On 05/02/2014 03:24 PM, Hartmaier Alexander wrote: > I've configured the outer PEAP Handler with EAPTLS_MaxFragmentSize 1350 > and removed the value 1250 (1300 which we use for wired dot1x seems to > be too large) from the inner TLS handler which makes it fail the same > way as when configuring 1300. > Is the other value too large or how is the inner size calculated?
The inner size simply uses the outer fragment size minus 40 bytes. It appears this number is not large enough for all cases then. The correct number in your case is something between 1250 and 1300 when you have outer fragment size 1350? That is, when you have 1350 as outer fragment size, 1250 works but 1300 does not. Thanks, Heikki -- Heikki Vatiainen <h...@open.com.au> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
