[strongSwan] Integrating radius with strongswan.

Azfar Hashmi azfar.hashmi at cloudways.com
Mon Feb 18 16:00:34 CET 2013


Hi Martin,

Thanks for the clearing up things. I will first move to v5.x then come back.

On 2/18/2013 7:44 PM, Martin Willi wrote:
> Hi Azfar,
>
>> I am using Strongswan 4.5.2 (Debian Squeeze) with xauthrsasig auth type.
>> Now I want to replace ipsec.secrets and put a radius server.
> In 4.5.2, IKEv1 is handled in the "pluto" daemon. Pluto does not have
> support for RADIUS authentication.
>
> With strongSwan 5.x, we reimplemented IKEv1 in the newer "charon" daemon
> which also supports IKEv2. With its eap-radius backend and the xauth-eap
> bridge, you can authenticate XAuth clients against RADIUS. It requires a
> RADIUS server that speaks EAP, though. See [1] for details.
>
>> 1) Can I still use xauth+rsa as a auth mechanism with eap-radius plugin.
> With the xauth-eap helper plugin, yes.
>
>> 2) Do I need to recompile strongswan for eap-radius plugin or Debian 6
>> comes with it.
> You need at least 5.0.0, better 5.0.2, which doesn't come with Debian
> yet. Also, you need the eap-radius and the xauth-eap plugins, along with
> a suitable EAP method.
>
>> 3) I want to use single server for both radius and strongswan, what is
>> the role of strongswan.conf in *"alice"*?
> Alice is the RADIUS server in this example, so you won't need it. You
> can install your RADIUS server on moon, and configure eap-radius to use
> the local RADIUS server.
>
> Regards
> Martin
>
> [1]http://wiki.strongswan.org/projects/strongswan/wiki/XAuthEAP
>


-- 

AzfarHashmi

Cloudways

Your Managed Cloud

 

e: azfar.hashmi at cloudways.com

w: www.cloudways.com <http://www.cloudways.com>

 

PGP keyid: 0xF42034B0F915D729

http://keyserver.pgp.com

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130218/e26ad7cf/attachment.html>


More information about the Users mailing list