[***** SPAM 6.2 *****] eap_ttls: ERROR: TLS Alert write:fatal:bad record mac

Fredrik Lundhag fredrik at flattr.com
Sat Jun 1 14:43:45 CEST 2019



> On 1 Jun 2019, at 14:04, Alan DeKok <aland at deployingradius.com> wrote:
> 
> Some magic crypto parameter is wrong.  :(  That's the best non-technical explanation.
> 
>  The message is being produced by FreeRADIUS (via OpenSSL), when it tries to decode the packet from the client.  It means that the packet is bad, and that OpenSSL won't continue to run the TLS setup.
> 
>  There really isn't anything you can do here.  Just have the user try again.

Ah, bummer. Thanks for your help, I've been going crazy trying to debug this. I have seen some VPN logs complaining about bad packets, (the auth server is located separately from the access point, so I guess that is it then). Thank you!

-Fredrik

--
Wire.com: @jolt




More information about the Freeradius-Users mailing list