Changing MTU value for EAP Session error

Alan DeKok aland at
Wed Jan 11 08:48:34 CET 2012

Sallee, Stephen (Jake) wrote:
> I have read on the list and the FR wiki that decreasing the MTU value
> for the tunnel can help alleviate the pesky EAP session did not finish
> problem.  I would like to try this as I am getting the same issue on IOS
> and Android based phones using the default certs FR ships with.

  It *might* help.  Or it might not.  If you get 4-5 Request/Challenge
exchanges, then changing MTU likely won't help.

> However I cannot find where to specify the MTU value, I assume it is in
> the inner-tunnel virtual server,


> but my google-fu is weak today and
> cannot find any instructions.  I see several messages on the list saying
> that is should be done but none actually explaining HOW.

  Like most things in FreeRADIUS: you don't.  It's calculated
automatically.  If the NAS sends a Framed-MTU, then FreeRADIUS uses that
to calculate the maximum MTU.

  The simplest thing to try is to see eap.conf, and change fragment_size
to something smaller.  Anything less than 1K is likely useless, as
Ethernet always supports 1.5K packets.

  If it still doesn't work when fragment_size=1K, then the problem isnt
MTU.  It's something else.

  Alan DeKok.

More information about the Freeradius-Users mailing list