EAP-TLS eapol_test on a remote server

Alan DeKok aland at deployingradius.com
Thu Apr 22 19:44:45 CEST 2021

On Apr 22, 2021, at 12:42 PM, Emile Swarts <emile.swarts123 at gmail.com> wrote:
> Thanks for the quick reply Alan. Really helps narrow it down.
> I forgot to mention, I am seeing "Fragmented IP protocol" packets in the
> capture, which seems to correspond to each of the Access-Requests.
> Could this have something to do with MTU configuration of Freeradius?

  It's a network MTU issue.  The UDP packets are too large, and the network fragments them.  UDP packet fragmentation really doesn't work well across the wider internet.

  The solution is to use a VPN which doesn't fragment the packets.  Or, use RADIUS over TLS.  The "stunnel" utility may help here.

  You can change "fragment_size" in mods-enabled/eap.  Lower it to 600 or so, and might will help.  But it's not a *fix* for the problem.

  The best solution is to use a network which doesn't fragment the packets.

  Alan DeKok.

More information about the Freeradius-Users mailing list