PPTP and IPSEC/IKE1/2
WorkingMan
signup_mail2002 at yahoo.com
Sun Sep 22 18:35:36 CEST 2013
Alan DeKok <aland <at> deployingradius.com> writes:
>
> WorkingMan wrote:
> > I am wondering is it possible to configure one server using a single IP
to
> > handle PPTP/IPSEC <---> freeradius?
>
> Yes.
>
> > Does it make sense (or possible) to create
> > a virtual servers against PPTP and IPSEC separately?
>
> If you want. Read raddb/sites-available/README. It contains a lot of
> documentation on virtual servers, clients, and how they work together.
>
> > I am just wondering
> > what's the best practice. I don't want to increase number of hardware so
> > things can be segregated either.
>
> Uh... virtual servers don't require additional hardware.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>
>
So from what I gather I can make my VPN servers pointing to different ports
(in strongswan.conf) and have freeradius's listen{} pointing to matching
ports but I can keep the same IP for the virtual servers.
radius.conf:
listen {
ipaddr = 192.168.1.100
port = 49001
virtual_server = s_ipsec
}
listen {
ipaddr = 192.168.1.100
port 0 # use default
virtual_server = s_pptp
}
Does this look correct (or at least conceptually)? My test indicates
VPN/RADIUS are talking to each other.
Thanks,
More information about the Freeradius-Users
mailing list