# File: ipassNS.properties.example
# Description: iPass NetServer configuration file.
# Blank lines and lines beginning with # ignored.
# This file contains a subset of the most commonly used properties.
# For a complete listing of all available properties,
# go to the directory <ns-home>/bin/ and execute the
# command: "ipassconfig.csh -listall"
# For a detailed description of a particular property,
# go to the directory <ns-home>/bin/ and execute the
# command: "ipassconfig.csh -help <property name>"
# Your iPass Customer ID
CustomerId=1
# Configure RadiusClients
###RadiusClient1=ipaddress=10.10.6.2,sharedsecret=testkey
###RadiusClient2=ipaddress=10.10.50.19,sharedsecret=testkey
# Configure MultiProvider
# Determines if MultiProvider functionality is enabled.
# If enabled, the CustomerId sent to iPass will be that of the RadiusClient
# that the request came from.
# If the CustomerId is not set in the RadiusClient info, the main
# CustomerId of this server is used.
# Eg: to set a customerId for a client using RadiusClient settings:
# RadiusClient1=ipaddress=10.10.6.2,sharedsecret=testkey,CustomerId=111
###MultiProvider=Yes
# Mapping Realm to ProxyServer(s)
RoutingRealm1=realm=IPASS,AuthServer=IpassServer,AcctServer=IpassServer,Strip=Yes
RoutingRealm2=realm=IPASV,AuthServer=IpassServer,AcctServer=IpassServer,Strip=Yes
##RoutingRealm3=realm=DEFAULT,AuthServer=IpassServer,AcctServer=IpassServer
##RoutingRealm4=realm=NOREALM,AuthServer=ProxyAuthServer1,AcctServer=ProxyAcctServer1
