eap-radius { # Send RADIUS accounting information to RADIUS servers. # accounting = no # Close the IKE_SA if there is a timeout during interim RADIUS accounting # updates. # accounting_close_on_timeout = yes # If enabled, accounting is disabled unless an IKE_SA has at least one # virtual IP. # accounting_requires_vip = no # Use class attributes in RADIUS-Accept messages as group membership # information. # class_group = no # Closes all IKE_SAs if communication with the RADIUS server times out. If # it is not set only the current IKE_SA is closed. # close_all_on_timeout = no # Send EAP-Start instead of EAP-Identity to start RADIUS conversation. # eap_start = no # Use filter_id attribute as group membership information. # filter_id = no # Prefix to EAP-Identity, some AAA servers use a IMSI prefix to select the # EAP method. # id_prefix = # Whether to load the plugin. Can also be an integer to increase the # priority of this plugin. load = yes # NAS-Identifier to include in RADIUS messages. # nas_identifier = strongSwan # Port of RADIUS server (authentication). # port = 1812 # Shared secret between RADIUS and NAS. If set, make sure to adjust the # permissions of the config file accordingly. # secret = # IP/Hostname of RADIUS server. # server = # Number of sockets (ports) to use, increase for high load. # sockets = 1 dae { # Enables support for the Dynamic Authorization Extension (RFC 5176). # enable = no # Address to listen for DAE messages from the RADIUS server. # listen = 0.0.0.0 # Port to listen for DAE requests. # port = 3799 # Shared secret used to verify/sign DAE messages. If set, make sure to # adjust the permissions of the config file accordingly. # secret = } forward { # RADIUS attributes to be forwarded from IKEv2 to RADIUS. # ike_to_radius = # Same as ike_to_radius but from RADIUS to IKEv2. # radius_to_ike = } # Section to specify multiple RADIUS servers. servers { } # Section to configure multiple XAuth authentication rounds via RADIUS. xauth { } }