On Apr 22, 2020, at 11:27 PM, Gleb Lisikh <in4bit.general@gmail.com> wrote:
Hello world!
Trying to enable EPA2 Enterprise authentication for a Cisco Meraki AP.
What end-user system are you using? Windows? Linux? The AP just copies EAP packets between the end-user system and the RADIUS server. The AP doesn't have anything to do with the EAP methods.
tls: TLS_accept: Error in SSLv2/v3 read client hello A (2) eap_peap: ERROR: Failed in __FUNCTION__ (SSL_read): error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
This is a magically unhelpful error from OpenSSL. There are many reason why it could happen. All of these reasons are related to TLS negotiation and/or certificate issues.
Any idea where I may need to start troubleshooting? I haven't touched Authentication at all from its original. Authorization is done through python3 and seems to be working just fine. By the way, exactly the same error occurs on a different freeradius server running 3.021
Then the issue is the end-user system. You can't debug an end-user system by looking at the RADIUS server. It's looking in entirely the wrong place. The RADIUS server is just telling you what the error is. The RADIUS server isn't *creating* the error. Alan DeKok.