Hi, On Mon, 1 Feb 2016, Hartmaier Alexander wrote: > Hi, > I'd say the client doesn't trust the radiator certificate and stops the > EAP conversation.
the same client worked when on site. It failed when offsite and the requests were coming over the vpn. It turned out to be a firewall with huge mtu on the inside interface that was sending jumbograms that got dropped on the radius. Greetings Christian > > Best regards, Alex > > On 2016-01-18 12:30, Christian Kratzer wrote: >> Hi Sami, >> >> On Mon, 18 Jan 2016, Sami Keski-Kasari wrote: >>> Hello Christian, >>> >>> Usually this kind of behaviour is due to MTU problems. >>> There can be differences between different vendors for example how they >>> do tunnelling and how it affects to MTUs etc. >>> >>> Please try to adjust maximum TLS fragment size to see if it helps. >>> >>> Please see more at page 92 >>> 5.21.39 EAPTLS_MaxFragmentSize >>> in ref.pdf. >> yes we already have that set to 500. >> >> Just for understanding EAPTLS_MaxFragmentSize would only affect what >> radiator sends. There is no way to limit the size of the fragements coming >> from the ap. >> >> The trace4 logs stop exactly at the point radiator has completed sending of >> it's certificate to the client. >> >> I would assume that I would at least see the first of the packets with the >> client certificates. If not this could perhaps also be an issue with the >> network dropping incoming udp fragments and the os never being able to >> reassemble incomplete packets. I will have the customer check into that as >> well. >> >> Greetings >> Christian -- Christian Kratzer CK Software GmbH Email: c...@cksoft.de Wildberger Weg 24/2 Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden Fax: +49 7032 893 997 - 9 HRB 245288, Amtsgericht Stuttgart Mobile: +49 171 1947 843 Geschaeftsfuehrer: Christian Kratzer Web: http://www.cksoft.de/ _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
