我配置了 StrongSwan + 和 Let's Encrypt ssl 工作正常,但当我将其连接到 FreeRadius 服务器时,我在 4 个响应中收到错误,并且客户端收到错误user authentication failed
13[NET] received packet: from 5.212.174.225[4500] to 134.119.183.101[4500] (144 bytes)
13[ENC] parsed IKE_AUTH request 4 [ EAP/RES/MSCHAPV2 ]
13[CFG] sending RADIUS Access-Request to server 'server-a'
06[MGR] ignoring request with ID 4, already processing
13[CFG] received RADIUS Access-Reject from server 'server-a'
13[IKE] RADIUS authentication of '111' failed
13[IKE] EAP method EAP_MSCHAPV2 failed for peer 102.127.111.2
13[ENC] generating IKE_AUTH response 4 [ EAP/FAIL ]
和我的 ipsec.conf
config setup
strictcrlpolicy=yes
uniqueids=never
conn roadwarrior
auto=add
compress=no
type=tunnel
keyexchange=ikev2
fragmentation=yes
forceencaps=yes
ike=aes256-sha1-modp1024,aes256gcm16-sha256-ecp521,aes256-sha256-ecp384
esp=aes256-sha1,aes128-sha256-modp3072,aes256gcm16-sha256,aes256gcm16-ecp384
dpdaction=clear
dpddelay=180s
rekey=no
left=%any
[email protected]
leftcert=cert.pem
leftsendcert=always
leftsubnet=0.0.0.0/0
right=%any
rightid=%any
rightauth=eap-radius # this uses radius authentication
# rightauth=eap-mschapv2
eap_identity=%any
rightdns=8.8.8.8,8.8.4.4
rightsourceip=10.10.10.0/24
rightsendcert=never
我的 ipsec.secret
ikev2.raway.net : RSA "privkey.pem"
我的 strongswan.conf
charon {
load_modular = yes
plugins {
include strongswan.d/charon/*.conf
eap-radius {
accounting = yes
servers {
server-a {
address = 134.119.183.102
secret = Ramin
auth_port = 1812 # default
acct_port = 1813 # default
}
}
}
}
include strongswan.d/*.conf
}