I'm using the Profile Manager on OS X Server (Mavericks). I ran a script that imported our 20 users into Open Directory from CSV. I've configured Radius with EAP-TLS, and have set up 802.1x so that our WiFi APs and router authenticate with the Radius server.
I've generated a self-signed CA for Radius, and a client certificate for myself, using Keychain Access. I managed to export my client certificate, upload it to the Profile Manager web interface, upload the Radius server's trusted certificate, configure all the network settings as payloads, download and install my profile, and get connected to our WiFi.
Configure RADIUS in Mavericks Server
Download Zip: https://ssurll.com/2vzAT4
The server certificate is used by ClearPass to secure web (HTTPS) and authentication (RADIUS) traffic. It can be configured in Policy Manager under Administration Certificates Server Certificate.
In case of connection error, user shall check his 802.1X profiles. If there are some profiles containing information about the eduroam radius server authentication from past connection, they should be deleted. Instruction how to do this is presented in table below.
GNS3 is used by hundreds of thousands of network engineers worldwide to emulate, configure, test and troubleshoot virtual and real networks. GNS3 allows you to run a small topology consisting of only a few devices on your laptop, to those that have many devices hosted on multiple servers or even hosted in the cloud.
conn ios authby=xauthrsasig keyexchange=ikev1 fragmentation=yes left=10.106.33.72 leftcert=serverCert.pem leftsubnet=0.0.0.0/0 leftfirewall=yes right=%any rightsourceip=172.26.128.0/22 rightauth=pubkey rightauth2=xauth-radius eap_identity=%identity auto=add
I believe that StrongSwan is sending a radius stop accounting message as the user record gets updated with a accountStop time which is when rekeying occurs and I see in charon logs that a Radius message is sent to the Radius server. After that VPN goes down. The same IOS device with exactly the same configuration connects to a Cisco ASA and stays up for hours. I dont want the clients to be disconnected.I am attaching the log , All the IP's are replaced to "*.*.*.*" and Certification information is blanked.
2ff7e9595c
Comments