[strongSwan] radius nas_identifier, multihomed setup
link at ngc.net.ua
Wed Dec 10 16:12:22 CET 2014
Thanks. Started freeradius in debug mode and figred everything out.
In case anyone will need this:
Made few sections in ipsec.conf with unique left=
Then strongswan pass NAS-Port-Id which contains conn "name" to freeradius. And in freeradius it can be used in if/else.
10.12.2014, 11:55, "Martin Willi" <martin at strongswan.org>:
> Hi Denis,
>> On server I have several IP addresses (let's say 10.0.0.1, 10.0.0.2,
>> 10.0.0.3), and I need somehow pass to freeradius info about server IP
>> where client connects.
> strongSwan includes several attributes to each authentication request.
> Calling-Station-Id contains the peers IKE endpoint address, while
> Called-Station-Id contains the local IKE endpoint address. The
> station_id_with_port eap-radius strongswan.conf option defines if the
> port number is included in the attribute, and defaults to yes.
>> This can be done by either passing sever ip as argument or setting
>> unique nas_identifier per IP. Is there such possibility ? May be
>> setting multiple "conn" in ipsec.conf which will use diffrent nas_id or
>> pass it's IP to radius ?
> RADIUS configuration settings, including the NAS Identifier, are global
> options. Using a different RADIUS configuration for different IKE
> connections is currently not supported.
More information about the Users