Project

General

Profile

Issue #1456

Updated by Tobias Brunner about 6 years ago

Hi,

We are implementing strongSwan 5.3.5 with EAP-RADIUS and EAP-AKA Authentication, our AAA server expects to receives Tunnel-Client-Endpoint and Tunnel-Server-Endpoint AVPs in RADIUS Account Start/Stop messages, but strongSwan is not sending them.

These AVPs are defined in RFC 2868 (https://www.ietf.org/rfc/rfc2868.txt), section 3.3 & 3.4

Type
66 for Tunnel-Client-Endpoint.

Type
67 for Tunnel-Server-Endpoint.

Network capture between strongSwan and Radius/AAA:
<pre>


RADIUS Protocol
Code: Accounting-Request (4)
Packet identifier: 0x9c (156)
Length: 195
Authenticator: 0ccec6ba3dca3338a1cf777fca24a4ef
[The response to this request is in frame 1841]
Attribute Value Pairs
AVP: l=6 t=Acct-Status-Type(40): Start(1)
AVP: l=14 t=Acct-Session-Id(44): 1456235532-2
AVP: l=6 t=NAS-Port-Type(61): Virtual(5)
AVP: l=6 t=Service-Type(6): Framed(2)
AVP: l=6 t=NAS-Port(5): 2
AVP: l=14 t=NAS-Port-Id(87): XXXXXXX
AVP: l=6 t=NAS-IP-Address(4): xxx.xxx.xxx.xxx
AVP: l=22 t=Called-Station-Id(30): xxx.xxx.xxx.xxx[4500]
AVP: l=21 t=Calling-Station-Id(31): xxx.xxx.xxx.xxx[4500]
AVP: l=56 t=User-Name(1): xxxxx@yyyy.com
AVP: l=6 t=Framed-IP-Address(8): xxx.xxx.xxx.xxx
AVP: l=12 t=NAS-Identifier(32): strongSwan
</pre>

Back