[Solved] Freeradius, WAP2-Enterprise & IKEv2 Clients

NogBadTheBad · Oct 18, 2017, 5:05 PM

Following on from assigning my IKEv2 clients a fixed IP addres via Freeradius.

Is there any way of stopping the IKEv2 Clients IDs andy-ipad, andy-iphone, etc …. from connecting via Wi-Fi ?

My /usr/local/etc/raddb/users file looks like this :-

"andy" Cleartext-Password := "PASSWORDHERE"

Service-Type = Administrative-User

"andy-ipad" Cleartext-Password := "PASSWORDHERE", Simultaneous-Use := "1"

Framed-IP-Address = 172.16.9.1,
Framed-IP-Netmask = 255.255.255.0,
Framed-Route = "0.0.0.0/0 172.16.0.1 1"

"andy-iphone" Cleartext-Password := "PASSWORDHERE", Simultaneous-Use := "1"

Framed-IP-Address = 172.16.9.2,
Framed-IP-Netmask = 255.255.255.0,
Framed-Route = "0.0.0.0/0 172.16.0.1 1"

Etc ...

NogBadTheBad · Oct 17, 2017, 8:18 PM

Had a poke round the freeradius web pages and came across radsniff.

http://freeradius.org/radiusd/man/radsniff.html

Output from radsniff shows the following when connecting via vpn :-

NAS-Identifier == strongSwan

Answer to my issue add NAS-Identifier == strongSwan as a check item

"andy-ipad" Cleartext-Password := "PASSWORDHERE", Simultaneous-Use := "1", NAS-Identifier == strongSwan

Framed-IP-Address = 172.16.9.1,
Framed-IP-Netmask = 255.255.255.0,
Framed-Route = "0.0.0.0/0 172.16.0.1 1"