From 794fa2206659457ba45c6f476ba8b162460cdaad Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sun, 25 Jul 2021 00:13:32 +0200 Subject: ipsec: T1210: add RADIUS authentication for remote-access IKEv2 VPN set vpn ipsec remote-access connection rw authentication client-mode 'eap-radius' set vpn ipsec remote-access connection rw authentication id '192.0.2.1' set vpn ipsec remote-access connection rw authentication server-mode 'x509' set vpn ipsec remote-access connection rw authentication x509 ca-certificate 'CAcert_Class_3_Root' set vpn ipsec remote-access connection rw authentication x509 certificate 'vyos' set vpn ipsec remote-access connection rw esp-group 'ESP-RW' set vpn ipsec remote-access connection rw ike-group 'IKE-RW' set vpn ipsec remote-access connection rw local-address '192.0.2.1' set vpn ipsec remote-access connection rw pool 'ra-rw-ipv4' set vpn ipsec remote-access connection rw unique 'never' set vpn ipsec remote-access pool ra-rw-ipv4 name-server '192.0.2.2' set vpn ipsec remote-access pool ra-rw-ipv4 prefix '192.168.22.0/24' set vpn ipsec remote-access radius nas-identifier 'fooo' set vpn ipsec remote-access radius server 172.16.100.10 key 'secret' --- interface-definitions/vpn_ipsec.xml.in | 23 +++++++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) (limited to 'interface-definitions') diff --git a/interface-definitions/vpn_ipsec.xml.in b/interface-definitions/vpn_ipsec.xml.in index 858adb13a..165fdfdf3 100644 --- a/interface-definitions/vpn_ipsec.xml.in +++ b/interface-definitions/vpn_ipsec.xml.in @@ -703,18 +703,22 @@ Client authentication mode - eap-tls eap-mschapv2 + eap-tls eap-mschapv2 eap-radius eap-tls - EAP-TLS + Client uses EAP-TLS authentication eap-mschapv2 - EAP-MSCHAPv2 + Client uses EAP-MSCHAPv2 authentication + + + eap-radius + Client uses EAP-RADIUS authentication - ^(eap-tls|eap-mschapv2)$ + ^(eap-tls|eap-mschapv2|eap-radius)$ eap-mschapv2 @@ -872,6 +876,17 @@ #include + #include + + + #include + + + #include + + + + -- cgit v1.2.3