[strongSwan] Storngswan and freeradius

[Noel Kuntze]

Hello,

Yes, you can do that. Looks like you still need to install the package (whichever that is) for the eap-radius plugin.
See the FAQ[1].

[1] https://wiki.strongswan.org/projects/strongswan/wiki/FAQ#Plugin-is-missing

Kind regards

Noel

Am 27.05.20 um 10:17 schrieb Клеусов Владимир Сергеевич:
> Hi,
> I design such a system:
> 1) strongSwan
> 2) freeradius (TTTLS/PAP). Connected to LDAP
> 3) microtik
> 
> Theoretically, it is possible to configure the configuration like this ? Strongswan connects to freeRADIUS and authorizes users. Users from LDAP.
> 
> Attempts to configure via eap-radius lead to an error
> 
> 
> charon[42383]: 14[CFG] selected peer config "IKEv1"
> charon[42383]: 14[CFG] no XAuth method found for ‘radius'
> 
> In ipsec.conf
>   eap_identity=%identity
> 
>     keyexchange=ikev1
>     leftauth=psk
>     rightauth=psk
>     rightauth2=xauth-radius
>     auto=add
> 
> In /etc/strongswan.d/charon/eap-radius.conf
> eap-radius {
>     accounting = yes
>     load = yes
> 
>     servers {
>         freeradius {
> 
>             address = 10.15.12.43
>             auth_port = 1812
>             acct_port = 1813
>             sockets = 10
>             secret = blabla
>             nas_identifier = vpn
>         }
>     }
> }
>  In cat /etc/strongswan.d/charon/xauth-eap.conf
> xauth-eap {
>     backend = radius
>     load = yes
> }
> 
> In 
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20200601/bda8630c/attachment.sig>