EAP Session Resumption

Donald Sherker dsherker at gmail.com
Fri Apr 10 16:47:56 CEST 2015


I am running FreeRADIUS v3.0.x.  I am trying to enable EAP Session
Resumption, but I am running into some problems.  In the eap module it
says that two files will be written per session.  I am never seeing
the .vps file in the cache directory, and the .asn1 file will be
written sometimes.


For this session the file was written:

(7) eap_peap: processing EAP-TLS
(7) eap_peap: TLS Length 134
(7) eap_peap: Length Included
(7) eap_peap: eaptls_verify returned 11
(7) eap_peap: <<< TLS 1.0 Handshake [length 0046], ClientKeyExchange
(7) eap_peap: TLS_accept: SSLv3 read client key exchange A
(7) eap_peap: <<< TLS 1.0 ChangeCipherSpec [length 0001]
(7) eap_peap: <<< TLS 1.0 Handshake [length 0010], Finished
(7) eap_peap: TLS_accept: SSLv3 read finished A
(7) eap_peap: >>> TLS 1.0 ChangeCipherSpec [length 0001]
(7) eap_peap: TLS_accept: SSLv3 write change cipher spec A
(7) eap_peap: >>> TLS 1.0 Handshake [length 0010], Finished
(7) eap_peap: TLS_accept: SSLv3 write finished A
(7) eap_peap: TLS_accept: SSLv3 flush data
  SSL: adding session
f72abc554bb004769d9c8bf121d63a412b519538ece70b34526f42e787bb5b38 to
cache
  SSL: wrote session
f72abc554bb004769d9c8bf121d63a412b519538ece70b34526f42e787bb5b38 to
/<logdir>/tlscache/f72abc554bb004769d9c8bf121d63a412b519538ece70b34526f42e787bb5b38.asn1
len=147

However this session was not resumed:

(18) eap_peap: processing EAP-TLS
(18) eap_peap: eaptls_verify returned 7
(18) eap_peap: Done initial handshake
(18) eap_peap: eaptls_process returned 7
(18) eap_peap: FR_TLS_OK
(18) eap_peap: Session established.  Decoding tunneled attributes
(18) eap_peap: PEAP state send tlv success
(18) eap_peap: Received EAP-TLV response
(18) eap_peap: Success
(18) eap_peap: WARNING: No information in cached session
f72abc554bb004769d9c8bf121d63a412b519538ece70b34526f42e787bb5b38
(18) eap: Freeing handler

The files referred to here was not written at all:

(26) eap_ttls: Authenticate
(26) eap_ttls: processing EAP-TLS
(26) eap_ttls: TLS Length 134
(26) eap_ttls: Length Included
(26) eap_ttls: eaptls_verify returned 11
(26) eap_ttls: <<< TLS 1.0 Handshake [length 0046], ClientKeyExchange
(26) eap_ttls: TLS_accept: SSLv3 read client key exchange A
(26) eap_ttls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
(26) eap_ttls: <<< TLS 1.0 Handshake [length 0010], Finished
(26) eap_ttls: TLS_accept: SSLv3 read finished A
(26) eap_ttls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
(26) eap_ttls: TLS_accept: SSLv3 write change cipher spec A
(26) eap_ttls: >>> TLS 1.0 Handshake [length 0010], Finished
(26) eap_ttls: TLS_accept: SSLv3 write finished A
(26) eap_ttls: TLS_accept: SSLv3 flush data
  SSL: adding session
78a6af3ea358b3a251b2815c7b60124e5009fd6b916932d9a554d872e05aa136 to
cache
  SSL: wrote session
78a6af3ea358b3a251b2815c7b60124e5009fd6b916932d9a554d872e05aa136 to
/<logdir>/tlscache/78a6af3ea358b3a251b2815c7b60124e5009fd6b916932d9a554d872e05aa136.asn1
len=147


(38) eap_peap: processing EAP-TLS
(38) eap_peap: TLS Length 134
(38) eap_peap: Length Included
(38) eap_peap: eaptls_verify returned 11
(38) eap_peap: <<< TLS 1.0 Handshake [length 0046], ClientKeyExchange
(38) eap_peap: TLS_accept: SSLv3 read client key exchange A
(38) eap_peap: <<< TLS 1.0 ChangeCipherSpec [length 0001]
(38) eap_peap: <<< TLS 1.0 Handshake [length 0010], Finished
(38) eap_peap: TLS_accept: SSLv3 read finished A
(38) eap_peap: >>> TLS 1.0 ChangeCipherSpec [length 0001]
(38) eap_peap: TLS_accept: SSLv3 write change cipher spec A
(38) eap_peap: >>> TLS 1.0 Handshake [length 0010], Finished
(38) eap_peap: TLS_accept: SSLv3 write finished A
(38) eap_peap: TLS_accept: SSLv3 flush data
  SSL: adding session
d6d13833c06ec03ff683827076a82fe14adecb384a9ef401a467dc2a225a8853 to
cache
  SSL: wrote session
d6d13833c06ec03ff683827076a82fe14adecb384a9ef401a467dc2a225a8853 to
/<logdir>/tlscache/d6d13833c06ec03ff683827076a82fe14adecb384a9ef401a467dc2a225a8853.asn1
len=147

Why would the files be written sometimes and not other times, and why
are there no vps files for these sessions?

Thanks,

Don


More information about the Freeradius-Users mailing list