R: Eap-Tls Problem
michael.joosten at c-lab.de
Wed Aug 23 12:53:46 CEST 2006
Matteo Lazzarini wrote:
> Matteo Lazzarini wrote:
> I am continuing to make various tests but I do not resolve the
> problem… nobody has ideas/help?
> - List info/subscribe/unsubscribe? See
I don't know (never tried, no opportunity) how WEP, client PC and AAA
server deal out the WLAN secrets, but from my logfiles using PPP as NAS
on both sides it still looks like what Stefan Winter said:
We have too large EAP packets, an incoming request containing the TLS
Client Hello, Certificates, Cipherlist etc, and Radius replies with a
similar long one containing the TLS Server Hello, Certificates,
Cipherlist, etc, and the TLS request for a key exchange, I'd guess.
From then on, either the XP client or the DLINK AP just choked.
Thus, I'd recommend to look now more on the client side:
1) Event/Security/... logs in XP
2) Logging on the AP? There must be means to get some status/syslog
messages/whatever from the device, isn't it?
3) Use Ethereal/WinPCAP on the XP client and do a capture of the WLAN
interface. Verrry nice, it's even able to dissect all the TLS handshake
conversation (to make sure that the right certificates are exchanged)
and, if used to sniff on the RADIUS port, can also combine the EAP
message fragments in the RADIUS attributes.
OTOH, the french guideline is a little old by now, so I'd consider
installing a super-recent version of openssl as rather harmful than
More information about the Freeradius-Devel