EAP-PEAP - difference between 3.0.25 and 3.2
Alan DeKok
aland at deployingradius.com
Tue Jun 28 13:29:18 UTC 2022
On Jun 28, 2022, at 9:04 AM, Kamil Jońca <kjonca at op.pl> wrote:
> 3.0.25
> https://drive.google.com/file/d/1uswz1jQRyAE_J7b9tu8Hrf4HmZqkT0NW/view?usp=sharing
> 3.2
> https://drive.google.com/file/d/15ONVo-KrM0Mq6Jrwu0PlKBDFMKTBpDgX/view?usp=sharing
From a quick look, with 3.0.25, the client sends a bunch of information after the TLS session has been established. This is the initial "inner EAP" data.
For 3.2.0, the client sends nothing after the TLS session has been established. For FreeRADIUS sends an ACK "please send more data", and the client sends an ACK "no, you send more data". And then that process repeats.
I suspect that whatever is going wrong is likely in the TLS layer. Are you running both 3.0.25 and 3.2.0 on the same machine, with the same OpenSSL libraries, etc? Or are they on different machines?
I don't see anything immediately different in the FreeRADIUS behavior. It just relies on OpenSSL to do the TLS negotiation. The client *should* send "inner tunnel" data once the session is established. For 3.0.25, it does. For 3.2.0, the client doesn't send it.
Alan DeKok.
More information about the Freeradius-Users
mailing list