TLS handshake error

[Mark Dayton]

Hi, yes I've had that before and Microsoft have had to allow udp for the
tenant. I'm not sure if this is related though as it's not behind a load
balancer? I'm targeting the public IP of the container instance.

The tail logs don't give a lot of information to be honest, is there any
other way of getting better logs?

Would you suggest switching to radsec?
Thanks


On Wed, 19 Jun 2024, 8:00 pm , <nabble at felix.world> wrote:

> Without the full debug i don’t think someone can help you.
> But as a side note. Besides security aspects, don’t use UDP with Azure
> container instances or any service which is running behind a load balancer
> in Azure.
> We also saw spontaneous issues with VMs which run in Azure and use UDP
> when it comes to fragmentation.
>
> The loadbalancers are not able forwarding fragmented UDP (or fragmented IP
> packets to be more correct) and you will search for hours before you’re
> taking captures and wondering why not everything from the sender, arrives
> at your destination.
> But of course it depends on the authentication protocol and the server
> configuration whether fragmentation occurs in your situation.
>
> BR,
> Lineconnect
>
> > On 19. Jun 2024, at 20:04, Mark Dayton <m4rk.dayton at gmail.com> wrote:
> >
> > I have setup freeradius in Azure running as a container, I'm using image
> > latest-3.2-alpine for this.
> >
> > I have a self signed cert configured for the server and a root CA
> uploaded.
> > On my client I have trusted certs for both the self signed certificate
> and
> > the root CA.
> > My wireless profile is configured to use the root CA.
> >
> > Constantly receiving this error when connection is attempted, can anyone
> > suggest anything?
> >
> > eap_tls: ERROR: (TLS) Alert write:fatal:handshake failure
> > -
> > List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>