret.

3.76.8. <AuthBy RADIUS> parameters

3.76.9. <AuthBy RADSEC> parameters

Any of the following <AuthBy RADSEC> parameters may be placed in <Route> as defaults for a RADSEC proxy. For more information, see Section 3.71. <AuthBy RADSEC>.
      # Defaults for all enclosed Routes:
      Port 1645 
      Transport tcp
      Protocol radsec
      UseTLS 1
      Secret mysecret
      TLS_CAFile ....
            Realm realm3.open.com.au
            Address oscar.open.com.au
            # Override parameters for AuthBy RADSEC
            Secret xyzzy
            UseTLS 0