Setting Framed-MTU Attribute
Luca Bertoncello
L.Bertoncello at queo-group.com
Wed Mar 23 09:33:05 UTC 2022
Hi list!
We have a Freeradius 3.0.17 from Debian Repositories to serve the WLAN-Enterprise authentication.
It work(ed) wonderful.
Now we have a second office, connected via OpenVPN. In this office, too, there are devices that need to connect to the WLAN.
We use Unifi to manage our WLANs.
The problem: if the device uses WPA2-Enteprise with password authentication it works via VPN, too.
If the device uses a certificate, the authentication process does not work.
With tcpdump I see:
7 0.326167 10.6.21.10 10.0.21.10 IPv4 1514 Fragmented IP protocol (proto=UDP 17, off=0, ID=ced8)
I already searched in net and I think, I have to set the Framed-MTU attribute to a lesser value.
Current it is 1400 (if I see other packets in the communication).
Problem: I cannot find a way to set it... I already tried to add the attribute in mods-config/attr_filter/access_challenge and in the inner tunnel.
Even is the attribute 1400...
Can someone help me?
Thanks
Luca Bertoncello
More information about the Freeradius-Users
mailing list