TLS communication, EAP does not work

Luciano Fernandes da Rocha luciano.rocha at rnp.br
Thu Jul 13 15:46:41 CEST 2017


Dear, 

Briefly, our scenario has 3 servers with FreeRadius 3.0.14. 2 institutions (ufjfteste.br and rnpteste.br) and 1 FLR (.br). On the institution level we run RadSec (embedded TCP/TLS in FreeRadius3) to communicate with our FLR, a radsecproxy. So, using this TLS communication, EAP does not work, but turning off it and doing the communication between all servers using only UDP (disabling RadSec at institutions and radsecproxy at FLR), all EAP methods works. 

To confirm it, if we turn on the TLS communication, we could only authenticate using 'radtest' (as we know, a simple authentication without EAP). 

We suspect that EAP messages are lost during the exchanging when TLS communication are enable. 

Do you have any ideia about it to help us? 


* Our real scenario here in Brazil is similar to this, with institutions using FreeRadius (today with radsecproxy) and the FLR using radsecproxy too. Now we are conducting this validations to update our infrastructure to use FreeRadius3 with RadSec in institution level, and maintaining radsecproxy in FLR. 

Thanks in advance, 

-- 

Luciano Fernandes da Rocha. 
Analista de Operações 
DAGSer - Diretoria Adjunta de Gestão de Serviços 
RNP – Rede Nacional de Ensino e Pesquisa 
Site:http://www.rnp.br e-mail:luciano.rocha at rnp.br 
Tel.:+55 61 3243-4389 



More information about the Freeradius-Users mailing list