Sending CA certificate during EAP-TLS
A.L.M.Buxey at lboro.ac.uk
A.L.M.Buxey at lboro.ac.uk
Wed Jun 20 14:31:41 CEST 2007
Hi,
> Is there any way to configure free radius + eap-tls module to avoid to send CA certificate during EAP-TLS negotiation? As Free Radius is sending it right now EAP-TLS packets get fragmented and I would like to avoid it.
err, no. you need to handle those fragmented packets. where is it failing, on your network or more
remotely? EAP-TLS places much larger demands on the packet sizes during AAA process....several hundred
bytes more than PEAP (which JUST ABOUT misses fragmentation in its current form from recent
memory)
you've GOT to pass the certs....and if you're using a larger cert (chained etc) those packets
will be big.
so....whos breaking the RFCs with respect to ICMP and pmtu? ;-)
alan
More information about the Freeradius-Users
mailing list