Problem Radius over VPN
aland at deployingradius.com
Wed Apr 13 14:23:44 UTC 2022
On Apr 13, 2022, at 10:19 AM, Luca Bertoncello <L.Bertoncello at queo-group.com> wrote:
> Hi Alan,
> I would say, the answer ist 261 bytes:
> (1) Sent Access-Challenge Id 68 from 10.0.21.10:1812 to 10.6.21.10:54656 length 0
> (1) EAP-Message = 0x01e803ec0dc0000012f5160303003d020000390303a1b6eb58bf2ce8ab3f12a20eacc792ded76b9714c15bebd6444f574e4752440100c030000011ff01000100000b000403000102001700001603030f7d0b000f79000f760008243082082030820608a0030201020215009613f3945007364d2b46c3df
> (1) Message-Authenticator = 0x00000000000000000000000000000000
> (1) State = 0xfd8b5894fc6355beb76ffb2667a966eb
> (1) Finished request
> Or do I understand wrong?
The EAP-Message is encoded as binary data (not hex), so it's really 120 bytes for that, plus the rest. But that's minor.
Yes, this packet is small. If you're still seeing fragmentation, then you have to track it down:
* which packets are being fragmented?
* what is in those packets?
* where do they come from?
The only way to fix this is by using a methodical approach to narrow down the problem. It might have been RADIUS at the start, but it looks like that isn't it. So... what else is going on?
We don't have access to your systems. But since the problem isn't RADIUS, there isn't a lot more we can do here.
More information about the Freeradius-Users