FreeRADIUS 3.2.8 with EAP-FAST: MS-CHAP2-Response is incorrect
Hi FreeRADIUS: I've compiled/installed FreeRADIUS 3.2.8 on Ubuntu 24.04 (Linux 6.8.0 and OpenSSL 3.0.13), and it gives the attached "MS-CHAP2 Response is incorrect" error during inner tunnel negotiation in Phase 0 (PAC file creation) of EAP-FAST. Upgrading the Linux kernel to 6.16 and OpenSSL 3.0.16 gives the same result. Compiling the latest FreeRADIUS 3.2.x branch head (3.2.9 dev) as of a few days ago also gives the same result. Note that EAP-PEAP/MSCHAPV2 works fine (log also attached) on the identical supplicant / authenticator / authentication server platform. The supplicant is also on a Ubuntu 24.04 platform (OpenSSL 3.0.13), running the latest snapshot of wpa_supplicant, and TLS 1.3 has been confirmed working with EAP-PEAP when tls_max is set to 1.3 in FreeRADIUS on the authentication server. Supplicant version: dbland@NUC13-Linux2:~$ wpa_supplicant -v wpa_supplicant v2.12-devel-20251221-hostap_2_11-1307-g3ea5c0df5+ Copyright (c) 2003-2024, Jouni Malinen <j@w1.fi> and contributors dbland@NUC13-Linux2:~$ Supplicant EAP-FAST configuration: network={ ssid="asus6e_5" proto=RSN key_mgmt=WPA-EAP bgscan="simple:5:-70:60" eap=FAST identity="bob_loblaw" anonymous_identity="FAST-123456789012" password="password" phase1="fast_provisioning=1" phase2="auth=MSCHAPV2" pac_file="/home/dbland/certs_nuc13/bob_loblaw.pac" } Background: Recent Ubuntu versions have forcibly disabled TLS 1.0 and TLS 1.1, and EAP-FAST support with TLS 1.2 was first introduced in FreeRADIUS 3.2.8. However, the FreeRADIUS package version bundled with Ubuntu 24.04 is version 3.2.5, and version 3.2.7 with Ubuntu 25.10. This unfortunately leaves a gap in EAP-FAST support. Until a newer FreeRADIUS package is available on Ubuntu, compiling the 3.2.8 source seems to be the only option in order to support BOTH TLS 1.3 with EAP-PEAP and TLS 1.2 with EAP-FAST. Any further troubleshooting suggestions? From reading the mailing list archives, I've seen this EAP-FAST issue pop up a few times in the past on earlier 3.0.x versions, but with no resolution. Best regards, Dennis Bland
On Jan 4, 2026, at 11:16 PM, Dennis Bland <dennis@dbperformance.com> wrote:
I've compiled/installed FreeRADIUS 3.2.8 on Ubuntu 24.04 (Linux 6.8.0 and OpenSSL 3.0.13), and it gives the attached "MS-CHAP2 Response is incorrect" error during inner tunnel negotiation in Phase 0 (PAC file creation) of EAP-FAST. Upgrading the Linux kernel to 6.16 and OpenSSL 3.0.16 gives the same result. Compiling the latest FreeRADIUS 3.2.x branch head (3.2.9 dev) as of a few days ago also gives the same result.
Hmm... OK. I just tried it, I'm seeing the same thing. I'm not sure what changed.
Note that EAP-PEAP/MSCHAPV2 works fine (log also attached) on the identical supplicant / authenticator / authentication server platform.
Unfortunately, PEAP is infinitely simpler than EAP-FAST.
The supplicant is also on a Ubuntu 24.04 platform (OpenSSL 3.0.13), running the latest snapshot of wpa_supplicant, and TLS 1.3 has been confirmed working with EAP-PEAP when tls_max is set to 1.3 in FreeRADIUS on the authentication server.
Yes. PEAP has been updated for TLS 1.3: https://www.rfc-editor.org/rfc/rfc9427.html EAP-FAST was also updated for TLS 1.3, but 3.2.x doesn't support that yet. In part because the major supplicants don't support it.
Background: Recent Ubuntu versions have forcibly disabled TLS 1.0 and TLS 1.1, and EAP-FAST support with TLS 1.2 was first introduced in FreeRADIUS 3.2.8. However, the FreeRADIUS package version bundled with Ubuntu 24.04 is version 3.2.5, and version 3.2.7 with Ubuntu 25.10. This unfortunately leaves a gap in EAP-FAST support. Until a newer FreeRADIUS package is available on Ubuntu, compiling the 3.2.8 source seems to be the only option in order to support BOTH TLS 1.3 with EAP-PEAP and TLS 1.2 with EAP-FAST.
It's apparently hard for Ubuntu to use a version of FreeRADIUS which was released in the last few years. <sigh> If you want updated packages, you can get update packages from: https://packages.inkbridgenetworks.com/. They're free, and up to date.
