Annotation of embedaddon/strongswan/conf/plugins/eap-radius.opt, revision 1.1
1.1 ! misho 1: charon.plugins.eap-radius.accounting = no
! 2: Send RADIUS accounting information to RADIUS servers.
! 3:
! 4: charon.plugins.eap-radius.accounting_close_on_timeout = yes
! 5: Close the IKE_SA if there is a timeout during interim RADIUS accounting
! 6: updates.
! 7:
! 8: charon.plugins.eap-radius.accounting_interval = 0
! 9: Interval in seconds for interim RADIUS accounting updates, if not specified
! 10: by the RADIUS server in the Access-Accept message.
! 11:
! 12: charon.plugins.eap-radius.accounting_requires_vip = no
! 13: If enabled, accounting is disabled unless an IKE_SA has at least one
! 14: virtual IP. Only for IKEv2, for IKEv1 a virtual IP is strictly necessary.
! 15:
! 16: charon.plugins.eap-radius.accounting_send_class = no
! 17: If enabled, adds the Class attributes received in Access-Accept message to
! 18: the RADIUS accounting messages.
! 19:
! 20: charon.plugins.eap-radius.class_group = no
! 21: Use class attributes in Access-Accept messages as group membership
! 22: information.
! 23:
! 24: Use the _class_ attribute sent in the RADIUS-Accept message as group
! 25: membership information that is compared to the groups specified in the
! 26: **rightgroups** option in **ipsec.conf**(5).
! 27:
! 28: charon.plugins.eap-radius.close_all_on_timeout = no
! 29: Closes all IKE_SAs if communication with the RADIUS server times out. If it
! 30: is not set only the current IKE_SA is closed.
! 31:
! 32: charon.plugins.eap-radius.dae.enable = no
! 33: Enables support for the Dynamic Authorization Extension (RFC 5176).
! 34:
! 35: charon.plugins.eap-radius.dae.listen = 0.0.0.0
! 36: Address to listen for DAE messages from the RADIUS server.
! 37:
! 38: charon.plugins.eap-radius.dae.port = 3799
! 39: Port to listen for DAE requests.
! 40:
! 41: charon.plugins.eap-radius.dae.secret
! 42: Shared secret used to verify/sign DAE messages. If set, make sure to adjust
! 43: the permissions of the config file accordingly.
! 44:
! 45: charon.plugins.eap-radius.eap_start = no
! 46: Send EAP-Start instead of EAP-Identity to start RADIUS conversation.
! 47:
! 48: charon.plugins.eap-radius.filter_id = no
! 49: Use filter_id attribute as group membership information.
! 50:
! 51: If the RADIUS _tunnel_type_ attribute with value **ESP** is received, use
! 52: the _filter_id_ attribute sent in the RADIUS-Accept message as group
! 53: membership information that is compared to the groups specified in the
! 54: **rightgroups** option in **ipsec.conf**(5).
! 55:
! 56: charon.plugins.eap-radius.forward.ike_to_radius
! 57: RADIUS attributes to be forwarded from IKEv2 to RADIUS.
! 58:
! 59: RADIUS attributes to be forwarded from IKEv2 to RADIUS (can be defined by
! 60: name or attribute number, a colon can be used to specify vendor-specific
! 61: attributes, e.g. Reply-Message, or 11, or 36906:12).
! 62:
! 63: charon.plugins.eap-radius.forward.radius_to_ike =
! 64: Same as ike_to_radius but from RADIUS to IKEv2.
! 65:
! 66: Same as _charon.plugins.eap-radius.forward.ike_to_radius_ but from RADIUS to
! 67: IKEv2, a strongSwan specific private notify (40969) is used to transmit the
! 68: attributes.
! 69:
! 70: charon.plugins.eap-radius.id_prefix
! 71: Prefix to EAP-Identity, some AAA servers use a IMSI prefix to select the
! 72: EAP method.
! 73:
! 74: charon.plugins.eap-radius.nas_identifier = strongSwan
! 75: NAS-Identifier to include in RADIUS messages.
! 76:
! 77: charon.plugins.eap-radius.port = 1812
! 78: Port of RADIUS server (authentication).
! 79:
! 80: charon.plugins.eap-radius.secret =
! 81: Shared secret between RADIUS and NAS. If set, make sure to adjust the
! 82: permissions of the config file accordingly.
! 83:
! 84: charon.plugins.eap-radius.server =
! 85: IP/Hostname of RADIUS server.
! 86:
! 87: charon.plugins.eap-radius.retransmit_base = 1.4
! 88: Base to use for calculating exponential back off.
! 89:
! 90: charon.plugins.eap-radius.retransmit_timeout = 2.0
! 91: Timeout in seconds before sending first retransmit.
! 92:
! 93: charon.plugins.eap-radius.retransmit_tries = 4
! 94: Number of times to retransmit a packet before giving up.
! 95:
! 96: charon.plugins.eap-radius.servers {}
! 97: Section to specify multiple RADIUS servers.
! 98:
! 99: Section to specify multiple RADIUS servers. The **nas_identifier**,
! 100: **secret**, **sockets** and **port** (or **auth_port**) options can be
! 101: specified for each server. A server's IP/Hostname can be configured using
! 102: the **address** option. The **acct_port** [1813] option can be used to
! 103: specify the port used for RADIUS accounting. For each RADIUS server a
! 104: priority can be specified using the **preference** [0] option. The
! 105: retransmission time for each server can set set using **retransmit_base**,
! 106: **retransmit_timeout** and **retransmit_tries**.
! 107:
! 108: charon.plugins.eap-radius.sockets = 1
! 109: Number of sockets (ports) to use, increase for high load.
! 110:
! 111: charon.plugins.eap-radius.station_id_with_port = yes
! 112: Whether to include the UDP port in the Called- and Calling-Station-Id
! 113: RADIUS attributes.
! 114:
! 115: charon.plugins.eap-radius.xauth {}
! 116: Section to configure multiple XAuth authentication rounds via RADIUS.
! 117:
! 118: Section to configure multiple XAuth authentication rounds via RADIUS.
! 119: The subsections define so called authentication profiles with arbitrary
! 120: names. In each profile section one or more XAuth types can be configured,
! 121: with an assigned message. For each type a separate XAuth exchange will be
! 122: initiated and all replies get concatenated into the User-Password attribute,
! 123: which then gets verified over RADIUS.
! 124:
! 125: Available XAuth types are **password**, **passcode**, **nextpin**, and
! 126: **answer**. This type is not relevant to strongSwan or the AAA server, but
! 127: the client may show a different dialog (along with the configured message).
! 128:
! 129: To use the configured profiles, they have to be configured in the respective
! 130: connection in **ipsec.conf**(5) by appending the profile name, separated by
! 131: a colon, to the **xauth-radius** XAauth backend configuration in _rightauth_
! 132: or _rightauth2_, for instance, _rightauth2=xauth-radius:profile_.
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to eap-radius.opt CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / conf / plugins