Version 3 - History - strongSwan as a Policy Enforcement Point - strongSwan

strongSwan as a Policy Enforcement Point » History » Version 3

Version 2 (Andreas Steffen, 13.12.2010 23:43) → Version 3/13 (Andreas Steffen, 14.12.2010 21:20)

h1. strongSwan as a Policy Enforcement Point

<pre>
./configure --prefix=/usr --sysconfdir =/etc --disable-pluto --enable-curl
--enable-eap-radius
</pre>

/etc/strongswan.conf - strongSwan configuration file

<pre>
charon {
The following plugins {
eap-radius {
secret = gv6URkSs
server = 10.1.0.10
filter_id = yes
}
}
}
</pre>

/etc/ipsec.secrets - must activated for strongSwan IPsec secrets file to take on the role of a Policy Enforcement Point

<pre>
: RSA moonKey.pem ./configure ... --eap-radius
</pre>

/etc/ipsec.conf - strongSwan IPsec configuration file

<pre>
conn rw-allow
rightgroups=allow
leftsubnet=10.1.0.0/28
also=rw-eap
auto=add

conn rw-isolate
rightgroups=isolate
leftsubnet=10.1.0.16/28
also=rw-eap
auto=add

conn rw-eap
leftcert=moonCert.pem
leftid=@moon.strongswan.org
leftauth=pubkey
rightauth=eap-radius
rightid=*@strongswan.org
rightsendcert=never
right=%any
</pre>

"PEP log file":http://www.strongswan.org/uml/testresults/ikev2/rw-eap-tnc-radius/moon.daemon.log

Project

General

Profile

strongSwan

strongSwan as a Policy Enforcement Point » History » Version 3