Feature #8160
closed
Accomodate both RADIUS and pool IP addresses in IPsec
100%
Description
Strongswan now allows multiple dynamic address pools in mobile IPsec.
I was able to coerce it to work by forcing eap-radius to load earlier by placing load = 255 in /usr/local/etc/strongswan.d/charon/eap-radius.conf causing that plugin to load earlier.
I also manually placed rightsourceip = %radius,172.25.25.0/24 in /var/etc/ipsec/ipsec.conf in the mobile IPsec connection.
After manually stopping and starting ipsec the Framed-IP-Address attribute was honored if present. If not, the 172.25.25.0/24 pool was used.
Updated by Jim Pingle over 6 years ago
- Target version changed from 2.4.3 to 2.4.4
Updated by Louis C about 6 years ago
Implementation PR: https://github.com/pfsense/pfsense/pull/3976
Updated by Jim Pingle about 5 years ago
- Status changed from New to Pull Request Review
Updated by Renato Botelho almost 5 years ago
- Status changed from Pull Request Review to New
PR has been closed due to inactivity
Updated by Viktor Gurov almost 5 years ago
resolved with some extra bugfixes:
https://github.com/pfsense/pfsense/pull/4194
Updated by Jim Pingle almost 5 years ago
- Status changed from New to Pull Request Review
Updated by Renato Botelho almost 5 years ago
- Status changed from Pull Request Review to Feedback
- Assignee set to Renato Botelho
- % Done changed from 0 to 100
PR has been merged. Thanks!
Updated by Viktor Gurov over 4 years ago
works as expected on 2.5.0.a.20200305.2255
but some minor fixes:
https://github.com/pfsense/pfsense/pull/4219
Updated by Jim Pingle over 4 years ago
- Status changed from Feedback to Pull Request Review
Updated by Renato Botelho over 4 years ago
- Status changed from Pull Request Review to Feedback
PR has been merged. Thanks!
Updated by Anonymous about 4 years ago
- Status changed from Feedback to Resolved