Problem Radius over VPN

Alan DeKok aland at
Wed Apr 13 14:23:44 UTC 2022

On Apr 13, 2022, at 10:19 AM, Luca Bertoncello <L.Bertoncello at> wrote:
> Hi Alan,
> I would say, the answer ist 261 bytes:
> (1) Sent Access-Challenge Id 68 from to length 0
> (1)   EAP-Message = 0x01e803ec0dc0000012f5160303003d020000390303a1b6eb58bf2ce8ab3f12a20eacc792ded76b9714c15bebd6444f574e4752440100c030000011ff01000100000b000403000102001700001603030f7d0b000f79000f760008243082082030820608a0030201020215009613f3945007364d2b46c3df
> (1)   Message-Authenticator = 0x00000000000000000000000000000000
> (1)   State = 0xfd8b5894fc6355beb76ffb2667a966eb
> (1) Finished request
> Or do I understand wrong?

  The EAP-Message is encoded as binary data (not hex), so it's really 120 bytes for that, plus the rest.  But that's minor.

  Yes, this packet is small.  If you're still seeing fragmentation, then you have to track it down:

* which packets are being fragmented?

* what is in those packets?

* where do they come from?

  The only way to fix this is by using a methodical approach to narrow down the problem.  It might have been RADIUS at the start, but it looks like that isn't it.  So... what else is going on?

  We don't have access to your systems.  But since the problem isn't RADIUS, there isn't a lot more we can do here.

  Alan DeKok.

More information about the Freeradius-Users mailing list