Windows Slow EAP-TLS Authentication
nabble at felix.world
nabble at felix.world
Thu Sep 19 05:51:50 UTC 2024
>
> Azure has a network security feature on by default that drops
> fragmented UDP packets that arrive out of order. This negatively
> impacts RADIUS/UDP traffic.
>
> To give you an example, at least 20% of EAP-TLS auth attempts were
> failing for us in the cert auth phase due to this issue.
>
> Azure support can turn on the 'enable-udp-fragment-reordering' feature
> by request after providing packet captures and use case info etc. They
> will also only turn it on in a brand new subscription that's dedicated
> to running VMs that require this feature. After we did this, our auth
> success rate increased to 100%.
>
We had this issue years ago and after several meetings, mails, capture analysis the support just blamed FreeRADIUS…
More information about the Freeradius-Users
mailing list