[strongSwan] radius nas_identifier, multihomed setup

Denis Zinevich link at ngc.net.ua
Wed Dec 10 16:12:22 CET 2014


Hello,

Thanks. Started freeradius in debug mode and figred everything out.
In case anyone will need this:
Made few sections in ipsec.conf with unique left=
Then strongswan pass NAS-Port-Id which contains conn "name" to freeradius. And in freeradius it can be used in if/else.

10.12.2014, 11:55, "Martin Willi" <martin at strongswan.org>:
> Hi Denis,
>>  On server I have several IP addresses (let's say 10.0.0.1, 10.0.0.2,
>>  10.0.0.3), and I need somehow pass to freeradius info about server IP
>>  where client connects.
>
> strongSwan includes several attributes to each authentication request.
> Calling-Station-Id contains the peers IKE endpoint address, while
> Called-Station-Id contains the local IKE endpoint address. The
> station_id_with_port eap-radius strongswan.conf option defines if the
> port number is included in the attribute, and defaults to yes.
>>  This can be done by either passing sever ip as argument or setting
>>  unique nas_identifier per IP. Is there such possibility ? May be
>>  setting multiple "conn" in ipsec.conf which will use diffrent nas_id or
>>  pass it's IP to radius ?
>
> RADIUS configuration settings, including the NAS Identifier, are global
> options. Using a different RADIUS configuration for different IKE
> connections is currently not supported.
>
> Regards
> Martin


More information about the Users mailing list