[Solved] Freeradius, WAP2-Enterprise & IKEv2 Clients


  • Galactic Empire

    Following on from assigning my IKEv2 clients a fixed IP addres via Freeradius.

    Is there any way of stopping the IKEv2 Clients IDs  andy-ipad, andy-iphone, etc …. from connecting via Wi-Fi ?

    My /usr/local/etc/raddb/users file looks like this :-

    "andy" Cleartext-Password := "PASSWORDHERE"

    Service-Type = Administrative-User

    "andy-ipad" Cleartext-Password := "PASSWORDHERE", Simultaneous-Use := "1"

    Framed-IP-Address = 172.16.9.1,
    Framed-IP-Netmask = 255.255.255.0,
    Framed-Route = "0.0.0.0/0 172.16.0.1 1"

    "andy-iphone" Cleartext-Password := "PASSWORDHERE", Simultaneous-Use := "1"

    Framed-IP-Address = 172.16.9.2,
    Framed-IP-Netmask = 255.255.255.0,
    Framed-Route = "0.0.0.0/0 172.16.0.1 1"

    Etc ...


  • Galactic Empire

    Had a poke round the freeradius web pages and came across radsniff.

    http://freeradius.org/radiusd/man/radsniff.html

    Output from radsniff shows the following when connecting via vpn :-

    NAS-Identifier == strongSwan

    Answer to my issue add NAS-Identifier == strongSwan as a check item

    "andy-ipad" Cleartext-Password := "PASSWORDHERE", Simultaneous-Use := "1", NAS-Identifier == strongSwan

    Framed-IP-Address = 172.16.9.1,
    Framed-IP-Netmask = 255.255.255.0,
    Framed-Route = "0.0.0.0/0 172.16.0.1 1"