AW: Problem Radius over VPN

Luca Bertoncello L.Bertoncello at
Wed Apr 13 13:52:00 UTC 2022

Hi Alan,

I started Freeradius with the -X Option.
In the Access-Challenge Response sind nur:

- EAP-Message
- Message-Authentication
- State

No other attributes...


-----Ursprüngliche Nachricht-----
Von: Freeradius-Users < at> Im Auftrag von Alan DeKok
Gesendet: Mittwoch, 13. April 2022 15:42
An: FreeRadius users mailing list <freeradius-users at>
Betreff: Re: Problem Radius over VPN

On Apr 13, 2022, at 9:23 AM, Luca Bertoncello <L.Bertoncello at> wrote:
> I didn't changed the fragment_size, but I tried to reduce it and set it to 800.
> Unfortunately no changes in the situation...

  Then something else is going on in your local configuration.

  The EAP module will limit the EAP-Message attribute to "fragment_size".  So if the RADIUS packets are still >1500 bytes, then the problem isn't EAP.

  Look at the debug output.  What attributes are in the Access-Challenge responses?  There should be:


  And not really much else.  If you have tons of other attributes in the Access-Challenge packets, that's the problem.  

  Go to sites-enabled/default, and look for this text:

	#  Filter access challenges.
	Post-Auth-Type Challenge {
#		remove_reply_message_if_eap

 Uncomment the "" line, and the Access-Challenge packets should get a lot smaller.

  Alan DeKok.

List info/subscribe/unsubscribe? See

More information about the Freeradius-Users mailing list