Accomodate both RADIUS and pool IP addresses in IPsec. Issue #8160 #4194
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
fixed and tested copy of #3976: by @Amith211
What done:
From https://wiki.strongswan.org/projects/strongswan/wiki/VirtualIp#RADIUS-backend:
this is why we need increase the priority of eap-radius plugin by
$ssconf['charon']['plugins']['eap-radius']['load'] = "2";
see https://wiki.strongswan.org/projects/strongswan/wiki/PluginLoad:
removed line
$ssconf['starter']['config_file'] = "{$g['varetc_path']}/ipsec/ipsec.conf";
no such file
Fixed creating correct config file when using EAP-RADIUS without pool ( ipsec_setup_pools() used the ipsec.conf-style %radius)
p.s. as I found you can't see mobile clients that get their IP via RADIUS on the Status / IPsec/ Leases page (only under child sa), and their IPs are not added to the tonatsubnets table