Provided by: radsecproxy_1.3.1-1_i386
radsecproxy - a generic RADIUS proxy that provides both RADIUS UDP and
TCP/TLS (RadSec) transport.
radsecproxy [-c configfile] [-d debuglevel] [-f] [-i pidfile] [-p] [-v]
radsecproxy is a generic RADIUS proxy that in addition to to usual
RADIUS UDP transport, also supports TLS (RadSec). The aim is for the
proxy to have sufficient features to be flexible, while at the same
time to be small, efficient and easy to configure. Currently the
executable on Linux is only about 48 KB, and it uses about 64 KB
(depending on the number of peers) while running.
The proxy was initially made to be able to deploy RadSec (RADIUS over
TLS) so that all RADIUS communication across network links could be
done using TLS, without modifying existing RADIUS software. This can
be done by running this proxy on the same host as an existing RADIUS
server or client, and configure the existing client/server to talk to
localhost (the proxy) rather than other clients and servers directly.
There are however other situations where a RADIUS proxy might be
useful. Some people deploy RADIUS topologies where they want to route
RADIUS messages to the right server. The nodes that do purely routing
could be using a proxy. Some people may also wish to deploy a proxy on
a site boundary. Since the proxy supports both IPv4 and IPv6, it could
also be used to allow communication in cases where some RADIUS nodes
use only IPv4 and some only IPv6.
Run in foreground
By specifying this option, the proxy will run in foreground
mode. That is, it won’t detach. Also all logging will be done to
-d <debug level>
This specifies the debug level. It must be set to 1, 2, 3 or 4,
where 1 logs only serious errors, and 4 logs everything. The
default is 2 which logs errors, warnings and a few informational
The proxy reads configuration files and performs initialisation
as usual, but exits prior to creating any sockets. It will
return different exit codes depending on whether the
configuration files are okay. This may be used to verify
configuration files, and can be done while another instance is
When this option is specified, the proxy will simply print
version information and exit.
-c <config file path>
Config file path
This option allows you to specify which config file to use. This
is useful if you want to use a config file that is not in any of
the default locations.
-i <pid file path>
PID file path
This option tells the proxy to create a PID file with the
The proxy generally exits on all signals. The exceptions are listed
When logging to a file, this signal forces a reopen of the log
This signal is ignored.
The default configuration file.
radsecproxy.conf(5), RadSec internet draft
12 March 2009 radsecproxy(1)