strongSwan as a Policy Enforcement Point » History » Version 6

« Previous - Version 6/13 (diff) - Next » - Current version
Andreas Steffen, 14.12.2010 21:23

strongSwan as a Policy Enforcement Point¶

Configuration as a TNCCS 1.1 VPN Policy Enforcement Point with an EAP-RADIUS interface¶

./configure --prefix=/usr --sysconfdir =/etc --disable-pluto --enable-curl
            --enable-eap-radius

/etc/strongswan.conf - strongSwan configuration file

charon {
  plugins {
    eap-radius {
      secret = gv6URkSs 
      server = 10.1.0.10
      filter_id = yes
    }
  }
}

/etc/ipsec.secrets - strongSwan IPsec secrets file

: RSA moonKey.pem

/etc/ipsec.conf - strongSwan IPsec configuration file

conn rw-allow
     rightgroups=allow
     leftsubnet=10.1.0.0/28
     also=rw-eap
     auto=add

conn rw-isolate
     rightgroups=isolate
     leftsubnet=10.1.0.16/28
     also=rw-eap
     auto=add

conn rw-eap
     leftcert=moonCert.pem
     leftid=@moon.strongswan.org
     leftauth=pubkey
     rightauth=eap-radius
     rightid=*@strongswan.org
     rightsendcert=never
     right=%any

PEP logfile

Files (0)

Project

General

Profile

strongSwan

Documentation¶

Resources¶

Wiki

strongSwan as a Policy Enforcement Point » History » Version 6

strongSwan as a Policy Enforcement Point¶

Configuration as a TNCCS 1.1 VPN Policy Enforcement Point with an EAP-RADIUS interface¶