radattr Plugin


The radattr plugin for libcharon provides and prints RADIUS attributes forwarded via strongSwan specific, private IKEv2 notify payloads (40969).

The plugin is disabled by default and can be enabled with the ./configure option



RADIUS attributes to be forwarded to a peer are defined in files named after the local EAP-Identity (or IKE-Identity) used during authentication. Received attributes are written to the log.


The radattr plugin is configured using the following options in the charon.plugins.radattr section of strongswan.conf:

Key Default Description


Directory where RADIUS attributes are stored in client-ID specific files



RADIUS attributes are added to all IKE_AUTH messages by default [-1] or only to the IKE_AUTH message with the given IKEv2 message ID

Attribute Files

The files stored in the directory configured with dir have to be named after the peers local EAP-Identity (or IKE-Identity). They contain the RADIUS attribute to be forwarded as binary blob.