[strongSwan] Strongswan with freeradius on Debian server
Sabrina Louison-francois
sabrina.louison-francois at ens-cachan.fr
Thu Apr 25 08:48:36 CEST 2013
Hello,
I installed a strongswan server (5.0.3) on Debian and want it to work
with radius authentication (eap-peap) for my users. My server
authenticates with a certificate.
Here is server's ipsec.conf:
# basic configuration
config setup
# strictcrlpolicy=yes
# uniqueids = no
# Add connections here.
conn road
left=192.168.10.8 # Gateway's information
leftid=%fromcert
leftsubnet=10.1.0.0/24
leftrsasigkey=%cert
leftcert=/etc/ipsec.d/certs/myserver.pem
eap_identity=%any
right=%any
rightauth=eap-radius
rightsendcert=never
auto=add
I tested it with a client on Debian. In ipsec.secrets, I tried to put
password for my login like this ' login : EAP "passwd" '. But it does
not work. No password is sent to the radius server and the
authentication failed.
Here is user's ipsec.conf:
# basic configuration
config setup
# strictcrlpolicy=yes
# uniqueids = no
# Add connections here.
conn home
left=%any # Localhost's information
leftauth=eap-radius
leftauth2=xauth-eap
#leftrsasigkey=%cert
eap_identity="login"
right=192.168.10.8
rightsubnet=10.1.0.0/24
rightid=%fromcert
rightrsasigkey=%cert
auto=add
Could anyone tell me where the password must be set ? Or is there a way
to force my server asking for user's credentials each time ?
Thanks for you help.
--
Sabrina
More information about the Users
mailing list