Hi, I faced that there are no attr_sql support on standard Debian 9 packages.
ipsec statusall also prints all the available plugins, having already installed all the available strongswan debian packages. So, on Debian 9 we cannot have more then this: loaded plugins: charon test-vectors ldap pkcs11 aesni aes rc2 sha2 sha1 md5 rdrand random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl gcrypt af-alg fips-prf gmp agent xcbc cmac hmac ctr ccm gcm curl attr kernel-netlink resolve socket-default connmark farp stroke vici updown eap-identity eap-aka eap-md5 eap-gtc eap-mschapv2 eap-radius eap-tls eap-ttls eap-tnc xauth-generic xauth-eap xauth-pam tnc-tnccs dhcp lookip error-notify certexpire led addrblock unity This means, to me but every suggestion could be appreciated, that the only way to get a persistent pool lease system is to compile strongswan with --enable--attr-sql Thank you, I'll bring more usefull informations after all this, such the setup notes A huge setup migration is gonna to begin! 2017-10-16 22:08 GMT+02:00 Giuseppe De Marco <[email protected]>: > Hi all, > > I'm using Debian GNU/Linux 9.2 (stretch) with standard strongswan package > from stretch apt repository (5.5.1-4+deb9u1). > > The tunnel is a ikev2 with eap-radius authentication. > > I'm facing the problem that Windows 10 clients doesn't send their right > identity. > Linux and Android clients works great instead, they always request the > connections with the correct eap_identity as we expect to be. > > The problem is that if the Windows client fails its identity it will take > a dinamic virtual ip and not the static one, configured for it. > > I also read about attr_sql and the possibility to fix the ip assignment in > a second time, via sql. > I'd like also to play with it but, I installed all of the > strongswan/charon packages, they are all here: > > libstrongswan > libstrongswan-extra-plugins > libstrongswan-standard-plugins > network-manager-strongswan > strongswan > strongswan-charon > strongswan-ike > strongswan-ikev1 > strongswan-ikev2 > strongswan-libcharon > strongswan-nm > strongswan-pki > strongswan-scepclient > strongswan-starter > strongswan-swanctl > charon-cmd > charon-systemd > libcharon-extra-plugins > strongswan-charon > strongswan-libcharon > > But I cannot see the attr_plugin loaded and running, with the command: > > ipsec listplugins > > attr_sql could be a good solution, the goal is to configure a Windows 10 > that correctly presents itself with its proper identity, instead of its WAN > IP as 192.168.3.44: > > 04[CFG] looking for peer configs matching 110.7.6.173[%any]...11.74.200. > 151[192.168.3.44] > 04[CFG] selected peer config 'ike2-eap-radius' > > The same account, using nm-strongswan or charon-cmd, works great with > Linux, the identity (Frank) is there: > > 15[CFG] looking for peer configs matching 110.7.6.173[%any]...11.74.200. > 151[Frank] > 15[CFG] selected peer config 'ike2-eap-Frank' > > I'm also sure that this problem should be well know in Windows 10 clients, > it looks so standard! > Any suggestions would be very appreciated > >
