Sample ipassNS.properties File

# File: ipassNS.properties.example

# Description: iPass NetServer configuration file.

# Blank lines and lines beginning with # ignored.



# This file contains a subset of the most commonly used properties.

# For a complete listing of all available properties,
# go to the directory <ns-home>/bin/ and execute the
# command: "ipassconfig.csh -listall"

# For a detailed description of a particular property,
# go to the directory <ns-home>/bin/ and execute the
# command: "ipassconfig.csh -help <property name>"


# Your iPass Customer ID

CustomerId=1



# Configure RadiusClients

###RadiusClient1=ipaddress=10.10.6.2,sharedsecret=testkey
###RadiusClient2=ipaddress=10.10.50.19,sharedsecret=testkey



# Configure MultiProvider
# Determines if MultiProvider functionality is enabled.
# If enabled, the CustomerId sent to iPass will be that of the RadiusClient
# that the request came from.
# If the CustomerId is not set in the RadiusClient info, the main
# CustomerId of this server is used.
# Eg: to set a customerId for a client using RadiusClient settings:
# RadiusClient1=ipaddress=10.10.6.2,sharedsecret=testkey,CustomerId=111

###MultiProvider=Yes


# Mapping Realm to ProxyServer(s)


RoutingRealm1=realm=IPASS,AuthServer=IpassServer,AcctServer=IpassServer,Strip=Yes
RoutingRealm2=realm=IPASV,AuthServer=IpassServer,AcctServer=IpassServer,Strip=Yes
##RoutingRealm3=realm=DEFAULT,AuthServer=IpassServer,AcctServer=IpassServer
##RoutingRealm4=realm=NOREALM,AuthServer=ProxyAuthServer1,AcctServer=ProxyAcctServer1



# Proxy Server settings
# Protocol should be defaulted to Radius

###ProxyAuthServer1=protocol=RADIUSProxy,ipaddress=127.0.0.1,port=1812,
IdleTimeout=15000,sharedsecret=testkey
###ProxyAcctServer1=protocol=RADIUSProxy,ipaddress=127.0.0.1,port=1813,
IdleTimeout=15000,sharedsecret=testkey



# Ipass Server (Transaction Server List)

IpassServer1=IpAddress=auth7.ipass.com,Port=9101,KeyStoreProperty=KeyStore2
IpassServer2=IpAddress=auth8.ipass.com,Port=9101,KeyStoreProperty=KeyStore2
IpassServer3=IpAddress=auth-apac.ipass.com,Port=9101,KeyStoreProperty=KeyStore2
IpassServer4=IpAddress=auth-sjc.ipass.com,Port=9101,KeyStoreProperty=KeyStore2




# Auth, Acct, and Proxy Listener information.

# Sample line:
# Listener1= Port=<value>
# Port - Port number to listen for iPass requests from.
# Default is UDP port 11812/11813.



Listener1=Type=Radius,Port=11812
Listener2=Type=RadiusProxy,Port=11817
Listener3=Type=SSLPost,Port=11811



# IP Addresses, in X.X.X.X format, permitted to send control messages (such as
#    shutdown and restart) to this server. Multiple IPs can be specified. All
#    must be unique and contain the prefix ControlMessageIp.
#    By default, the local host and iPass Transaction Servers IP address
#    are already included.

# Sample format:
# ControlMessageIp1=555.555.555.555
#



# Debug level determines if debug and error messages are logged
# to the event table.
#   Debug Level 0 - Only severe messages are logged
#   Debug Level 1 - Error messages are logged
#   Debug Level 2 - Error and Debug messages are logged
#   Debug Level 3 - Error, Debug, and Packet parsing information is logged
#   Debug Level 4 - Error, Debug, Packet parsing, and Packet dumping is logged
#   Debug Level 5 - Detailed Packet and debug information is logged

# Note: Production servers should normally run with debug level 0 or 1.

DebugLevel=0

AutoUpload=yes
UploadAtStartup=yes
AutoUpdate=no

# Allow Accounting Update Messages to Pass-through to TS
AllowAcctUpdate=yes




# EapMode determines if the NetServer will do early-termination
# of EAP-TTLS requests. Primarily EAP-TTLS/PAP.
# All other EAP types will be blocked unless otherwise configured to do so.
# Default setting is: yes or true.

EapMode=YES


# EapNotification determines if the NetServer will send back
# the Reply-Message(s) in EAP-Notification Requests prior to
# sending back the final Radius Access-Accept/Access-Reject.
# Default setting is: true

EapNotification=NO


# This feature is used in conjuction with the EapNotification feature.
# It is used to filter which Reply-Message(s) can get sent back
# as EAP-Notifications. It will check if any Reply-Messages begin
# with the given FilterPrefix string.
# FilterPrefix: The string to match at the beginning of the Reply-Message.
#               It is case insensitive.
# KeepPrefix: Whether to keep that prefix attached to the Reply-Message
#             when sending back as an EAP-Notification.


