freeradius retransmit of EAP-TTLS start packet with incorrect packet id
Alan DeKok
aland at deployingradius.com
Mon Nov 19 17:27:22 CET 2012
list at securew2.com wrote:
> Furthermore this does not happen all the time leading me to believe this
> might be a retransmit issue between the access point and freeradius, maybe
> during high load.
That's likely. And since it's EAP retransmit after a long time, odds
are that the RADIUS packet isn't retransmitted.
It's a brand new RADIUS packet, which means that the RADIUS layer
duplicate detection doesn't work. Which means that the EAP packet is
processed again.
I suspect that there's very little you can do about it.
There are patches going into 3.0 which will detect RADIUS retransmits
over multiple proxy hops. That is a rare case, but more likely in the
case of eduroam. Fixing it is good.
Alan DeKok.
More information about the Freeradius-Users
mailing list