Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
N
N
nordz0r2021-10-19 17:49:35
Debian
nordz0r, 2021-10-19 17:49:35

How to connect to multiple Radius servers with strongswan for different configs?

Good evening. Tell me, in my configuration behind the VPN (strongswan ikev2) server there are several ADs (on Samba4). I share DNS connections to the server. I need one config to connect to one Radius server, the second config to another.

Config /etc/ipsec.conf

config setup
    charondebug = "ike 1, knl 0, cfg 0"
    uniqueids = never

conn swan.domain.ru
    auto = add
    compress = no
    type = tunnel
    keyexchange = ikev2
    fragmentation = yes
    forceencaps = yes
    dpdaction = clear
    dpddelay = 300s
    rekey = no
    left = %defaultroute
    leftid = @swan.domain.ru
    leftcert = /etc/letsencrypt/live/swan.domain.ru/fullchain.pem
    leftsendcert = always
    leftsubnet = 0.0.0.0/0
    right = %any
    rightid = %any
    rightauth = eap-radius
    #rightauth = eap-mschapv2
    rightsourceip = 10.18.20.0/24
    rightdns = 10.18.18.10
    rightsendcert = never
    eap_identity = %identity
    ike = aes256-sha256-modp2048,aes128-sha1-modp1024,3des-sha1-modp1024!
    esp = aes256-sha256,aes128-sha1,3des-sha1!
    dpdaction = restart

conn s35.domain.ru
    auto = add
    compress = no
    type = tunnel
    keyexchange = ikev2
    fragmentation = yes
    forceencaps = yes
    dpdaction = clear
    dpddelay = 300s
    rekey = no
    left = %defaultroute
    leftid = @s35.domain.ru
    leftcert = /etc/letsencrypt/live/s35.domain.ru/fullchain.pem
    leftsendcert = always
    leftsubnet = 10.18.18.101/32, 10.18.18.10/32
    right = %any
    rightid = %any
    rightauth = eap-radius
    #rightauth = eap-mschapv2
    rightsourceip = 10.18.22.0/24
    rightdns = 10.18.18.10
    rightsendcert = never
    eap_identity = %identity
    ike = aes256-sha256-modp2048,aes128-sha1-modp1024,3des-sha1-modp1024!
    esp = aes256-sha256,aes128-sha1,3des-sha1!
    dpdaction = restart


Config /etc/strongswan.conf
charon {
        load_modular = yes
        plugins {
                include strongswan.d/charon/*.conf
                eap-radius {
                    servers {
                        server-a {
                            accounting = yes
                            secret = password
                            address = 10.18.18.101
                            auth_port = 1812
                            acct_port = 1813
                        }
                    }
                }
        }
}

include strongswan.d/*.conf

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
A
Andrey Barbolin, 2021-10-19
@dronmaxman

https://wiki.strongswan.org/projects/strongswan/wi...
Multiple rounds ?

Similar questions
A
Arman2013-06-24 17:34:38
Remove old certificate (debian)? 2Reply
D
Denis _______________2021-09-18 10:48:56
What is the most convenient way to monitor CPU and VC temperatures under Linux and control turntables on a laptop? 1Reply
C
Chvalov2018-06-24 02:55:27
How to properly tune database configs, allocate resources? 3Reply
T
Tim32016-02-10 13:47:56
Squid3 installation, qui reports or console? 1Reply
S
Sergey2016-02-11 16:23:41
PHP-FPM how to file summary status url for all FPM pools? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question