Project

General

Profile

Actions

Feature #8160

closed

Accomodate both RADIUS and pool IP addresses in IPsec

Added by Chris Linstruth almost 7 years ago. Updated about 4 years ago.

Status:
Resolved
Priority:
Normal
Category:
IPsec
Target version:
Start date:
12/04/2017
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:

Description

Strongswan now allows multiple dynamic address pools in mobile IPsec.

I was able to coerce it to work by forcing eap-radius to load earlier by placing load = 255 in /usr/local/etc/strongswan.d/charon/eap-radius.conf causing that plugin to load earlier.

I also manually placed rightsourceip = %radius,172.25.25.0/24 in /var/etc/ipsec/ipsec.conf in the mobile IPsec connection.

After manually stopping and starting ipsec the Framed-IP-Address attribute was honored if present. If not, the 172.25.25.0/24 pool was used.

Actions

Also available in: Atom PDF