Hi Alan,


err, no. you need to handle those fragmented packets. where is it failing, on your network or more
remotely?

Actually, it is not failing. I got a successful authentication I was only trying to avoid fragmentation if possible.

EAP-TLS places much larger demands on the packet sizes during AAA process....several hundred
bytes more than PEAP (which JUST ABOUT misses fragmentation in its current form from recent
memory)

Yes I know.

you've GOT to pass the certs....and if you're using a larger cert (chained etc) those packets
will be big.

Actually I don't see any problem in sending server certificate and the client its own client certificate. What I would like to do is to avoid sending CA certificate.

so....whos breaking the RFCs with respect to ICMP and pmtu?  ;-)

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html