# opnsense-patch dfd48d2
pkg install -f opnsense
opnsense-patch acdf14eopnsense-patch a4d157d opnsense-patch dfd48d2
opnsense-patch acdf14eopnsense-patch a4d157dopnsense-patch dfd48d2
Mar 28 11:13:25 hbc-gw01 charon: 10[CFG] <mobileIPv4-ike2-Employees|2> selected peer config 'mobileIPv4-ike2-Employees'...Mar 28 11:13:25 hbc-gw01 charon: 10[CFG] <mobileIPv4-ike2-Employees|7> sending RADIUS Access-Request to server 'addc1'Mar 28 11:13:25 hbc-gw01 charon: 10[CFG] <mobileIPv4-ike2-Employees|7> received RADIUS Access-Accept from server 'addc1'Mar 28 11:13:25 hbc-gw01 charon: 10[CFG] <mobileIPv4-ike2-Employees|7> received group membership 'Admins' from RADIUSMar 28 11:13:25 hbc-gw01 charon: 10[CFG] <mobileIPv4-ike2-Employees|7> reassigning offline lease to 'acme\admin'
config setup uniqueids = neverconn mobileIPv4-ike2 aggressive = no fragmentation = yes keyexchange = ikev2 mobike = yes reauth = yes rekey = yes forceencaps = yes installpolicy = yes type = tunnel dpdaction = clear dpddelay = 10s dpdtimeout = 60s left = X.X.X.X right = %any leftid = vpn.gateway.local ikelifetime = 28800s lifetime = 3600s rightsourceip = 172.16.0.0/24# See https://wiki.strongswan.org/projects/strongswan/wiki/SecurityRecommendations ike = aes256-sha256-modp2048,aes256-sha256-ecp256,aes128-sha256-modp2048! esp = aes256-sha256-modp2048,aes256-sha256-ecp256,aes128-sha256-modp2048! leftauth = pubkey rightauth = eap-radius rightsendcert = never eap_identity = %any leftcert = /usr/local/etc/ipsec.d/certs/cert-1.crt leftsendcert = always reqid = 1000conn mobileIPv4-ike2-Employees also = mobileIPv4-ike2 rightgroup = "Employees" rightsourceip = 172.16.0.0/24 leftsubnet = 0.0.0.0/0 auto = addconn mobileIPv4-ike2-Admins also = mobileIPv4-ike2 rightgroup = "Admins" rightsourceip = 172.17.0.0/24 leftsubnet = 0.0.0.0/0 auto = add
starter { load_warning = no}charon { cisco_unity = yes plugins { eap-radius { servers { addc1 { address = X.X.X.X secret = "2secret" auth_port = 1812 acct_port = 1813 } } accounting = yes # Activate passing the radius class attribute as rightgroup class_group = yes } }}
I thing the missing s is the problem here...