EAP-TLS eapol_test on a remote server

Alan DeKok aland at deployingradius.com
Thu Apr 22 17:03:01 CEST 2021


On Apr 22, 2021, at 10:58 AM, Emile Swarts <emile.swarts123 at gmail.com> wrote:
> Pointing this to a Freeradius server running on AWS with exactly the same
> configuration and certificates, I get the following:
> 
> 1 0.000000000 10.5.0.5 18.168.48.94 RADIUS 203 Access-Request id=0
> 2 0.015807600 18.168.48.94 10.5.0.5 RADIUS 108 Access-Challenge id=0
> 3 0.025829000 10.5.0.5 18.168.48.94 RADIUS 396 Access-Request id=1
> 4 0.040322200 18.168.48.94 10.5.0.5 RADIUS 1112 Access-Challenge id=1
> 5 0.042580700 10.5.0.5 18.168.48.94 RADIUS 206 Access-Request id=2
> 6 0.056210200 18.168.48.94 10.5.0.5 RADIUS 1112 Access-Challenge id=2
> 7 0.064416100 10.5.0.5 18.168.48.94 RADIUS 206 Access-Request id=3
> 8 0.076431300 18.168.48.94 10.5.0.5 RADIUS 1070 Access-Challenge id=3
> 10 0.119491200 10.5.0.5 18.168.48.94 RADIUS 138 Access-Request id=4
> 12 3.121220200 10.5.0.5 18.168.48.94 RADIUS 138 Access-Request id=4,
> Duplicate Request
> 18 9.122298400 10.5.0.5 18.168.48.94 RADIUS 138 Access-Request id=4,
> Duplicate Request
> 20 21.090888500 10.5.0.5 18.168.48.94 RADIUS 138 Access-Request id=4,
> Duplicate Request

  The server isn't replying to the client.  This is likely due to a network issue.
> ...
> EAPOL: startWhen --> 0
> STA 00:11:22:33:44:55: Resending RADIUS message (id=4)
> 
> Next RADIUS client retransmit in 6 seconds
> STA 00:11:22:33:44:55: Resending RADIUS message (id=4)
> 
> Next RADIUS client retransmit in 12 seconds
> STA 00:11:22:33:44:55: Resending RADIUS message (id=4)
> 
> Next RADIUS client retransmit in 24 seconds
> EAPOL test timed out

  Yup.

> If anyone has any ideas how to debug this further, please do let me know. I
> regenerated the self signed certificates but that didn't fix the issue,
> currently suspecting either latency or miss-configured client.

  It's a networking issue.

  Why can some packets get through and others can't?  I don't know.

  If both wpa_supplicant && FreeRADIUS work in one network, but they don't work in another network... then the issue is a networking problem.

  Alan DeKok.




More information about the Freeradius-Users mailing list