[RADIATOR] EAP-TLS not getting client cert
Christian Kratzer
ck-lists at cksoft.de
Mon Jan 18 05:30:10 CST 2016
Hi Sami,
On Mon, 18 Jan 2016, Sami Keski-Kasari wrote:
> Hello Christian,
>
> Usually this kind of behaviour is due to MTU problems.
> There can be differences between different vendors for example how they
> do tunnelling and how it affects to MTUs etc.
>
> Please try to adjust maximum TLS fragment size to see if it helps.
>
> Please see more at page 92
> 5.21.39 EAPTLS_MaxFragmentSize
> in ref.pdf.
yes we already have that set to 500.
Just for understanding EAPTLS_MaxFragmentSize would only affect what radiator sends. There is no way to limit the size of the fragements coming from the ap.
The trace4 logs stop exactly at the point radiator has completed sending of it's certificate to the client.
I would assume that I would at least see the first of the packets with the client certificates. If not this could perhaps also be an issue with the network dropping incoming udp fragments and the os never being able to reassemble incomplete packets. I will have the customer check into that as well.
Greetings
Christian
--
Christian Kratzer CK Software GmbH
Email: ck at cksoft.de Wildberger Weg 24/2
Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden
Fax: +49 7032 893 997 - 9 HRB 245288, Amtsgericht Stuttgart
Mobile: +49 171 1947 843 Geschaeftsfuehrer: Christian Kratzer
Web: http://www.cksoft.de/
More information about the radiator
mailing list