Multiple access-request + access-accept packets in one conversation.

Alan DeKok aland at deployingradius.com
Wed Jun 1 22:34:00 CEST 2016


On Jun 1, 2016, at 4:23 PM, Vlad Kratsberg <vkratsberg at gmail.com> wrote:
> Thanks for response.  Below are mine cache configurations and i actually
> see .vps and .asn1 entries created in /var/log/radius/tlscache/.

  The debug log you posted shows that "persist_dir" wasn't configured, and that it wasn't caching entries.

> cache
>                        enable = yes
>                        max_entries = 255
>                        name = "EAP module"
>                        persist_dir = "${logdir}/tlscache"
>                }
> 
> .vps files only contain User-Name attribute.
> 
> So is this a know issue where 3.0.X doesn't cache all atributes ?  

  Yes.

  You will need to set Cached-Session-Policy in the original reply.

  It will then be copied to the reply of the resumed session.  You can use key off of that to figure out which reply attributes to send back.

  It's not perfect, by any means.

  To be honest, you might just try upgrading to v3.1.x from github.  The caching is a *lot* cleaner there.

> Is this
> related to the fact that conversation between client and server becoming
> too long during renegotiation ?

  No.  The re-negotiation isn't long.  It jus re-negotiates over and over and over.

  Alan DeKok.




More information about the Freeradius-Users mailing list