PPTP and IPSEC/IKE1/2

WorkingMan signup_mail2002 at yahoo.com
Sun Sep 22 18:35:36 CEST 2013


Alan DeKok <aland <at> deployingradius.com> writes:

> 
> WorkingMan wrote:
> > I am wondering is it possible to configure one server using a single IP 
to 
> > handle PPTP/IPSEC <---> freeradius?
> 
>   Yes.
> 
> > Does it make sense (or possible) to create 
> > a virtual servers against PPTP and IPSEC separately?
> 
>   If you want.  Read raddb/sites-available/README.  It contains a lot of
> documentation on virtual servers, clients, and how they work together.
> 
> > I am just wondering 
> > what's the best practice. I don't want to increase number of hardware so 
> > things can be segregated either.
> 
>   Uh... virtual servers don't require additional hardware.
> 
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html
> 
> 


So from what I gather I can make my VPN servers pointing to different ports 
(in strongswan.conf) and have freeradius's listen{} pointing to matching 
ports but I can keep the same IP for the virtual servers.

radius.conf:
listen {
ipaddr = 192.168.1.100
port = 49001
virtual_server = s_ipsec
}

listen {
ipaddr = 192.168.1.100
port 0 # use default
virtual_server = s_pptp
}

Does this look correct (or at least conceptually)? My test indicates 
VPN/RADIUS are talking to each other.

Thanks,



More information about the Freeradius-Users mailing list