radattr Plugin

Purpose

The radattr plugin for libcharon provides and prints RADIUS attributes forwarded via strongSwan specific, private IKEv2 notify payloads (40969).

The plugin is disabled by default and can be enabled with the ./configure option

--enable-radattr

Behavior

RADIUS attributes to be forwarded to a peer are defined in files named after the local EAP-Identity (or IKE-Identity) used during authentication. Received attributes are written to the log.

Configuration

The radattr plugin is configured using the following options in the charon.plugins.radattr section of strongswan.conf:

Key Default Description

Key	Default	Description
dir		Directory where RADIUS attributes are stored in client-ID specific files
message_id	`-1`	RADIUS attributes are added to all IKE_AUTH messages by default [`-1`] or only to the IKE_AUTH message with the given IKEv2 message ID

dir

Directory where RADIUS attributes are stored in client-ID specific files

message_id

-1

RADIUS attributes are added to all IKE_AUTH messages by default [-1] or only to the IKE_AUTH message with the given IKEv2 message ID

Attribute Files

The files stored in the directory configured with dir have to be named after the peers local EAP-Identity (or IKE-Identity). They contain the RADIUS attribute to be forwarded as binary blob.