# Proxy Server settings
# Protocol should be defaulted to Radius
###ProxyAuthServer1=protocol=RADIUSProxy,ipaddress=127.0.0.1,port=1812,
IdleTimeout=15000,sharedsecret=testkey
###ProxyAcctServer1=protocol=RADIUSProxy,ipaddress=127.0.0.1,port=1813,
IdleTimeout=15000,sharedsecret=testkey
# Ipass Server (Transaction Server List)
IpassServer1=IpAddress=auth7.ipass.com,Port=9101,KeyStoreProperty=KeyStore2
IpassServer2=IpAddress=auth8.ipass.com,Port=9101,KeyStoreProperty=KeyStore2
IpassServer3=IpAddress=auth-apac.ipass.com,Port=9101,KeyStoreProperty=KeyStore2
IpassServer4=IpAddress=auth-sjc.ipass.com,Port=9101,KeyStoreProperty=KeyStore2
# Auth, Acct, and Proxy Listener information.
# Sample line:
# Listener1= Port=<value>
# Port - Port number to listen for iPass requests from.
# Default is UDP port 11812/11813.
Listener1=Type=Radius,Port=11812
Listener2=Type=RadiusProxy,Port=11817
Listener3=Type=SSLPost,Port=11811
# IP Addresses, in X.X.X.X format, permitted to send control messages (such as
# shutdown and restart) to this server. Multiple IPs can be specified. All
# must be unique and contain the prefix ControlMessageIp.
# By default, the local host and iPass Transaction Servers IP address
# are already included.
# Sample format:
# ControlMessageIp1=555.555.555.555
#
# Debug level determines if debug and error messages are logged
# to the event table.
# Debug Level 0 - Only severe messages are logged
# Debug Level 1 - Error messages are logged
# Debug Level 2 - Error and Debug messages are logged
# Debug Level 3 - Error, Debug, and Packet parsing information is logged
# Debug Level 4 - Error, Debug, Packet parsing, and Packet dumping is logged
# Debug Level 5 - Detailed Packet and debug information is logged
# Note: Production servers should normally run with debug level 0 or 1.
DebugLevel=0
AutoUpload=yes
UploadAtStartup=yes
AutoUpdate=no
# Allow Accounting Update Messages to Pass-through to TS
AllowAcctUpdate=yes
# EapMode determines if the NetServer will do early-termination
# of EAP-TTLS requests. Primarily EAP-TTLS/PAP.
# All other EAP types will be blocked unless otherwise configured to do so.
# Default setting is: yes or true.
EapMode=YES
# EapNotification determines if the NetServer will send back
# the Reply-Message(s) in EAP-Notification Requests prior to
# sending back the final Radius Access-Accept/Access-Reject.
# Default setting is: true
EapNotification=NO
# This feature is used in conjuction with the EapNotification feature.
# It is used to filter which Reply-Message(s) can get sent back
# as EAP-Notifications. It will check if any Reply-Messages begin
# with the given FilterPrefix string.
# FilterPrefix: The string to match at the beginning of the Reply-Message.
# It is case insensitive.
# KeepPrefix: Whether to keep that prefix attached to the Reply-Message
# when sending back as an EAP-Notification.
EapNotificationFilter1= FilterPrefix="Location=",KeepPrefix=YES
# Tunneled EAP NAI Check
# This function ensures the declared EAP Identity of an EAP-TTLS
# request used in accounting without CUI, eventually contains within
# the username@domain NAI of the Authorized Account negotiated with iPass
# during secondary authentication phase. Prevents Tunnel Fraud.
EapNaiCheck=true
# EAP Early Termination
# With EapMode enabled, the netserver offers native EAP-TTLS tunneling to
# the iPass AAA fabric. The tunnel is protected by 2048-bit RSA encryption
# secured by Thawte global. This provides a single trust point, EAP-Identity
# Token and Authentication Method for a connection profile on any iPass enabled network.
# The "inside" secondary auth method is performed with the Home AAA via the
# TCP/SSL iPass Transaction Network (PAP, MSHCAPv2, GTC, TLS, EAP-SIM) by
# support or preference behind the Roamserver. Suitable for fast roaming.
EapEarlyTerminate=21
# EAP Pass-Through Filters
# If EapMode is yes, TTLS will never pass-through the Netserver. For default
# pass-through, set EapMode=no. With EapMode Enabled, EapPassThroughAllow
# specifies the EAP Protocol Id which are allowed to transact end-to-end
# via the iPass Transaction Network. Additional Network Policies Apply.
# End-to-end EAP Authentication methods can be prohibitively slow.
# EapPassThroughAllow=4,6,13,23,25,43
# EapPassThroughAllow=all
# EapPassThroughDeny=nothing
# CUI SETTINGS
#
# If EapNaiCheck is false, a supplier must support attribute 89
# in all Radius Accounting. These settings enable reflection of
# Chargeable-User-Identity Attribute 89 in all Access-Accept.
# The value of the attribute is the accepted userid negotiated with iPass
# Transaction Centers unless a CUI is returned by the Home AAA.
CuiEnable=yes
#
# CuiHasEnable encodes the value of the CUI returned in an Access-Accept to
# create a unique and anonymous identity hash of the user portion of the NAI.
# This hash is reversable by iPass for billing correlation.
CuiHashEnable=no
#
# CuiHashingStrategy sets the type of hashing strategy to be performed
# on CUI hashing. That is, either the complete NAI or just the USER_NAME
# in an NAI to be hashed.
CuiHashingStrategy=USER_NAME
# CuiAcctUserReplace retrieves the CUI from all Accounting messages and
# replaces the Anonymous EAP Identity token used for routing the transaction in
# the User-Name with the value of the CUI returned in the Access-Accept.
# If CuiHashEnable is yes, CuiAcctUserReplace can optionally leave the User-Name
# encoded for transmission to iPass for correlation by the Home AAA without CUI.
# CuiAcctUserReplace1=Token=all,Decode=yes
CuiAcctUserReplace1=Token="IPASS/user@ipass.com",Decode=yes
CuiAcctUserReplace2=Token="user@ipass.com",Decode=Yes
CuiAcctUserReplace3=Token="IPASS/user@ipass",Decode=yes
CuiAcctUserReplace4=Token="user@ipass",Decode=Yes
CuiAcctUserReplace5=Token="IPASS/anonymous@ipass.com",Decode=yes
CuiAcctUserReplace6=Token="anonymous@ipass.com",Decode=yes
CuiAcctUserReplace7=Token="IPASS/anonymous@ipass",Decode=yes
CuiAcctUserReplace8=Token="anonymous@ipass,Decode=yes
# CACHE DEFAULTS
# Determines if the caching of successful authentication requests is enabled
AuthCacheEnabled=True
# Auth Cache. Limit by the number of users.
AuthCacheSize=60
# Auth Cache days Limit by the number of days in cache
AuthCacheDays=1
#Filesize rotation
LocalAccounting=false
AcctLogBackupType=MultipleWithTimestamp
AcctLogRotationMaxSize=10240
AcctLogRotationType=FileSize
TraceLogBackupType=MultipleWithTimestamp
#TraceLogRotationType=NumberOfHours
#TraceLogRotationHours=24
TraceLogRotationType=FileSize
TraceLogRotationMaxSize=10240
LogDirFileDeletionAge=120
# Determines the Keystore which will be used for administrative purpose.
# The configured KeyStore must be of KeyStoreType=ns
AdminKeyStoreProperty=KeyStore2
KeyStore1=KeyStoreType=eap,KeyStorePath=$ipass.server.home/certs/eapserver.keystore,
KeyPassword=UfGjld0YWEUjEIZUnNvIsA==,KeyStorePassword=UfGjld0YWEUjEIZUnNvIsA=
KeyStore2=KeyStoreType=ns,KeyStorePath=$ipass.server.home/certs/ns1.keystore
Go to: Other Product Documents > NetServer Admin Guide