Windows Slow EAP-TLS Authentication

nabble at felix.world nabble at felix.world
Thu Sep 19 05:51:50 UTC 2024


> 
> Azure has a network security feature on by default that drops
> fragmented UDP packets that arrive out of order. This negatively
> impacts RADIUS/UDP traffic.
> 
> To give you an example, at least 20% of EAP-TLS auth attempts were
> failing for us in the cert auth phase due to this issue.
> 
> Azure support can turn on the 'enable-udp-fragment-reordering' feature
> by request after providing packet captures and use case info etc. They
> will also only turn it on in a brand new subscription that's dedicated
> to running VMs that require this feature. After we did this, our auth
> success rate increased to 100%.
> 

We had this issue years ago and after several meetings, mails, capture analysis the support just blamed FreeRADIUS…




More information about the Freeradius-Users mailing list