RadSec FR3.0 to Radiator: "Received packet will be too large"
Alan Buxey
A.L.M.Buxey at lboro.ac.uk
Wed Feb 22 21:49:03 CET 2012
Hi,
> We're piloting RadSec as a federation server uplink. They use Radiator. When we first attempted to connect we'd get
> a "Received packet will be too large!" carp from main/tls.c. They checked on their end and say they have no fragment
> size option for RadSec TLS connections, only for EAP-TLS connections.
>
> So we applied the below as a test and it works, but I was wondering as to the wisdom of it...
interesting....a RADSEC packet can be much bigger than that too - 2048 gives some room for a big
certificate - but not if its double-chained with intermediate and its got a nice security size
instead of being a little 512bit RSA one. typically EAP-TLS can be fragmented on the server due
to it going through to the end-clients ..and being UDP things get a little nasty...whereas with RADSEC
theres no reason why a single TCP request couldnt be quite large and needing to be fragmented
by the routers....
alan
More information about the Freeradius-Users
mailing list