[strongSwan] Specifying RADIUS attributes per-connection?

brent s. bts at square-r00t.net
Mon Aug 12 16:02:35 CEST 2019

On 8/12/19 9:55 AM, Tobias Brunner wrote:
> Hi Brent,
>> 1.) The named connection that listens (and serves as a tunneled gateway)
>> on should route through to the RADIUS server,
>> and should route through to the RADIUS server,
>> so they get detected as unique NAS addresses. should not
>> route through to the RADIUS server, and vice versa. This is
>> to ensure that the correct NAS (and therefore the correct set of
>> authentications) can be detected by RADIUS.
> Can't you just use the appropriate attribute(s) in the requests from
> strongSwan to make that distinction?
> Regards,
> Tobias

Thanks Tobias-

*Maybe*. I'd need to check if the authentication backend module I'm
using in RADIUS would allow me to do that (and without breaking RADIUS
for other services), but it's a good idea. It just feels strange to
rewrite the NAS Identifier with.... what would that even be, the Called
Station ID attribute?

brent saner
GPG info: https://square-r00t.net/gpg-info

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 899 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20190812/5246d36c/attachment-0001.sig>

More information about the Users mailing list