Hi, may somebody advice, please i have:
uname
FreeBSD 8.1-RELEASE amd64
radiusd -v
radiusd: FreeRADIUS Version 2.1.10, for host amd64-portbld-freebsd8.1, built on Apr 4 2011 at 22:44:15 radiusd configured with EAP-TLS only and works fine with xNIX-es, WinXP, Android and Maemo with Symbian (Nokia E51, E52) i face much weird picture ... the same device works fine (getting authorized well) via one AP in my LAN and remote VPN, but receiving !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !! EAP session for state ... did not finish! !! Please read http://wiki.freeradius.org/Certificate_Compatibility !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! via another AP (in remote VPN, while other OS still authorized well) AP are the same models and configured the same way what can cause this behaviour? -- Zeus V. Panchenko IT Dpt., IBS ltd GMT+2 (EET)
W dniu 2011-04-10 11:08, Zeus V Panchenko pisze:
Hi,
may somebody advice, please
i have:
uname FreeBSD 8.1-RELEASE amd64
radiusd -v radiusd: FreeRADIUS Version 2.1.10, for host amd64-portbld-freebsd8.1, built on Apr 4 2011 at 22:44:15
radiusd configured with EAP-TLS only and works fine with xNIX-es, WinXP, Android and Maemo
with Symbian (Nokia E51, E52) i face much weird picture ...
the same device works fine (getting authorized well) via one AP in my LAN and remote VPN, but receiving
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !! EAP session for state ... did not finish! !! Please read http://wiki.freeradius.org/Certificate_Compatibility !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
via another AP (in remote VPN, while other OS still authorized well)
AP are the same models and configured the same way
what can cause this behaviour?
Have you installed the CA certificate on the phones?? You can check it propably somewhere in Menu-> Settings -> Phone -> Phone management -> Security -> Certificates management. For example in Nokia 5800 there are only VeriSign's CA certs installed by default. Daniel
Daniel Deptuła (daniel.deptula@gmail.com) [11.04.10 14:16] wrote:
... the same device works fine (getting authorized well) via one AP in my LAN and remote VPN, but receiving ...
Have you installed the CA certificate on the phones?? You can check it propably somewhere in Menu-> Settings -> Phone -> Phone management -> Security -> Certificates management. For example in Nokia 5800 there are only VeriSign's CA certs installed by default.
as written above, *the_same_device* with *the_same_certificates_(CA_and_personal)* works via one AP but not via another ... it worth to be mentioned, that as it written, the last packet from radiusd is challenge after what "EAP session for state ... did not finish!" appears ... while other OS-es works perfectly in any point. -- Zeus V. Panchenko IT Dpt., IBS ltd GMT+2 (EET)
W dniu 2011-04-10 14:25, Zeus V Panchenko pisze:
Daniel Deptuła (daniel.deptula@gmail.com) [11.04.10 14:16] wrote:
... the same device works fine (getting authorized well) via one AP in my LAN and remote VPN, but receiving ... Have you installed the CA certificate on the phones?? You can check it propably somewhere in Menu-> Settings -> Phone -> Phone management -> Security -> Certificates management. For example in Nokia 5800 there are only VeriSign's CA certs installed by default.
as written above, *the_same_device* with *the_same_certificates_(CA_and_personal)* works via one AP but not via another ...
it worth to be mentioned, that as it written, the last packet from radiusd is challenge after what "EAP session for state ... did not finish!" appears ... while other OS-es works perfectly in any point.
I assume SSIDs for both WLANs are the same. Have your tried to connect the remote AP in your LAN? Maybe Nokia saves something about the certain AP in the network profile? Or maybe there's a problem with timeouts or packet fragmentation caused by the VPN tunnel... Daniel
Daniel Deptuła (daniel.deptula@gmail.com) [11.04.10 16:36] wrote:
I assume SSIDs for both WLANs are the same.
yes, they are all configurations differs only by IP addresses
Have your tried to connect the remote AP in your LAN?
yes, and it works, i mean the device with problems began to get authorization successfully
Maybe Nokia saves something about the certain AP in the network profile?
i was trying to delete the profile and to create it from the beginning, no effect
Or maybe there's a problem with timeouts or packet fragmentation caused by the VPN tunnel...
hm ... how and what to test? the weird thing is that i have two offices with the same ISP connected to via ADSL (FreeBSD+ppp), both offices are using the same OpenVPN server, the same radius with the same CA ... for one everything is ok but another one shows "EAP session did not finish" ... -- Zeus V. Panchenko IT Dpt., IBS ltd GMT+2 (EET)
some additional details: the same behaviour with different AP i use AP mostly under OpenWRT but now have tried Lynksys WAP54G which was working at the place where no problem found and now no it's no way to authorize via it ... any idea? -- Zeus V. Panchenko IT Dpt., IBS ltd GMT+2 (EET)
finally the cause was found! in my case it was MTU, the default value for ethernet and ADSL was not allowing for the client responce with certificate to get radius side after decreasing mtu to 1350 i finally got every mobile device in my network authenticated Zeus V Panchenko (zeus@ibs.dn.ua) [11.04.10 12:11] wrote:
Hi,
may somebody advice, please
i have:
uname
FreeBSD 8.1-RELEASE amd64
radiusd -v
radiusd: FreeRADIUS Version 2.1.10, for host amd64-portbld-freebsd8.1, built on Apr 4 2011 at 22:44:15
radiusd configured with EAP-TLS only and works fine with xNIX-es, WinXP, Android and Maemo
with Symbian (Nokia E51, E52) i face much weird picture ...
the same device works fine (getting authorized well) via one AP in my LAN and remote VPN, but receiving
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !! EAP session for state ... did not finish! !! Please read http://wiki.freeradius.org/Certificate_Compatibility !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
via another AP (in remote VPN, while other OS still authorized well)
AP are the same models and configured the same way
what can cause this behaviour?
---end quoted text--- -- Zeus V. Panchenko JID:zeus@gnu.org.ua GMT+2 (EET)
participants (2)
-
Daniel Deptuła -
Zeus V Panchenko