TLS communication, EAP does not work
Alan DeKok
aland at deployingradius.com
Sun Jul 16 13:46:57 CEST 2017
On Jul 15, 2017, at 10:02 AM, Edelberto Franco <esilva at midiacom.uff.br> wrote:
>
> Updating this threat to our colleagues...
>
> Changing the parameter "fragment_size" in tls block on "sites-enable/tls" file, packets were sent and received by FR3 servers (using 756 - less than 1024).
> But it is not an absolute truth, sometimes packets are lost and authA not happens.
The TLS fragment size helps deal with EAPoL, where the ethernet MTU is less than 1536.
When sending TLS over TCP (i.e. radsec), there is no need for fragmentation, and no need for changing the fragment size.
My guess is that something else in the network is broken.
Alan DeKok.
More information about the Freeradius-Users
mailing list