Hi Azfar, > I am using Strongswan 4.5.2 (Debian Squeeze) with xauthrsasig auth type. > Now I want to replace ipsec.secrets and put a radius server.
In 4.5.2, IKEv1 is handled in the "pluto" daemon. Pluto does not have support for RADIUS authentication. With strongSwan 5.x, we reimplemented IKEv1 in the newer "charon" daemon which also supports IKEv2. With its eap-radius backend and the xauth-eap bridge, you can authenticate XAuth clients against RADIUS. It requires a RADIUS server that speaks EAP, though. See [1] for details. > 1) Can I still use xauth+rsa as a auth mechanism with eap-radius plugin. With the xauth-eap helper plugin, yes. > 2) Do I need to recompile strongswan for eap-radius plugin or Debian 6 > comes with it. You need at least 5.0.0, better 5.0.2, which doesn't come with Debian yet. Also, you need the eap-radius and the xauth-eap plugins, along with a suitable EAP method. > 3) I want to use single server for both radius and strongswan, what is > the role of strongswan.conf in *"alice"*? Alice is the RADIUS server in this example, so you won't need it. You can install your RADIUS server on moon, and configure eap-radius to use the local RADIUS server. Regards Martin [1]http://wiki.strongswan.org/projects/strongswan/wiki/XAuthEAP _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
