Session resumption

Jonathan Gazeley Jonathan.Gazeley at
Thu Feb 11 15:28:08 CET 2016

On 11/02/16 09:51, A.L.M.Buxey at wrote:
> Hi,
>> Is there are a way to fabricate EAP/MSCHAPv2 packets such that we
>> can reliably provoke the server into using session resumption or
>> not? This way we would be able able to
>> test->capture->debug->fix->repeat much more quickly.
> use eapol_test from the wpa_supplicant system
> its likely that you have some policy or unlang corner-case that isnt
> matching the cache...or you arent querying the existing cache entry
> and adding other stuff based on the new NAS id - possibly roaming
> events between 2 seperate controllers etc etc
> alan
> -
> List info/subscribe/unsubscribe? See

I've captured a debug log which contains two authentications, both of 
which are successful. I have disabled the TLS cache so session 
resumption shouldn't occur.

However, something seems odd with the EAP session state expiry. The 
attached log came from a single AP connected to a single WISM in our lab 
(so this rules out roaming events between controllers and/or APs).

 From what I can tell, the server is trying to repeatedly expire EAP 
session with state 0x6fc3095a6cc610be. This session is first mentioned 
on line 3805 but e.g. on line 4012 it is expired but mentioned alongside 
another session. From then onwards, every packet that is handled tries 
to expire 0x6fc3095a6cc610be but mentions finishing a different session 
(e.g. line 4013)

Is this normal?


More information about the Freeradius-Users mailing list