freeradius and Cisco VPN IPSEC profiles authentication

Jevos, Peter Peter.Jevos at
Fri Nov 5 21:38:29 CET 2010


How can I skip to the second DEFAULT if the first DEFAULT doesn't pass ?

So if request comes from the and user doesn't pass through
authentication, it should be forwarded to another DEFAULT ( with the
vpn_auth_name authentication). 

Now it stops at the first DEFAULT


DEFAULT          Auth-Type := ntlm_auth_vpn, NAS-IP-Address ==

                 Tunnel-Type = "ESP",

                Tunnel-Private-Group-ID = "Group",

                 Tunnel-Password = "cisco",

                 Cisco-Avpair += "ipsec:dns-servers=",

                 Cisco-Avpair += "ipsec:addr-pool=vpn_pool",

                 Cisco-Avpair += "ipsec:inacl=101",

                 Cisco-Avpair += "ipsec:key-exchange=ike",

                 Cisco-Avpair += "ipsec:key-exchange=preshared-key",

                 Service-Type = Framed-User,

                 Framed-Protocol = PPP,


DEFAULT          Auth-Type := vpn_auth_name, NAS-IP-Address ==

                Service-Type = Framed-User,

                 Framed-Protocol = PPP,



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Freeradius-Users mailing list