[strongSwan] strongswan with radius

sree sreejithake at gmail.com
Mon Jan 7 06:14:37 CET 2013 




Steve K. <headcrash89 at ...> writes:

> 
> Hi,I trying since 2 weeks to get an strongswan 5.0.0 working. The Connection
with Windows 7 works fine. Currently the Internet Connection is not working but
i think thats a NAT-Forwarding Problem ;). I use an RADIUS-Backend for
Authentication and its working fine for Windows 7. But I can´t get it working
for other Clients like iPhone, Android, Mac OS X or any other Windows Version
than Windows 7.
> Specily with the iPhone he is "looking for XAuthInitPSK config" but then he
shows "no peer config found" in the syslog entries.I found the iPhone Tutorial
on the strongswan wiki but this is not working for me because we have some
hundreds of clients which need to work with a VPN-Connection and its not very 
> convenient to place an cert & keyfile on every device.So now my question:1. Is
there a way to get Android, iPhone, Mac OS X and older Windows Versions than
Windows 7 working with an RADIUS without an cert&keyfile on every device ?.
Here´s my current configuration:## 1.2.3.4 --> Public IP## 10.0.1.100 -->
private IP on eth1conn %default        #ikelifetime=60m       
#keylife=20m        #rekeymargin=3m        #keyingtries=1
>         #keyexchange=ike        mobike = yesconn Windows7       
keyexchange=ike        left=1.2.3.4                ## Place for eth0 Public
IP        leftcert=/etc/ipsec.d/certs/cert.pem        leftsubnet=0.0.0.0/24
>         leftauth=pubkey        leftfirewall=yes        right=%any       
rightauth=eap-radius        rightsendcert=never       
eap_identity=%identity        rightsourceip=10.0.1.101/30
>         rightfirewall=yes        auto=add            conn iPhone       
keyexchange=ike        left=1.2.3.4                ## Place for eth0 Public
IP        leftcert=/etc/ipsec.d/certs/cert.pem
>         leftauth=pubkey        right=%any       
rightsourceip=10.0.1.201/24        auto=add        rightauth=eap-xauth       
eap_identity=%identity                
> I compiled strongswan 5 with this ./configure Options:./configure
--prefix=/usr --sysconfdir=/etc --enable-xauth-eap --enable-eap-tls
--enable-eap-radius --enable-eap-mschapv2 --enable-eap-identity --enable-eap-md5
--enable-eap-peap --enable-eap-tls --enable-eap-ttls --enable-md4 --enable-dhcp 
> --enable-farp --enable-kernel-klips --enable-kernel-pfkeyI hope you have some
new ideas for me to get strongswan working.Kind RegardsSteve

Hi ,

   I want to know what is the use of  --enable-kernel-klips  in strongswan
configuration.I tried to comment the option  --enable-kernel-pfkey ,but forget
to comment klips.so still using pfkey method.i want netlink to be enabled.

More information about the Users mailing list