Troubleshooting "TLS failed during operation" with EAP-TLS

Alan DeKok aland at
Thu Jun 4 22:47:18 CEST 2020

On Jun 4, 2020, at 2:14 PM, Michael Parks <mparks at> wrote:
> I am attempting to authenticate iPhone clients using the built in IPSEC client with a username/password. Configuration is a MikroTik router hosting the VPN, using a separate FreeRADIUS server on Ubuntu 18.04 for AAA.
> The iPhone seems to require EAP-TLS for this configuration. I've set up the appropriate CA, certificate, and private key, and verified that these all match up using OpenSSL (same modulus on the cert and key, -verify shows that the cert can be verified up to the installed CA cert)
> My current configuration results in a "ERROR: TLS failed during operation" message, and an authentication failure, whenever iPhone clients try to log in. No further information as to the precise nature of the TLS failure appears to be visible in the debug output.
> Speaking of which, here it is. The only actions taken were starting freeradius and attempting to log in with the iPhone:
> ---
> FreeRADIUS Version 3.0.17

  The short summary is upgrade to 3.0.21.  See for instructions.

  We've put minor tweaks in over the years to fix corner cases.  I suspect this is what you're running into here.

  Alan DeKok.

More information about the Freeradius-Users mailing list