Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
N
N
nordz0r2021-10-19 17:49:35
Debian
nordz0r, 2021-10-19 17:49:35

How to connect to multiple Radius servers with strongswan for different configs?

Good evening. Tell me, in my configuration behind the VPN (strongswan ikev2) server there are several ADs (on Samba4). I share DNS connections to the server. I need one config to connect to one Radius server, the second config to another.

Config /etc/ipsec.conf

config setup
    charondebug = "ike 1, knl 0, cfg 0"
    uniqueids = never

conn swan.domain.ru
    auto = add
    compress = no
    type = tunnel
    keyexchange = ikev2
    fragmentation = yes
    forceencaps = yes
    dpdaction = clear
    dpddelay = 300s
    rekey = no
    left = %defaultroute
    leftid = @swan.domain.ru
    leftcert = /etc/letsencrypt/live/swan.domain.ru/fullchain.pem
    leftsendcert = always
    leftsubnet = 0.0.0.0/0
    right = %any
    rightid = %any
    rightauth = eap-radius
    #rightauth = eap-mschapv2
    rightsourceip = 10.18.20.0/24
    rightdns = 10.18.18.10
    rightsendcert = never
    eap_identity = %identity
    ike = aes256-sha256-modp2048,aes128-sha1-modp1024,3des-sha1-modp1024!
    esp = aes256-sha256,aes128-sha1,3des-sha1!
    dpdaction = restart

conn s35.domain.ru
    auto = add
    compress = no
    type = tunnel
    keyexchange = ikev2
    fragmentation = yes
    forceencaps = yes
    dpdaction = clear
    dpddelay = 300s
    rekey = no
    left = %defaultroute
    leftid = @s35.domain.ru
    leftcert = /etc/letsencrypt/live/s35.domain.ru/fullchain.pem
    leftsendcert = always
    leftsubnet = 10.18.18.101/32, 10.18.18.10/32
    right = %any
    rightid = %any
    rightauth = eap-radius
    #rightauth = eap-mschapv2
    rightsourceip = 10.18.22.0/24
    rightdns = 10.18.18.10
    rightsendcert = never
    eap_identity = %identity
    ike = aes256-sha256-modp2048,aes128-sha1-modp1024,3des-sha1-modp1024!
    esp = aes256-sha256,aes128-sha1,3des-sha1!
    dpdaction = restart


Config /etc/strongswan.conf
charon {
        load_modular = yes
        plugins {
                include strongswan.d/charon/*.conf
                eap-radius {
                    servers {
                        server-a {
                            accounting = yes
                            secret = password
                            address = 10.18.18.101
                            auth_port = 1812
                            acct_port = 1813
                        }
                    }
                }
        }
}

include strongswan.d/*.conf

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
A
Andrey Barbolin, 2021-10-19
@dronmaxman

https://wiki.strongswan.org/projects/strongswan/wi...
Multiple rounds ?

Similar questions
S
Stanislav2017-04-01 08:13:01
Strange behavior of linux: why are files under one of the users created, but when the content is written to them, they are deleted? 2Reply
V
Vladislav Bushuev2015-03-31 12:44:43
Where is the error in IPTABLES? 2Reply
L
Leonid K2017-04-03 21:03:42
How to change raspberry pi password without access to it? 4Reply
R
Roman2017-04-04 12:45:58
Cron job crashes with an error.? 3Reply
Y
yanikme2021-03-28 08:18:50
How to set up domain for mail on debian 10? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question