Annotation of embedaddon/strongswan/conf/plugins/eap-radius.opt, revision 1.1.1.1
1.1 misho 1: charon.plugins.eap-radius.accounting = no
2: Send RADIUS accounting information to RADIUS servers.
3:
4: charon.plugins.eap-radius.accounting_close_on_timeout = yes
5: Close the IKE_SA if there is a timeout during interim RADIUS accounting
6: updates.
7:
8: charon.plugins.eap-radius.accounting_interval = 0
9: Interval in seconds for interim RADIUS accounting updates, if not specified
10: by the RADIUS server in the Access-Accept message.
11:
12: charon.plugins.eap-radius.accounting_requires_vip = no
13: If enabled, accounting is disabled unless an IKE_SA has at least one
14: virtual IP. Only for IKEv2, for IKEv1 a virtual IP is strictly necessary.
15:
16: charon.plugins.eap-radius.accounting_send_class = no
17: If enabled, adds the Class attributes received in Access-Accept message to
18: the RADIUS accounting messages.
19:
20: charon.plugins.eap-radius.class_group = no
21: Use class attributes in Access-Accept messages as group membership
22: information.
23:
24: Use the _class_ attribute sent in the RADIUS-Accept message as group
25: membership information that is compared to the groups specified in the
26: **rightgroups** option in **ipsec.conf**(5).
27:
28: charon.plugins.eap-radius.close_all_on_timeout = no
29: Closes all IKE_SAs if communication with the RADIUS server times out. If it
30: is not set only the current IKE_SA is closed.
31:
32: charon.plugins.eap-radius.dae.enable = no
33: Enables support for the Dynamic Authorization Extension (RFC 5176).
34:
35: charon.plugins.eap-radius.dae.listen = 0.0.0.0
36: Address to listen for DAE messages from the RADIUS server.
37:
38: charon.plugins.eap-radius.dae.port = 3799
39: Port to listen for DAE requests.
40:
41: charon.plugins.eap-radius.dae.secret
42: Shared secret used to verify/sign DAE messages. If set, make sure to adjust
43: the permissions of the config file accordingly.
44:
45: charon.plugins.eap-radius.eap_start = no
46: Send EAP-Start instead of EAP-Identity to start RADIUS conversation.
47:
48: charon.plugins.eap-radius.filter_id = no
49: Use filter_id attribute as group membership information.
50:
51: If the RADIUS _tunnel_type_ attribute with value **ESP** is received, use
52: the _filter_id_ attribute sent in the RADIUS-Accept message as group
53: membership information that is compared to the groups specified in the
54: **rightgroups** option in **ipsec.conf**(5).
55:
56: charon.plugins.eap-radius.forward.ike_to_radius
57: RADIUS attributes to be forwarded from IKEv2 to RADIUS.
58:
59: RADIUS attributes to be forwarded from IKEv2 to RADIUS (can be defined by
60: name or attribute number, a colon can be used to specify vendor-specific
61: attributes, e.g. Reply-Message, or 11, or 36906:12).
62:
63: charon.plugins.eap-radius.forward.radius_to_ike =
64: Same as ike_to_radius but from RADIUS to IKEv2.
65:
66: Same as _charon.plugins.eap-radius.forward.ike_to_radius_ but from RADIUS to
67: IKEv2, a strongSwan specific private notify (40969) is used to transmit the
68: attributes.
69:
70: charon.plugins.eap-radius.id_prefix
71: Prefix to EAP-Identity, some AAA servers use a IMSI prefix to select the
72: EAP method.
73:
74: charon.plugins.eap-radius.nas_identifier = strongSwan
75: NAS-Identifier to include in RADIUS messages.
76:
77: charon.plugins.eap-radius.port = 1812
78: Port of RADIUS server (authentication).
79:
80: charon.plugins.eap-radius.secret =
81: Shared secret between RADIUS and NAS. If set, make sure to adjust the
82: permissions of the config file accordingly.
83:
84: charon.plugins.eap-radius.server =
85: IP/Hostname of RADIUS server.
86:
87: charon.plugins.eap-radius.retransmit_base = 1.4
88: Base to use for calculating exponential back off.
89:
90: charon.plugins.eap-radius.retransmit_timeout = 2.0
91: Timeout in seconds before sending first retransmit.
92:
93: charon.plugins.eap-radius.retransmit_tries = 4
94: Number of times to retransmit a packet before giving up.
95:
96: charon.plugins.eap-radius.servers {}
97: Section to specify multiple RADIUS servers.
98:
99: Section to specify multiple RADIUS servers. The **nas_identifier**,
100: **secret**, **sockets** and **port** (or **auth_port**) options can be
101: specified for each server. A server's IP/Hostname can be configured using
102: the **address** option. The **acct_port** [1813] option can be used to
103: specify the port used for RADIUS accounting. For each RADIUS server a
104: priority can be specified using the **preference** [0] option. The
105: retransmission time for each server can set set using **retransmit_base**,
106: **retransmit_timeout** and **retransmit_tries**.
107:
108: charon.plugins.eap-radius.sockets = 1
109: Number of sockets (ports) to use, increase for high load.
110:
111: charon.plugins.eap-radius.station_id_with_port = yes
112: Whether to include the UDP port in the Called- and Calling-Station-Id
113: RADIUS attributes.
114:
115: charon.plugins.eap-radius.xauth {}
116: Section to configure multiple XAuth authentication rounds via RADIUS.
117:
118: Section to configure multiple XAuth authentication rounds via RADIUS.
119: The subsections define so called authentication profiles with arbitrary
120: names. In each profile section one or more XAuth types can be configured,
121: with an assigned message. For each type a separate XAuth exchange will be
122: initiated and all replies get concatenated into the User-Password attribute,
123: which then gets verified over RADIUS.
124:
125: Available XAuth types are **password**, **passcode**, **nextpin**, and
126: **answer**. This type is not relevant to strongSwan or the AAA server, but
127: the client may show a different dialog (along with the configured message).
128:
129: To use the configured profiles, they have to be configured in the respective
130: connection in **ipsec.conf**(5) by appending the profile name, separated by
131: a colon, to the **xauth-radius** XAauth backend configuration in _rightauth_
132: or _rightauth2_, for instance, _rightauth2=xauth-radius:profile_.
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to eap-radius.opt CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / conf / plugins