freeradius retransmit of EAP-TTLS start packet with incorrect packet id

list at securew2.com list at securew2.com
Mon Nov 19 17:54:02 CET 2012


Hi Alan,

it still seems strange that it would respond with a packet id that was
never sent by the client. I guess this could only happen if the AP somehow
thought it should retransmit the identity request.

I am hoping the radius server logs will help so i can see the missing
packet causing freeradius to increment the packet id.

Thanks,

Tom

> list at securew2.com wrote:
>> Furthermore this does not happen all the time leading me to believe this
>> might be a retransmit issue between the access point and freeradius,
>> maybe
>> during high load.
>
>   That's likely.  And since it's EAP retransmit after a long time, odds
> are that the RADIUS packet isn't retransmitted.
>
>   It's a brand new RADIUS packet, which means that the RADIUS layer
> duplicate detection doesn't work.   Which means that the EAP packet is
> processed again.
>
>   I suspect that there's very little you can do about it.
>
>   There are patches going into 3.0 which will detect RADIUS retransmits
> over multiple proxy hops.  That is a rare case, but more likely in the
> case of eduroam.  Fixing it is good.
>
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>




More information about the Freeradius-Users mailing list