[strongSwan] Storngswan and freeradius

[Клеусов Владимир Сергеевич]

Hi,
I design such a system:
1) strongSwan
2) freeradius (TTTLS/PAP). Connected to LDAP
3) microtik

Theoretically, it is possible to configure the configuration like this ? Strongswan connects to freeRADIUS and authorizes users. Users from LDAP.

Attempts to configure via eap-radius lead to an error


charon[42383]: 14[CFG] selected peer config "IKEv1"
charon[42383]: 14[CFG] no XAuth method found for ‘radius'

In ipsec.conf
  eap_identity=%identity

    keyexchange=ikev1
    leftauth=psk
    rightauth=psk
    rightauth2=xauth-radius
    auto=add

In /etc/strongswan.d/charon/eap-radius.conf
eap-radius {
    accounting = yes
    load = yes

    servers {
        freeradius {

            address = 10.15.12.43
            auth_port = 1812
            acct_port = 1813
            sockets = 10
            secret = blabla
            nas_identifier = vpn
        }
    }
}
 In cat /etc/strongswan.d/charon/xauth-eap.conf
xauth-eap {
    backend = radius
    load = yes
}

In