Добрый вечер. Подскажите, у меня в конфигурации за VPN (strongswan ikev2) сервером несколько АД (на Samba4). Я разделяю по DNS подключения к серверу. Мне нужно, чтобы один конфиг подключался к одному Radius серверу, второй конфиг к другому.
Конфиг /etc/ipsec.conf
config setup
charondebug = "ike 1, knl 0, cfg 0"
uniqueids = never
conn swan.domain.ru
auto = add
compress = no
type = tunnel
keyexchange = ikev2
fragmentation = yes
forceencaps = yes
dpdaction = clear
dpddelay = 300s
rekey = no
left = %defaultroute
leftid = @swan.domain.ru
leftcert = /etc/letsencrypt/live/swan.domain.ru/fullchain.pem
leftsendcert = always
leftsubnet = 0.0.0.0/0
right = %any
rightid = %any
rightauth = eap-radius
#rightauth = eap-mschapv2
rightsourceip = 10.18.20.0/24
rightdns = 10.18.18.10
rightsendcert = never
eap_identity = %identity
ike = aes256-sha256-modp2048,aes128-sha1-modp1024,3des-sha1-modp1024!
esp = aes256-sha256,aes128-sha1,3des-sha1!
dpdaction = restart
conn s35.domain.ru
auto = add
compress = no
type = tunnel
keyexchange = ikev2
fragmentation = yes
forceencaps = yes
dpdaction = clear
dpddelay = 300s
rekey = no
left = %defaultroute
leftid = @s35.domain.ru
leftcert = /etc/letsencrypt/live/s35.domain.ru/fullchain.pem
leftsendcert = always
leftsubnet = 10.18.18.101/32, 10.18.18.10/32
right = %any
rightid = %any
rightauth = eap-radius
#rightauth = eap-mschapv2
rightsourceip = 10.18.22.0/24
rightdns = 10.18.18.10
rightsendcert = never
eap_identity = %identity
ike = aes256-sha256-modp2048,aes128-sha1-modp1024,3des-sha1-modp1024!
esp = aes256-sha256,aes128-sha1,3des-sha1!
dpdaction = restart
Конфиг /etc/strongswan.conf
charon {
load_modular = yes
plugins {
include strongswan.d/charon/*.conf
eap-radius {
servers {
server-a {
accounting = yes
secret = password
address = 10.18.18.101
auth_port = 1812
acct_port = 1813
}
}
}
}
}
include strongswan.d/*.conf
Простой
Средний
