History

radattr plugin¶

The radattr plugin provides and prints RADIUS attributes forwarded via strongSwan specific, private IKEv2 notify payloads (40969).

To enable the plugin, add

--enable-radattr

to the ./configure options.

It is available since 4.6.3.

Behavior¶

RADIUS attributes to be forwarded to a peer are defined in files named after the local EAP-Identity (or IKE-Identity) used during authentication. Received attributes are written to the log.

Configuration¶

The plugin is configured using the following strongswan.conf options.

Key	Default	Description
charon.plugins.radattr.dir		Directory where RADIUS attributes are stored in client-ID specific files
charon.plugins.radattr.message_id	-1	RADIUS attributes are added to all IKE_AUTH messages by default (-1), or only to the IKE_AUTH message with the given IKEv2 message ID

Attribute Files¶

The files stored in the directory configured with charon.plugins.radattr.dir have to be named after the peers local EAP-Identity (or IKE-Identity). They contain the RADIUS attribute to be forwarded as binary blob.

strongSwan

Documentation¶

Resources¶

Wiki

radattr plugin¶

Behavior¶

Configuration¶

Attribute Files¶