radattr plugin

The radattr plugin provides and prints RADIUS attributes forwarded via strongSwan specific, private IKEv2 notify payloads (40969).

To enable the plugin, add

to the ./configure options.

It is available since 4.6.3.


RADIUS attributes to be forwarded to a peer are defined in files named after the local EAP-Identity (or IKE-Identity) used during authentication. Received attributes are written to the log.


The plugin is configured using the following strongswan.conf options.

Key Default Description
charon.plugins.radattr.dir Directory where RADIUS attributes are stored in client-ID specific files
charon.plugins.radattr.message_id -1 RADIUS attributes are added to all IKE_AUTH messages by default (-1), or only to the IKE_AUTH message with the given IKEv2 message ID

Attribute Files

The files stored in the directory configured with charon.plugins.radattr.dir have to be named after the peers local EAP-Identity (or IKE-Identity). They contain the RADIUS attribute to be forwarded as binary blob.