[strongSwan] Enabled eap-radius doesn't log session information

Wed Jan 3 23:13:55 CET 2018

Hi,

That's a freeRadius problem, not a strongSwan one. Please take it to the freeRadius community.

Kind regards

Noel

On 25.12.2017 11:46, Houman wrote:
> Hello,
>
> I have setup StrongSwan successfully with FreeRadius.  I can create a new user in the radcheck table inside radius DB and authenticate with the VPN with that user afterwards.
>
> However, there is no information saved inside the radacct table. I was expecting to see the session time of a connected user and find out a way to count the traffic a user has been utilising.
>
> But why is the table empty?
>
> I install StrongSwan like this, I don't specifically compile it with /./configure --enable-eap-radius/
>
> Instead, I install it like this, is that ok?
>
> add-apt-repository ppa:freeradius/stable-3.0 -y
> apt-get install -y language-pack-en strongswan strongswan-ikev2 libstrongswan-standard-plugins strongswan-libcharon libcharon-extra-plugins freeradius freeradius-utils freeradius-mysql
>
>
> *# vim /etc/strongswan.conf*
>
> charon {
>         load_modular = yes
>         plugins {
>                 include strongswan.d/charon/*.conf
>         }
> }
>
> include strongswan.d/*.conf
>
>
> *# vim /etc/strongswan.d/charon/eap-radius.conf*
>
> servers {
> server-a {
>             accounting = yes
>             secret = ${CLIENT_SECRET}
>             address = 127.0.0.1
>             auth_port = 1812
>             acct_port = 1813
> }
> }
>
>
> *# vim /etc/ipsec.conf*
>
> config setup
>   strictcrlpolicy=yes
>   uniqueids=never
> conn roadwarrior
>   auto=add
>   compress=no
>   type=tunnel
>   keyexchange=ikev2
>   fragmentation=yes
>   forceencaps=yes
>   ike=aes256gcm16-sha256-ecp521,aes256-sha256-ecp384,aes256-3des-sha1-modp1024!
>   esp=aes256gcm16-sha256,aes256-3des-sha256-sha1!
>   dpdaction=clear
>   dpddelay=180s
>   rekey=no
>   left=%any
>   leftid=@${VPNHOST}
>   leftcert=cert.pem
>   leftsendcert=always
>   leftsubnet=0.0.0.0/0 <http://0.0.0.0/0>
>   right=%any
>   rightid=%any
>   rightauth=eap-radius
>   eap_identity=%any
>   rightdns=208.67.222.222,208.67.220.220
>   rightsourceip=${VPNIPPOOL}
>   rightsendcert=never
>
>
> Merry Christmas and thank you,
> Houman

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180103/f134e711/attachment.sig>