Session resumption

Jonathan Gazeley Jonathan.Gazeley at
Thu Feb 11 10:44:00 CET 2016

We've upgraded our FreeRADIUS 2.2.x servers to FreeRADIUS 3.0.11 because 
it was about time. Since then, we're having a subtle problem with 
session resumption where in some cases, FreeRADIUS returns two 
Access-Accept packets, each with differing VLAN information which breaks 
the client. The double reply only occurs when EAP sessions have been 
resumed, but not with every resumed session.

This happens relatively infrequently so we are having to wait a long 
time (hours) in debug mode before we capture one of these faulty 
authentications to see if our latest attempt at fixing has worked.

Is there are a way to fabricate EAP/MSCHAPv2 packets such that we can 
reliably provoke the server into using session resumption or not? This 
way we would be able able to test->capture->debug->fix->repeat much more 

I hope today to capture enough debug information to be able to submit a 
detailed report to this list.


More information about the Freeradius-Users mailing list