AW: Problem Radius over VPN
Luca Bertoncello
L.Bertoncello at queo-group.com
Wed Apr 13 13:52:00 UTC 2022
Hi Alan,
I started Freeradius with the -X Option.
In the Access-Challenge Response sind nur:
- EAP-Message
- Message-Authentication
- State
No other attributes...
Regards
Luca
-----Ursprüngliche Nachricht-----
Von: Freeradius-Users <freeradius-users-bounces+l.bertoncello=queo-group.com at lists.freeradius.org> Im Auftrag von Alan DeKok
Gesendet: Mittwoch, 13. April 2022 15:42
An: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Betreff: Re: Problem Radius over VPN
On Apr 13, 2022, at 9:23 AM, Luca Bertoncello <L.Bertoncello at queo-group.com> wrote:
> I didn't changed the fragment_size, but I tried to reduce it and set it to 800.
> Unfortunately no changes in the situation...
Then something else is going on in your local configuration.
The EAP module will limit the EAP-Message attribute to "fragment_size". So if the RADIUS packets are still >1500 bytes, then the problem isn't EAP.
Look at the debug output. What attributes are in the Access-Challenge responses? There should be:
EAP-Message
State
And not really much else. If you have tons of other attributes in the Access-Challenge packets, that's the problem.
Go to sites-enabled/default, and look for this text:
#
# Filter access challenges.
#
Post-Auth-Type Challenge {
# remove_reply_message_if_eap
# attr_filter.access_challenge.post-auth
}
Uncomment the "attr_filter.access_challenge.post-auth" line, and the Access-Challenge packets should get a lot smaller.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list