I want to use ibsng (on centos 6) as a Radius server and manage my strongswan accounts (on centos 7).
https://wiki.strongswan.org/projects/strongswan/wiki/EapRadius
I made these settings and set up the IP server and secret.
ibsng (centos 6): https://sourceforge.net/projects/ibs/files/IBSng/
In ibsng, I created a new ras with this type of "pppd"
And I gave him the strongswan and secret server IP(which is the client).
Now when I want to login with a username and password, I get an error 691 from the Windows connection and it doesn't connect.
but is see user successfull connection log in ibsng
He writes the same in strongswan logs:
05 [ENC] parsed IKE_AUTH request 2 [EAP / RES / ID] 05 [IKE] received EAP identity 'test55' 05 [CFG] sending RADIUS Access-Request to server 'server-a' 05 [CFG] received RADIUS Access-Accept from server 'server-a' 05 [IKE] RADIUS authentication of 'test55' failed 05 [IKE] initiating EAP_RADIUS method failed 05 [ENC] generating IKE_AUTH response 2 [EAP / FAIL]
I Attached a complete log file called charon.log. The strongswan settings file is attached with the same name as well as the ipsec settings
ibsng:
In ibsng, the user is logged in and successfully and is displayed in the online users section for a few seconds or minutes!
But also in the ibsng log an error is recorded
Ibsng error:
IBSException: Attribute Acct-Output-Octets not found in request packet
(One of the most important mistakes that was all logged in
In the ibs_error, log file, of course, this error log is not currently included in the attached file.)
One thing I found out for myself is that this Attribute Acct-Output-Octets request is not exciting from the ikev2 client (strongswan) side, and ibs gives an error and throw exception, so the answer to the successful login is not sent to the stronswan client!
Important note :
I connected the same strongswan server to freeradius and it worked properly on the dalorius web interface!
But I want to use ibsng as a radius server.