freeradius retransmit of EAP-TTLS start packet with incorrect packet id
list at securew2.com
list at securew2.com
Mon Nov 19 17:54:02 CET 2012
Hi Alan,
it still seems strange that it would respond with a packet id that was
never sent by the client. I guess this could only happen if the AP somehow
thought it should retransmit the identity request.
I am hoping the radius server logs will help so i can see the missing
packet causing freeradius to increment the packet id.
Thanks,
Tom
> list at securew2.com wrote:
>> Furthermore this does not happen all the time leading me to believe this
>> might be a retransmit issue between the access point and freeradius,
>> maybe
>> during high load.
>
> That's likely. And since it's EAP retransmit after a long time, odds
> are that the RADIUS packet isn't retransmitted.
>
> It's a brand new RADIUS packet, which means that the RADIUS layer
> duplicate detection doesn't work. Which means that the EAP packet is
> processed again.
>
> I suspect that there's very little you can do about it.
>
> There are patches going into 3.0 which will detect RADIUS retransmits
> over multiple proxy hops. That is a rare case, but more likely in the
> case of eduroam. Fixing it is good.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list