Multiple access-request + access-accept packets in one conversation.
Vlad Kratsberg
vkratsberg at gmail.com
Wed Jun 1 22:54:21 CEST 2016
Thanks,
I will try upgrading to version 3.1.
Could the certificate be the reason for re-negotiation over and over again
?
On Wed, Jun 1, 2016 at 4:34 PM, Alan DeKok <aland at deployingradius.com>
wrote:
> On Jun 1, 2016, at 4:23 PM, Vlad Kratsberg <vkratsberg at gmail.com> wrote:
> > Thanks for response. Below are mine cache configurations and i actually
> > see .vps and .asn1 entries created in /var/log/radius/tlscache/.
>
> The debug log you posted shows that "persist_dir" wasn't configured, and
> that it wasn't caching entries.
>
> > cache
> > enable = yes
> > max_entries = 255
> > name = "EAP module"
> > persist_dir = "${logdir}/tlscache"
> > }
> >
> > .vps files only contain User-Name attribute.
> >
> > So is this a know issue where 3.0.X doesn't cache all atributes ?
>
> Yes.
>
> You will need to set Cached-Session-Policy in the original reply.
>
> It will then be copied to the reply of the resumed session. You can use
> key off of that to figure out which reply attributes to send back.
>
> It's not perfect, by any means.
>
> To be honest, you might just try upgrading to v3.1.x from github. The
> caching is a *lot* cleaner there.
>
> > Is this
> > related to the fact that conversation between client and server becoming
> > too long during renegotiation ?
>
> No. The re-negotiation isn't long. It jus re-negotiates over and over
> and over.
>
> Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list