EAP-TTLS sessions and 'anonymous' Access-Request

Alan DeKok aland at deployingradius.com
Mon Sep 5 23:33:04 CEST 2016


On Sep 5, 2016, at 4:13 PM, Bogdan Rudas via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> When I test eap_ttls setup, for single connection attempt I see at least 6
> "Access-Request" with 'anonymous' user name

  That's how EAP-TLS works.

> and some of them have log messages like this:
> 
> 
> *(1) eap_ttls: TLS_accept: unknown state(1) eap_ttls: TLS_accept: Need to
> read more data: unknown state*
> Is it encapsulation of stateful TLS session into stateless UDP-based
> protocol or something goes wrong with my setup?

  The protocols are:

Ethernet
IP
UDP
RADIUS
EAP
EAP-TLS
TLS

  It's a bit of a miracle that it works.

  Note there's no TCP.  So everything is over UDP.

  Alan DeKok.




More information about the Freeradius-Users mailing list