Setting up radsec proxy with Freeradius 3.0.15

Muhammad Farhan SJAUGI farhan at perdanauniversity.edu.my
Sat Aug 12 16:35:57 CEST 2017 

Hi,

In the recent development, finally I found the problem.

So the "failure" was due to the fragment_size option inside tls stanza was
"too small" (i.e. 1024).

According to the debug log, I found this statement:

"*Received packet will be too large! Set "fragment_size = 1071""*

I doubled the value to 2048 seems solved the problem.

Regards

--

*Muhammad Farhan SJAUGI, S.Kom. M.Sc. *

Head | Information Technology Dept. | Senior Lecturer | Centre for
Computing - Centre for Bioinformatics | School of Data Sciences

Perdana University | Block D1, MAEPS Building, MARDI Complex, Jalan MAEPS
Perdana, Serdang 43400, Selangor D.E. Malaysia

Tel: (60) 3-89418646 (ext: 197) GMT+8h | Fax: (65) 3-89417661 | Email:
farhan at perdanauniversity.edu.my

Homepage:
http://perdanauniversity.edu.my/pusps/programmes/bioinformatics/our-team/muhammad-farhan-sjaugi/



<fhn at cbcommunity.or.id>

On Wed, Aug 9, 2017 at 1:04 AM, Alex Sharaz <alex.sharaz at york.ac.uk> wrote:

> Hi
> I'm using both FR 3.0.15 + radsecproxy and FR 3.0.15 with internal radsec
> support . I'm on holiday at the moment  it can send u details when I get
> back to work on 21st.
> A
>
> Sent from my iPhone 6 plus
>
> > On 8 Aug 2017, at 18:51, Muhammad Farhan SJAUGI <
> farhan at perdanauniversity.edu.my> wrote:
> >
> > Greetings,
> >
> > Currently I am working on "migrating" our radius proxy server from
> > radsecproxy to freeradius 3.0.15 with radsec. At the client side,
> majority
> > of them are using radsecproxy+freeradius 2.2.9.
> >
> > Connection from the radius proxy via radius port (1812)/non-radsec works
> > well. However, if we change the connection from the radius proxy via
> radsec
> > it doesn't work.
> >
> > Below is the error message from the proxy server's log (full debug log
> > attached):
> >
> > (1) eap: ERROR: rlm_eap (EAP): No EAP session matching state
> > 0xcacb836ecaca9624
> > (1) eap: Either EAP-request timed out OR EAP-response to an unknown
> > EAP-request
> > (1) eap: Failed to get handler, probably already removed, not inserting
> > EAP-Failure
> >
> > ​, while at the client side (full debug log attached):
> >
> > rlm_eap: No EAP session matching the State variable.
> > [eap] Either EAP-request timed out OR EAP-response to an unknown
> EAP-request
> > [eap] Failed in handler
> > ++[eap] = invalid
> > +} # group authenticate = invalid
> >
> > ​I used eapol_test to test the authentication​.
> >
> > I there anyone faced similar problem before? if yes, would you mind to
> > share the solution?
> >
> > Regards
> >
> > --
> >
> > *Muhammad Farhan SJAUGI, S.Kom. M.Sc. *
> >
> > Head | Information Technology Dept. | Senior Lecturer | Centre for
> > Computing - Centre for Bioinformatics | School of Data Sciences
> >
> > Perdana University | Block D1, MAEPS Building, MARDI Complex, Jalan MAEPS
> > Perdana, Serdang 43400, Selangor D.E. Malaysia
> >
> > Tel: (60) 3-89418646 (ext: 197) GMT+8h | Fax: (65) 3-89417661 | Email:
> > farhan at perdanauniversity.edu.my
> >
> > Homepage:
> > http://perdanauniversity.edu.my/pusps/programmes/
> bioinformatics/our-team/muhammad-farhan-sjaugi/
> >
> >
> >
> > <fhn at cbcommunity.or.id>
> >
> > --
> > DISCLAIMER: This e-mail and any files transmitted with it ("Message") is
> > intended only for the use of the recipient(s) named above and may contain
> > confidential information. You are hereby notified that the taking of any
> > action in reliance upon, or any review, retransmission, dissemination,
> > distribution, printing or copying of this Message or any part thereof by
> > anyone other than the intended recipient(s) is strictly prohibited. If
> you
> > have received this Message in error, you should delete this Message
> > immediately and advise the sender by return e-mail. Opinions, conclusions
> > and other information in this Message that do not relate to the official
> > business of Perdana University shall be understood as neither given nor
> > endorsed by any of the forementioned.
> > <radius client.txt>
> > <radius proxy.txt>
> > -
> > List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html

-- 
DISCLAIMER: This e-mail and any files transmitted with it ("Message") is 
intended only for the use of the recipient(s) named above and may contain 
confidential information. You are hereby notified that the taking of any 
action in reliance upon, or any review, retransmission, dissemination, 
distribution, printing or copying of this Message or any part thereof by 
anyone other than the intended recipient(s) is strictly prohibited. If you 
have received this Message in error, you should delete this Message 
immediately and advise the sender by return e-mail. Opinions, conclusions 
and other information in this Message that do not relate to the official 
business of Perdana University shall be understood as neither given nor 
endorsed by any of the forementioned.

More information about the Freeradius-Users mailing list