[strongSwan] strongSwan 5.0.1 with IKEv1 and freeradius
Dmitry Korzhevin
dmitry.korzhevin at stidia.com
Wed Nov 14 11:25:34 CET 2012
Hello,
I use Debian 6.0.6 + strongSwan 5.0.1
Can you tell - are strongSwan able to handle auth using freeradius as
backend auth server for mac os x clients?
I compile strongSwan with --enable-eap-radius, radius is already
configured and works with xl2tp (L2TP server). I configured strongswan
according to wiki page
http://wiki.strongswan.org/projects/strongswan/wiki/EapRadius
My configuration:
##########################
conn radius
rekey=no
left=SERVER_IP
leftsubnet=0.0.0.0/0
leftfirewall=yes
leftauth=psk
right=%any
rightauth=eap-radius
eap_identity=%identity
rightsubnet=0.0.0.0/0
rightsourceip=10.2.0.0/24
auto=add
#########################
strongSwan configured with modules:
loaded plugins: charon test-vectors mysql aes des sha1 sha2 md4 md5
random nonce x509 revocation constraints pubkey pkcs1 pkcs8 pgp dnskey
pem fips-prf gmp xcbc cmac hmac attr kernel-netlink resolve
socket-default stroke sql updown eap-identity eap-mschapv2 eap-radius
xauth-generic xauth-eap
But, seems mac os x internal ipsec client is work only with IKEv1, and i
read from wiki, that EAP secrets are IKEv2 only
(http://wiki.strongswan.org/projects/strongswan/wiki/EapSecret)
I want configure strongswan redirects all auth request to freeradius
Best Regards,
Dmitry
---
Dmitry KORZHEVIN
System Administrator
STIDIA S.A. - Luxembourg
e: dmitry.korzhevin at stidia.com
m: +38 093 874 5453
w: http://www.stidia.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4488 bytes
Desc: ���������������������������������� �������������� S/MIME
URL: <http://lists.strongswan.org/pipermail/users/attachments/20121114/d6755897/attachment.bin>
More information about the Users
mailing list