EapNotificationFilter1= FilterPrefix="Location=",KeepPrefix=YES

# Tunneled EAP NAI Check
# This function ensures the declared EAP Identity of an EAP-TTLS
# request used in accounting without CUI, eventually contains within
# the username@domain NAI of the Authorized Account negotiated with iPass
# during secondary authentication phase.  Prevents Tunnel Fraud.

EapNaiCheck=true


# EAP Early Termination
# With EapMode enabled, the netserver offers native EAP-TTLS tunneling to
# the iPass AAA fabric.  The tunnel is protected by 2048-bit RSA encryption
# secured by Thawte global.  This provides a single trust point, EAP-Identity
# Token and Authentication Method for a connection profile on any iPass enabled network.
# The "inside" secondary auth method is performed with the Home AAA via the
# TCP/SSL iPass Transaction Network (PAP, MSHCAPv2, GTC, TLS, EAP-SIM) by
# support or preference behind the Roamserver. Suitable for fast roaming.



EapEarlyTerminate=21

# EAP Pass-Through Filters
# If EapMode is yes, TTLS will never pass-through the Netserver.  For default
# pass-through, set EapMode=no. With EapMode Enabled, EapPassThroughAllow
# specifies the EAP Protocol Id which are allowed to transact end-to-end
# via the iPass Transaction Network.  Additional Network Policies Apply.
# End-to-end EAP Authentication methods can be prohibitively slow.


# EapPassThroughAllow=4,6,13,23,25,43
# EapPassThroughAllow=all
# EapPassThroughDeny=nothing



# CUI SETTINGS
#
# If EapNaiCheck is false, a supplier must support attribute 89
# in all Radius Accounting.  These settings enable reflection of
# Chargeable-User-Identity Attribute 89 in all Access-Accept.
# The value of the attribute is the accepted userid negotiated with iPass
# Transaction Centers unless a CUI is returned by the Home AAA.


CuiEnable=yes

#
# CuiHasEnable encodes the value of the CUI returned in an Access-Accept to
# create a unique and anonymous identity hash of the user portion of the NAI.
# This hash is reversable by iPass for billing correlation.

CuiHashEnable=no


#
# CuiHashingStrategy sets the type of hashing strategy to be performed
# on CUI hashing. That is, either the complete NAI or just the USER_NAME
# in an NAI to be hashed.


CuiHashingStrategy=USER_NAME

# CuiAcctUserReplace retrieves the CUI from all Accounting messages and
# replaces the Anonymous EAP Identity token used for routing the transaction in
# the User-Name with the value of the CUI returned in the Access-Accept.
# If CuiHashEnable is yes, CuiAcctUserReplace can optionally leave the User-Name
# encoded for transmission to iPass for correlation by the Home AAA without CUI.


# CuiAcctUserReplace1=Token=all,Decode=yes
CuiAcctUserReplace1=Token="IPASS/user@ipass.com",Decode=yes
CuiAcctUserReplace2=Token="user@ipass.com",Decode=Yes
CuiAcctUserReplace3=Token="IPASS/user@ipass",Decode=yes
CuiAcctUserReplace4=Token="user@ipass",Decode=Yes
CuiAcctUserReplace5=Token="IPASS/anonymous@ipass.com",Decode=yes
CuiAcctUserReplace6=Token="anonymous@ipass.com",Decode=yes
CuiAcctUserReplace7=Token="IPASS/anonymous@ipass",Decode=yes
CuiAcctUserReplace8=Token="anonymous@ipass,Decode=yes


# CACHE DEFAULTS

# Determines if the caching of successful authentication requests is enabled
AuthCacheEnabled=True

# Auth Cache. Limit by the number of users.
AuthCacheSize=60

# Auth Cache days Limit by the number of days in cache
AuthCacheDays=1


#Filesize rotation
LocalAccounting=false
AcctLogBackupType=MultipleWithTimestamp
AcctLogRotationMaxSize=10240
AcctLogRotationType=FileSize


TraceLogBackupType=MultipleWithTimestamp
#TraceLogRotationType=NumberOfHours
#TraceLogRotationHours=24
TraceLogRotationType=FileSize
TraceLogRotationMaxSize=10240
LogDirFileDeletionAge=120


# Determines the Keystore which will be used for administrative purpose.
# The configured KeyStore must be of KeyStoreType=ns

AdminKeyStoreProperty=KeyStore2


KeyStore1=KeyStoreType=eap,KeyStorePath=$ipass.server.home/certs/eapserver.keystore,
KeyPassword=UfGjld0YWEUjEIZUnNvIsA==,KeyStorePassword=UfGjld0YWEUjEIZUnNvIsA=  

KeyStore2=KeyStoreType=ns,KeyStorePath=$ipass.server.home/certs/ns1.keystore

Go to: Other Product Documents > NetServer Admin Guide

 

©2015 iPass Inc. All rights reserved. Terms of Use