iOS mysterious issues on Freeradius 3.0.14

Peter Hutchison p.j.hutchison at hud.ac.uk
Thu Mar 23 10:29:54 CET 2017


>I've read a lot messages in Freeradius Forum and I continued misunderstand why iOS devices (iPhone, iPad) doesn't connect in my >WPA-Enterprise wifi network. I've installed and configured a freeradius server, version 3.0.14, over openssl 1.1.0e (both have >installed from sources on Debian 8). I've tested connect Android devices to my wifi network and everytime they can connect to >the network, but iOS devices have mysterious issues.

With PEAP you should *always* use Publicly recognised TLS/SSL certificates, preferably with a well-known CA source or one that your University supports. Also it should be at least 2048 bits and uses the SHA256 hash algorithm, SHA1 should be phased out. For example, we use JISC service which uses Quo Vadis CA. Do not use self-signed or internal CA certificates.

>When I try connect iOS device to my wifi in first time, they can connect perfectly. Though, if this same iOS device lost >connection (because it's out of range AP signal or air plane mode turn on by the user for 30 minutes or hours) and try connect >again the device doesn't connect. When I've saw the debug mode, I've noticed that EAP-PEAP tunnel athentication was successful >and server sent Access-Challenge, but device doesn't answer this challenge. I don't understand why the android devices doesn't >this issues.


>  Maybe it's related to session resumption?  Have you turned that off?

When switched between Aps, session resumption should be enabled to provide seemless connections.
The APS should be using the same SSIDs and



Peter Hutchison MCP
Senior Network Systems SpecialistS
S 01484 473716
Networks Team
University of Huddersfield | Queensgate | Huddersfield | HD1 3DH



University of Huddersfield inspiring tomorrow's professionals.
[http://marketing.hud.ac.uk/_HOSTED/EmailSig2014/EmailSigFooter.jpg]

This transmission is confidential and may be legally privileged. If you receive it in error, please notify us immediately by e-mail and remove it from your system. If the content of this e-mail does not relate to the business of the University of Huddersfield, then we do not endorse it and will accept no liability.



More information about the Freeradius-Users mailing list