Alan DeKok <aland <at> deployingradius.com> writes: > > WorkingMan wrote: > > I am wondering is it possible to configure one server using a single IP to > > handle PPTP/IPSEC <---> freeradius? > > Yes. > > > Does it make sense (or possible) to create > > a virtual servers against PPTP and IPSEC separately? > > If you want. Read raddb/sites-available/README. It contains a lot of > documentation on virtual servers, clients, and how they work together. > > > I am just wondering > > what's the best practice. I don't want to increase number of hardware so > > things can be segregated either. > > Uh... virtual servers don't require additional hardware. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > >
So from what I gather I can make my VPN servers pointing to different ports (in strongswan.conf) and have freeradius's listen{} pointing to matching ports but I can keep the same IP for the virtual servers. radius.conf: listen { ipaddr = 192.168.1.100 port = 49001 virtual_server = s_ipsec } listen { ipaddr = 192.168.1.100 port 0 # use default virtual_server = s_pptp } Does this look correct (or at least conceptually)? My test indicates VPN/RADIUS are talking to each other. Thanks, - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html