[strongSwan] radius nas_identifier, multihomed setup

Martin Willi martin at strongswan.org
Wed Dec 10 10:55:33 CET 2014

Hi Denis,

> On server I have several IP addresses (let's say,,
>, and I need somehow pass to freeradius info about server IP
> where client connects.

strongSwan includes several attributes to each authentication request.
Calling-Station-Id contains the peers IKE endpoint address, while
Called-Station-Id contains the local IKE endpoint address. The
station_id_with_port eap-radius strongswan.conf option defines if the
port number is included in the attribute, and defaults to yes.

> This can be done by either passing sever ip as argument or setting
> unique nas_identifier per IP. Is there such possibility ? May be
> setting multiple "conn" in ipsec.conf which will use diffrent nas_id or
> pass it's IP to radius ?

RADIUS configuration settings, including the NAS Identifier, are global
options. Using a different RADIUS configuration for different IKE
connections is currently not supported.


More information about the Users mailing list