Hi, > -----Original Message----- > From: Alan DeKok [mailto:[email protected]] > Sent: Wednesday, December 28, 2011 15:40 > To: FreeRadius users mailing list > [mailto:[email protected]] > Subject: Re: ppp and eap-tls > > Alan wrote: > > I now get the following error in my radius log on an auth attempt: > > > > Error: TLS Alert write:fatal:decrypt error > > Error: TLS_accept: failed in SSLv3 read certificate verify B > > Error: rlm_eap: SSL error error:0407006A:rsa > routines:RSA_padding_check_PKCS1_type_1:block type is not 01 > > Error: SSL: SSL_read failed inside of TLS (-1), TLS session fails. > > The client is broken.
Ok. The client is the build-in L2TP/IPSEC VPN client in MS Windows Vista > > > Now there's several issues: > > - I don't know what I changed which caused this behaviour (maybe an > openssl update in Squeeze? Something changes in Windows Vista?) > > No. It used to work fine with this client (MS Windows Vista L2TP/IPsec client) > > > - the client certificates are valid (tested with openssl cli), and > work fine when using for WPA auth > > - I don't really know what this error means > > - I can't find a solution for it. I've tried: 2048 bit (vs. 4096 bit) > RSA certs and the extensions for XP for both the server and client > certs > > > > Again, the same certificates work fine for WPA auth > > Which doesn't use certificates. This statement is confusing! I'm using freeradius for EAP-TLS auth and set up the client for WPA2 enterprise with EAP-TLS. If this is not using certificates for authentication, then what is it using? > > > I hope someone can shed some light onto this issue, or how to pin > down the exact cause of the 'rsa > routines:RSA_padding_check_PKCS1_type_1:block type is not 01' error. > > Find out which client it is. Mac? Windows? MS Windows Vista, build-in L2TP/IPSEC client, ppp authentication set to EAP-TLS. > > Alan DeKok. Regards, Frank - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
