Re-transmits arriving via a different proxy / EAP duplicate detection
Phil Mayers
p.mayers at imperial.ac.uk
Wed Oct 10 12:54:31 CEST 2012
On 09/10/12 19:17, alan buxey wrote:
> Hi,
>
>> As I iterate through our logging config, I'm gaining increasing
>> visibility of all kinds of peculiar stuff. This one I spotted today
>> - we are seeing remote RADIUS servers (eduroam visited sites)
>> sending retransmits via different intermediate proxies.
>
> I've seen this a couple of times int he past - and recently too. the recent
> one was fixed by ensuring that the RADIUS server was listening only
The pattern we see is quite odd. I suspect the core issue is being
exacerbated by misbehaving clients or visited-site radius servers. The
reason I suspect this is that, if it were genuine packet loss, you'd
expect to see retransmits at all stages of the EAP session. But we
almost exclusive see retransmits in response to a reject (very common)
or an accept (rarely).
In particular, there seem to be some sites where retransmits come in if
we send a reject. I don't know if this is a particular supplicant or a
particular radius server.
Or maybe I'm mis-reading the evidence. But it does seem odd... I'm
wondering whether to open a JRS support ticket or not (any suggestions ;o)
More information about the Freeradius-Users
mailing list