The radattr plugin provides and prints RADIUS attributes forwarded via strongSwan specific, private IKEv2 notify payloads (40969).
To enable the plugin, add
--enable-radattrto the ./configure options.
It is available since 4.6.3.
RADIUS attributes to be forwarded to a peer are defined in files named after the local EAP-Identity (or IKE-Identity) used during authentication. Received attributes are written to the log.
The plugin is configured using the following strongswan.conf options.
|charon.plugins.radattr.dir||Directory where RADIUS attributes are stored in client-ID specific files|
|charon.plugins.radattr.message_id||-1||RADIUS attributes are added to all IKE_AUTH messages by default (-1), or only to the IKE_AUTH message with the given IKEv2 message ID|
The files stored in the directory configured with charon.plugins.radattr.dir have to be named after the peers local EAP-Identity (or IKE-Identity). They contain the RADIUS attribute to be forwarded as binary blob.