EAP-TTLS sessions and 'anonymous' Access-Request
Hi, When I test eap_ttls setup, for single connection attempt I see at least 6 "Access-Request" with 'anonymous' user name and some of them have log messages like this: *(1) eap_ttls: TLS_accept: unknown state(1) eap_ttls: TLS_accept: Need to read more data: unknown state* Is it encapsulation of stateful TLS session into stateless UDP-based protocol or something goes wrong with my setup? Thank you. -- Bogdan Rudas Head of Minsk IT Support Department Exadel Inc. http://www.exadel.com/ E-mail: brudas@exadel.com Skype ID: bogdan.rudas -- CONFIDENTIALITY NOTICE: This email and files attached to it are confidential. If you are not the intended recipient you are hereby notified that using, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. If you have received this email in error please notify the sender and delete this email.
On Sep 5, 2016, at 4:13 PM, Bogdan Rudas via Freeradius-Users <freeradius-users@lists.freeradius.org> wrote:
When I test eap_ttls setup, for single connection attempt I see at least 6 "Access-Request" with 'anonymous' user name
That's how EAP-TLS works.
and some of them have log messages like this:
*(1) eap_ttls: TLS_accept: unknown state(1) eap_ttls: TLS_accept: Need to read more data: unknown state* Is it encapsulation of stateful TLS session into stateless UDP-based protocol or something goes wrong with my setup?
The protocols are: Ethernet IP UDP RADIUS EAP EAP-TLS TLS It's a bit of a miracle that it works. Note there's no TCP. So everything is over UDP. Alan DeKok.
participants (2)
-
Alan DeKok -
Bogdan Rudas