Hi, > Is there any way to configure free radius + eap-tls module to avoid to send > CA certificate during EAP-TLS negotiation? As Free Radius is sending it right > now EAP-TLS packets get fragmented and I would like to avoid it.
err, no. you need to handle those fragmented packets. where is it failing, on your network or more remotely? EAP-TLS places much larger demands on the packet sizes during AAA process....several hundred bytes more than PEAP (which JUST ABOUT misses fragmentation in its current form from recent memory) you've GOT to pass the certs....and if you're using a larger cert (chained etc) those packets will be big. so....whos breaking the RFCs with respect to ICMP and pmtu? ;-) alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
