R: Eap-Tls Problem

[Michael Joosten]

Matteo Lazzarini wrote:

> Matteo Lazzarini wrote:
>
> I am continuing to make various tests but I do not resolve the 
> problem… nobody has ideas/help?
> - List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/devel.html
>
I don't know (never tried, no opportunity) how WEP, client PC and AAA 
server deal out the WLAN secrets, but from my logfiles using PPP as NAS 
on both sides it still looks like what Stefan Winter said:

We have too large EAP packets, an incoming request containing the TLS 
Client Hello, Certificates, Cipherlist etc, and Radius replies with a 
similar long one containing the TLS Server Hello, Certificates, 
Cipherlist, etc, and the TLS request for a key exchange, I'd guess.
 From then on, either the XP client or the DLINK AP just choked.

Thus, I'd recommend to look now more on the client side:
1) Event/Security/... logs in XP
2) Logging on the AP? There must be means to get some status/syslog 
messages/whatever from the device, isn't it?
3) Use Ethereal/WinPCAP on the XP client and do a capture of the WLAN 
interface. Verrry nice, it's even able to  dissect all the TLS handshake 
conversation (to make sure that the right certificates are exchanged) 
and, if used to sniff on the RADIUS port, can also combine the EAP 
message fragments in the RADIUS attributes.

OTOH, the french guideline is a little old by now, so I'd consider 
installing a super-recent version of openssl as rather harmful than 
necessary.

Ciao, Michael