How to cache the EAP-TLS session-state in redis
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Tue Jun 11 03:50:42 UTC 2024
> On Jun 10, 2024, at 23:43, James Fan <polysorb at gmail.com> wrote:
>
> Hi all,
> We have some radius server pods with an external load balancer in front of
> them. So, when the TLS requests come from the load balancer, there will be
> an error sometimes as follows:
>
> ERROR: (2208) eap: ERROR: rlm_eap (EAP): No EAP session matching state
> 0x64000d7e672c0070
>
> Can I save the session state in Redis and share it with multiple RADIUS
> servers?
Not how you want. AFAIK there's no way of serialising a SSL * (an OpenSSL TLS session) and transferring it to another server.
You can serialise the TLS session resumption data and share it between a cluster, but your load balancer still needs to be capable of routing related requests to the same node for the initial authentication attempt.
-Arran
Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
More information about the Freeradius-Users
mailing list