Добрый день! Пытаюсь настроить вышеозначенную связку, однако, при попытке соединения, в логе strongswan:
Apr 1 10:54:27 vpn strongswan: 09[NET] received packet: from 192.168.23.254[4500] to 192.168.23.168[4500] (92 bytes)
Apr 1 10:54:27 vpn charon: 09[CFG] 48: 65 76 32 2D 6F 73 78 04 06 C0 A8 17 A8 1E 16 31 ev2-osx........1
Apr 1 10:54:27 vpn charon: 09[CFG] 64: 39 32 2E 31 36 38 2E 32 33 2E 31 36 38 5B 34 35 92.168.23.168[45
Apr 1 10:54:27 vpn charon: 09[CFG] 80: 30 30 5D 1F 16 31 39 32 2E 31 36 38 2E 32 33 2E 00]..192.168.23.
Apr 1 10:54:27 vpn charon: 09[CFG] 96: 32 35 34 5B 34 35 30 30 5D 4F 0B 02 00 00 09 01 254[4500]O......
Apr 1 10:54:27 vpn charon: 09[CFG] 112: C0 A8 17 FE 20 05 76 70 6E 50 12 2A A3 60 37 EF .... .vpnP.*.`7.
Apr 1 10:54:27 vpn charon: 09[CFG] 128: 53 E6 11 B9 FB 79 BB 94 6F E5 67 S....y..o.g
Apr 1 10:54:27 vpn charon: 09[CFG] received RADIUS Access-Reject from server '192.168.10.2'
Apr 1 10:54:27 vpn charon: 09[CFG] => 44 bytes @ 0x7f5b500009e0
Apr 1 10:54:27 vpn charon: 09[CFG] 0: 03 6B 00 2C E9 AE 3A C6 E6 52 DC 7E 09 72 75 35 .k.,..:..R.~.ru5
Apr 1 10:54:27 vpn charon: 09[CFG] 16: 92 99 C1 10 4F 06 04 00 00 04 50 12 B3 CF D5 02 ....O.....P.....
Apr 1 10:54:27 vpn charon: 09[CFG] 32: C7 5C 2C 83 1E 5F 1C B1 AC 39 32 C4 .\,.._...92.
Apr 1 10:54:27 vpn charon: 09[IKE] RADIUS authentication of '192.168.23.254' failed
Apr 1 10:54:27 vpn charon: 09[IKE] initiating EAP_RADIUS method failed
Apr 1 10:54:27 vpn charon: 09[ENC] generating IKE_AUTH response 2 [ EAP/FAIL ]
Apr 1 10:54:27 vpn charon: 09[NET] sending packet: from 192.168.23.168[4500] to 192.168.23.254[4500] (76 bytes)
Apr 1 10:54:27 vpn charon: 09[IKE] IKE_SA ikev2-osx[2] state change: CONNECTING => DESTROYING
То есть, режет радиус, поскольку IOS пихает в качестве identity свой ip адрес. Как побороть? ipsec.conf:
config setup
strictcrlpolicy=yes
# uniqueids = no
charondebug=" dmn 1, mgr 1, ike 2, chd 1, job 1, cfg 3, knl 2, net 2,enc 1, lib 1"
conn %default
ike=aes256-sha1-modp1024,aes128-sha1-modp1024,3des-sha1-modp1024!
esp=aes256-sha256,aes256-sha1,3des-sha1!
left=%any
leftauth=pubkey
leftcert=vpn.crt
leftsubnet=0.0.0.0/0
rightsourceip=%dhcp
mobike=no
leftsendcert=always
eap_identity=%identity
rekey=no
reauth=no
fragmentation=yes
dpdaction=clear
conn ikev2-osx
keyexchange=ikev2
leftid="vpn.domain.com"
rightauth=eap-radius
auto=add