Project

General

Profile

radattr plugin

The radattr plugin provides and prints RADIUS attributes forwarded via strongSwan specific, private IKEv2 notify payloads (40969).

To enable the plugin, add

--enable-radattr
to the ./configure options.

It is available since 4.6.3.

Behavior

RADIUS attributes to be forwarded to a peer are defined in files named after the local EAP-Identity (or IKE-Identity) used during authentication. Received attributes are written to the log.

Configuration

The plugin is configured using the following strongswan.conf options.

Key Default Description
charon.plugins.radattr.dir Directory where RADIUS attributes are stored in client-ID specific files
charon.plugins.radattr.message_id -1 RADIUS attributes are added to all IKE_AUTH messages by default (-1), or only to the IKE_AUTH message with the given IKEv2 message ID

Attribute Files

The files stored in the directory configured with charon.plugins.radattr.dir have to be named after the peers local EAP-Identity (or IKE-Identity). They contain the RADIUS attribute to be forwarded as binary blob.