Any further troubleshooting suggestions? From reading the mailing list archives, I've seen this EAP-FAST issue pop up a few times in the past on earlier 3.0.x versions, but with no resolution.
Try the updated packages as above. But until I have time for some more in-depth testing, I'm not sure what's going on. A quick check shows the same issue, even when TLS 1.1 is used. If you have a little bit of time to spare, perhaps try the EAP-FAST tests using various versions of the server. I know it worked at one point, so I don't know why or when it stopped working. Alan DeKok.
On Jan 5, 2026, at 6:10 AM, Alan DeKok <alan.dekok@inkbridge.io> wrote:
Hmm... OK. I just tried it, I'm seeing the same thing. I'm not sure what changed.
After a quick look, it seems to be an OpenSSL issue. For some reason, the SHA256 code in OpenSSL isn't doing its job. Tracking that down will be more work. You might be able to fix it by updating the cipher_list to include SECLEVEL=1? That might re-enable SHA256. Alan DeKok.
On Thu, Jan 8, 2026 at 4:19 PM Alan DeKok via Freeradius-Users <freeradius-users@lists.freeradius.org> wrote:
On Jan 5, 2026, at 6:10 AM, Alan DeKok <alan.dekok@inkbridge.io> wrote:
Hmm... OK. I just tried it, I'm seeing the same thing. I'm not sure what changed.
After a quick look, it seems to be an OpenSSL issue.
For some reason, the SHA256 code in OpenSSL isn't doing its job. Tracking that down will be more work.
You might be able to fix it by updating the cipher_list to include SECLEVEL=1? That might re-enable SHA256.
Alan DeKok.
Thanks Alan, I will try changing SECLEVEL=0 to SECLEVEL=1 and let you know my results. I agree that it appears to be an OpenSSL issue. EAP-FAST on FreeRADIUS 3.2.8 does appear to work with Ubuntu 18.04 (OpenSSL 1.1.1), but does not work with Ubuntu 24.04 (OpenSSL 3.0.13 or 3.0.16). Of course, it's risky and impractical to downgrade OpenSSL on Ubuntu 24.04 due to the large number of application and toolchain dependencies.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Jan 9, 2026, at 12:32 AM, Dennis Bland <dennis@dbperformance.com> wrote:
Thanks Alan, I will try changing SECLEVEL=0 to SECLEVEL=1 and let you know my results.
I've pushed some changes which should help. They address differences in the APIs between OpenSSL 1.x and OpenSSL 3. You'll have to build it from source, but I think now it should work. Alan DeKok.
On Fri, Jan 9, 2026 at 2:24 PM Alan DeKok <alan.dekok@inkbridge.io> wrote:
On Jan 9, 2026, at 12:32 AM, Dennis Bland <dennis@dbperformance.com> wrote:
Thanks Alan, I will try changing SECLEVEL=0 to SECLEVEL=1 and let you know my results.
I've pushed some changes which should help. They address differences in the APIs between OpenSSL 1.x and OpenSSL 3.
You'll have to build it from source, but I think now it should work.
Alan DeKok.
Thanks again Alan. I will test it out and report back. Best regards, Dennis
On Fri, Jan 9, 2026 at 12:02 PM Dennis Bland <dennis@dbperformance.com> wrote:
On Fri, Jan 9, 2026 at 2:24 PM Alan DeKok <alan.dekok@inkbridge.io> wrote:
On Jan 9, 2026, at 12:32 AM, Dennis Bland <dennis@dbperformance.com>
wrote:
Thanks Alan, I will try changing SECLEVEL=0 to SECLEVEL=1 and let you know my results.
I've pushed some changes which should help. They address differences in the APIs between OpenSSL 1.x and OpenSSL 3.
You'll have to build it from source, but I think now it should work.
Alan DeKok.
Thanks again Alan. I will test it out and report back.
Best regards,
Dennis
Hi Alan, I was finally able to confirm your EAP-FAST fix for OpenSSL 3.0.x works with TLS 1.2. Thanks! This fix addresses issue 5706: https://github.com/FreeRADIUS/freeradius-server/issues/5706 Log file is attached, which includes the PAC file creation phase and expected EAP failure to force a new authentication with the PAC file. I also confirmed EAP-PEAP/MSCHAPv2 continues to work. Best regards, Dennis Bland
On Jan 15, 2026, at 9:35 PM, Dennis Bland <dennis@dbperformance.com> wrote:
Hi Alan, I was finally able to confirm your EAP-FAST fix for OpenSSL 3.0.x works with TLS 1.2. Thanks! This fix addresses issue 5706:
https://github.com/FreeRADIUS/freeradius-server/issues/5706
Log file is attached, which includes the PAC file creation phase and expected EAP failure to force a new authentication with the PAC file. I also confirmed EAP-PEAP/MSCHAPv2 continues to work.
Thanks! That feedback helps. Alan DeKok.
participants (2)
-
Alan DeKok -
Dennis Bland