Re-transmits arriving via a different proxy / EAP duplicate detection

Phil Mayers p.mayers at imperial.ac.uk
Wed Oct 10 12:54:31 CEST 2012


On 09/10/12 19:17, alan buxey wrote:
> Hi,
>
>> As I iterate through our logging config, I'm gaining increasing
>> visibility of all kinds of peculiar stuff. This one I spotted today
>> - we are seeing remote RADIUS servers (eduroam visited sites)
>> sending retransmits via different intermediate proxies.
>
> I've seen this a couple of times int he past - and recently too. the recent
> one was fixed by ensuring that the RADIUS server was listening only

The pattern we see is quite odd. I suspect the core issue is being 
exacerbated by misbehaving clients or visited-site radius servers. The 
reason I suspect this is that, if it were genuine packet loss, you'd 
expect to see retransmits at all stages of the EAP session. But we 
almost exclusive see retransmits in response to a reject (very common) 
or an accept (rarely).

In particular, there seem to be some sites where retransmits come in if 
we send a reject. I don't know if this is a particular supplicant or a 
particular radius server.

Or maybe I'm mis-reading the evidence. But it does seem odd... I'm 
wondering whether to open a JRS support ticket or not (any suggestions ;o)


More information about the Freeradius-Users mailing list