Hi Alan,
err, no. you need to handle those fragmented packets. where is it failing, on your network or more remotely?
Actually, it is not failing. I got a successful authentication I was only trying to avoid fragmentation if possible. EAP-TLS places much larger demands on the packet sizes during AAA
process....several hundred bytes more than PEAP (which JUST ABOUT misses fragmentation in its current form from recent memory)
Yes I know. you've GOT to pass the certs....and if you're using a larger cert (chained
etc) those packets will be big.
Actually I don't see any problem in sending server certificate and the client its own client certificate. What I would like to do is to avoid sending CA certificate. so....whos breaking the RFCs with respect to ICMP and pmtu? ;-)
alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
