[Solved] Freeradius, WAP2-Enterprise & IKEv2 Clients
-
Following on from assigning my IKEv2 clients a fixed IP addres via Freeradius.
Is there any way of stopping the IKEv2 Clients IDs andy-ipad, andy-iphone, etc …. from connecting via Wi-Fi ?
My /usr/local/etc/raddb/users file looks like this :-
"andy" Cleartext-Password := "PASSWORDHERE"
Service-Type = Administrative-User
"andy-ipad" Cleartext-Password := "PASSWORDHERE", Simultaneous-Use := "1"
Framed-IP-Address = 172.16.9.1,
Framed-IP-Netmask = 255.255.255.0,
Framed-Route = "0.0.0.0/0 172.16.0.1 1""andy-iphone" Cleartext-Password := "PASSWORDHERE", Simultaneous-Use := "1"
Framed-IP-Address = 172.16.9.2,
Framed-IP-Netmask = 255.255.255.0,
Framed-Route = "0.0.0.0/0 172.16.0.1 1"Etc ...
-
Had a poke round the freeradius web pages and came across radsniff.
http://freeradius.org/radiusd/man/radsniff.html
Output from radsniff shows the following when connecting via vpn :-
NAS-Identifier == strongSwan
Answer to my issue add NAS-Identifier == strongSwan as a check item
"andy-ipad" Cleartext-Password := "PASSWORDHERE", Simultaneous-Use := "1", NAS-Identifier == strongSwan
Framed-IP-Address = 172.16.9.1,
Framed-IP-Netmask = 255.255.255.0,
Framed-Route = "0.0.0.0/0 172.16.0.1 1"