Patch: eaptls packets too large, clash MTU

Michael Joosten michael.joosten at
Thu Aug 10 19:21:13 CEST 2006


while using EAPTLS via RADIUS for authentication of a PPP/L2TP/IPSec VPN
(Microsoft style), I discovered that the generated EAPTLS packets are a little
bit to large. If you take Framed-MTU serious, most of the EAPTLS header is not
accounted for. Result: PPP communication with max. possible IPSec MTU fails
silently, because the EAPTLS packets (esp. those with long certificates) are
silently discarded.

Patch attached. Should I also submit this to the bug database?

Regards, Michael Joosten

More information about the Freeradius-Devel mailing list