Hi,
We're piloting RadSec as a federation server uplink. They use Radiator. When we first attempted to connect we'd get a "Received packet will be too large!" carp from main/tls.c. They checked on their end and say they have no fragment size option for RadSec TLS connections, only for EAP-TLS connections.
So we applied the below as a test and it works, but I was wondering as to the wisdom of it...
interesting....a RADSEC packet can be much bigger than that too - 2048 gives some room for a big certificate - but not if its double-chained with intermediate and its got a nice security size instead of being a little 512bit RSA one. typically EAP-TLS can be fragmented on the server due to it going through to the end-clients ..and being UDP things get a little nasty...whereas with RADSEC theres no reason why a single TCP request couldnt be quite large and needing to be fragmented by the routers.... alan