Hello, Yes, you can do that. Looks like you still need to install the package (whichever that is) for the eap-radius plugin. See the FAQ[1].
[1] https://wiki.strongswan.org/projects/strongswan/wiki/FAQ#Plugin-is-missing Kind regards Noel Am 27.05.20 um 10:17 schrieb Клеусов Владимир Сергеевич: > Hi, > I design such a system: > 1) strongSwan > 2) freeradius (TTTLS/PAP). Connected to LDAP > 3) microtik > > Theoretically, it is possible to configure the configuration like this ? > Strongswan connects to freeRADIUS and authorizes users. Users from LDAP. > > Attempts to configure via eap-radius lead to an error > > > charon[42383]: 14[CFG] selected peer config "IKEv1" > charon[42383]: 14[CFG] no XAuth method found for ‘radius' > > In ipsec.conf > eap_identity=%identity > > keyexchange=ikev1 > leftauth=psk > rightauth=psk > rightauth2=xauth-radius > auto=add > > In /etc/strongswan.d/charon/eap-radius.conf > eap-radius { > accounting = yes > load = yes > > servers { > freeradius { > > address = 10.15.12.43 > auth_port = 1812 > acct_port = 1813 > sockets = 10 > secret = blabla > nas_identifier = vpn > } > } > } > In cat /etc/strongswan.d/charon/xauth-eap.conf > xauth-eap { > backend = radius > load = yes > } > > In >
signature.asc
Description: OpenPGP digital signature