[strongSwan] radius nas_identifier, multihomed setup
martin at strongswan.org
Wed Dec 10 10:55:33 CET 2014
> On server I have several IP addresses (let's say 10.0.0.1, 10.0.0.2,
> 10.0.0.3), and I need somehow pass to freeradius info about server IP
> where client connects.
strongSwan includes several attributes to each authentication request.
Calling-Station-Id contains the peers IKE endpoint address, while
Called-Station-Id contains the local IKE endpoint address. The
station_id_with_port eap-radius strongswan.conf option defines if the
port number is included in the attribute, and defaults to yes.
> This can be done by either passing sever ip as argument or setting
> unique nas_identifier per IP. Is there such possibility ? May be
> setting multiple "conn" in ipsec.conf which will use diffrent nas_id or
> pass it's IP to radius ?
RADIUS configuration settings, including the NAS Identifier, are global
options. Using a different RADIUS configuration for different IKE
connections is currently not supported.
More information about the Users