EAP-TLS eapol_test on a remote server
Alan DeKok
aland at deployingradius.com
Thu Apr 22 19:44:45 CEST 2021
On Apr 22, 2021, at 12:42 PM, Emile Swarts <emile.swarts123 at gmail.com> wrote:
>
> Thanks for the quick reply Alan. Really helps narrow it down.
> I forgot to mention, I am seeing "Fragmented IP protocol" packets in the
> capture, which seems to correspond to each of the Access-Requests.
> Could this have something to do with MTU configuration of Freeradius?
It's a network MTU issue. The UDP packets are too large, and the network fragments them. UDP packet fragmentation really doesn't work well across the wider internet.
The solution is to use a VPN which doesn't fragment the packets. Or, use RADIUS over TLS. The "stunnel" utility may help here.
You can change "fragment_size" in mods-enabled/eap. Lower it to 600 or so, and might will help. But it's not a *fix* for the problem.
The best solution is to use a network which doesn't fragment the packets.
Alan DeKok.
More information about the Freeradius-Users
mailing list