On 11/16/2011 09:53 PM, Houston-III, Lester L wrote:
What I want to do now is have the StrongSwan VPN client inject some custom data into the EAP message so that data can be propagated through to JRADIUS for use in the post authorization method. Maybe something like creating my own attribute or something. Is this possible? If so, how can I do this? If not, is there a way to modify an existing FreeRADIUS attribute that can be modified by the StrongSwan VPN client?
Ok - you want to communicate data from the StrongSwan VPN client, to JRadius?
Basically this is really, really hard. You will need to extend an EAP mechanism to send some arbitrary payload, or make use of an existing EAP mechanism that can carry such data. It will require source code changes on both the StrongSwan client, and the FreeRADIUS server.
You can't "use a radius attribute" - the StrongSwan client doesn't speak radius. It speaks EAP over IKE/IKEv2 to an IPSec peer, and the IPSec peer transports the EAP over radius. Any data will therefore need to travel inside the EAP mechanism.
What data do you want to communicate from client to server? Instead of saying how you want to do something, state what you want to do.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
