mme_fd.conf 3.77 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103
# -------- Local ---------

# Uncomment if the framework cannot resolv it.
Identity = "%MME_FQDN%";
Realm = "%REALM%";

# TLS configuration (see previous section)
TLS_Cred = "/usr/local/etc/oai/freeDiameter/mme.cert.pem",
           "/usr/local/etc/oai/freeDiameter/mme.key.pem";
TLS_CA   = "/usr/local/etc/oai/freeDiameter/mme.cacert.pem";

# Disable use of TCP protocol (only listen and connect in SCTP)
# Default : TCP enabled
No_SCTP;

# This option is ignored if freeDiameter is compiled with DISABLE_SCTP option.
# Prefer TCP instead of SCTP for establishing new connections.
# This setting may be overwritten per peer in peer configuration blocs.
# Default : SCTP is attempted first.
Prefer_TCP;


No_IPv6;

# Overwrite the number of SCTP streams. This value should be kept low, 
# especially if you are using TLS over SCTP, because it consumes a lot of 
# resources in that case. See tickets 19 and 27 for some additional details on 
# this.
# Limit the number of SCTP streams
SCTP_streams = 3;


# By default, freeDiameter acts as a Diameter Relay Agent by forwarding all 
# messages it cannot handle locally. This parameter disables this behavior.
NoRelay;

# Use RFC3588 method for TLS protection, where TLS is negociated after CER/CEA exchange is completed
# on the unsecure connection. The alternative is RFC6733 mechanism, where TLS protects also the
# CER/CEA exchange on a dedicated secure port.
# This parameter only affects outgoing connections.
# The setting can be also defined per-peer (see Peers configuration section).
# Default: use RFC6733 method with separate port for TLS.

#TLS_old_method;

AppServThreads = 4;

# Specify the addresses on which to bind the listening server. This must be 
# specified if the framework is unable to auto-detect these addresses, or if the
# auto-detected values are incorrect. Note that the list of addresses is sent 
# in CER or CEA message, so one should pay attention to this parameter if some 
# adresses should be kept hidden. 
#ListenOn = ;

Port = 3870;
SecPort = 5870;

# -------- Extensions ---------

# Uncomment (and create rtd.conf) to specify routing table for this peer.
#LoadExtension = "rt_default.fdx" : "rtd.conf";

# Uncomment (and create acl.conf) to allow incoming connections from other peers.
#LoadExtension = "acl_wl.fdx" : "acl.conf";

# Uncomment to display periodic state information
#LoadExtension = "dbg_monitor.fdx";

# Uncomment to enable an interactive Python interpreter session.
# (see doc/dbg_interactive.py.sample for more information)
#LoadExtension = "dbg_interactive.fdx";

# Load the RFC4005 dictionary objects
#LoadExtension = "dict_nasreq.fdx";

LoadExtension = "dict_nas_mipv6.fdx";
LoadExtension = "dict_s6a.fdx";

# Load RFC4072 dictionary objects
#LoadExtension = "dict_eap.fdx";

# Load the Diameter EAP server extension (requires diameap.conf)
#LoadExtension = "app_diameap.fdx" : "diameap.conf";

# Load the Accounting Server extension (requires app_acct.conf)
#LoadExtension = "app_acct.fdx" : "app_acct.conf";

# -------- Peers ---------

# The framework will actively attempt to establish and maintain a connection
# with the peers listed here.
# For only accepting incoming connections, see the acl_wl.fx extension.

# ConnectPeer
# Declare a remote peer to which this peer must maintain a connection. 
# In addition, this allows specifying non-default parameters for this peer only
# (for example disable SCTP with this peer, or use RFC3588-flavour TLS). 
# Note that by default, if a peer is not listed as a ConnectPeer entry, an 
# incoming connection from this peer will be rejected. If you want to accept 
# incoming connections from other peers, see the acl_wl.fdx? extension which 
# allows exactly this. 

ConnectPeer = "%HSS_FQDN%" { ConnectTo = "%S6A_HSS_IP%"; No_SCTP ; No_IPv6; Prefer_TCP; No_TLS; port = 3868;  realm = "%REALM%";};