AW: AW: Setting Framed-MTU Attribute

Luca Bertoncello L.Bertoncello at queo-group.com
Thu Mar 24 08:38:29 UTC 2022 

Hi Matthew,

so, I checked the OpenVPN configuration on the servers and I have mtu-disc set to yes.
In the documentation of OpenVPN I read:

      --mtu-disc type
              Should we do Path MTU discovery on TCP/UDP channel?  Only supported on OSes such as Linux that supports the necessary system call to set.

              'no' -- Never send DF (Don't Fragment) frames
              'maybe' -- Use per-route hints
              'yes' -- Always DF (Don't Fragment)

So, it seems I already use the PMTUD.

Do you (or someone other) have any suggestion to solve my problem or must I install a Freeradius in the second office, too?

Thanks
Luca Bertoncello

-----Ursprüngliche Nachricht-----
Von: Freeradius-Users <freeradius-users-bounces+l.bertoncello=queo-group.com at lists.freeradius.org> Im Auftrag von Matthew Newton
Gesendet: Mittwoch, 23. März 2022 16:38
An: freeradius-users at lists.freeradius.org
Betreff: Re: AW: Setting Framed-MTU Attribute

On 23/03/2022 15:28, Luca Bertoncello wrote:
> I read the site-available/default but since I don't know what I have to search for, it's very difficult...

As Alan said, the default config is full of examples of how to update attributes. You just have to read it. Updating attributes is also documented in the unlang man pages.

e.g.

https://github.com/FreeRADIUS/freeradius-server/blob/v3.0.x/raddb/sites-available/default#L864-L867

> Currently, I tried to change the mods_enabled/eap and set use_tunneled_reply to yes.
> I also changed the mods-config/attr_filter/access_challenge and added Framed-MTU = 1344 at the start of the "DEFAULT" section.
> No changes in my situation.

Because as you've already been told, attr_filter *removes* attributes, it doesn't add them.

update reply {
   Framed-MTU := 1000
}

 From your original post, though, I suspect this won't help. That attribute is for telling the NAS what MTU to use. It won't make its way through to any device on wifi.

If you have a VPN in the way of that RADIUS server that's causing MTU problems, drop the MTU on the NAS or RADIUS server, or fix the VPN / PMTUD so that the path MTU is calculated correctly. You can't fix that by changing attributes.

--
Matthew
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list