Hi,
-----Original Message----- From: Alan DeKok [mailto:aland@deployingradius.com] Sent: Wednesday, December 28, 2011 15:40 To: FreeRadius users mailing list [mailto:freeradius-users@lists.freeradius.org] Subject: Re: ppp and eap-tls
Alan wrote:
I now get the following error in my radius log on an auth attempt:
Error: TLS Alert write:fatal:decrypt error Error: TLS_accept: failed in SSLv3 read certificate verify B Error: rlm_eap: SSL error error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01 Error: SSL: SSL_read failed inside of TLS (-1), TLS session fails.
The client is broken.
Ok. The client is the build-in L2TP/IPSEC VPN client in MS Windows Vista
Now there's several issues: - I don't know what I changed which caused this behaviour (maybe an openssl update in Squeeze? Something changes in Windows Vista?)
No.
It used to work fine with this client (MS Windows Vista L2TP/IPsec client)
- the client certificates are valid (tested with openssl cli), and work fine when using for WPA auth - I don't really know what this error means - I can't find a solution for it. I've tried: 2048 bit (vs. 4096 bit) RSA certs and the extensions for XP for both the server and client certs
Again, the same certificates work fine for WPA auth
Which doesn't use certificates.
This statement is confusing! I'm using freeradius for EAP-TLS auth and set up the client for WPA2 enterprise with EAP-TLS. If this is not using certificates for authentication, then what is it using?
I hope someone can shed some light onto this issue, or how to pin down the exact cause of the 'rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01' error.
Find out which client it is. Mac? Windows?
MS Windows Vista, build-in L2TP/IPSEC client, ppp authentication set to EAP-TLS.
Alan DeKok.
Regards, Frank