Sallee, Stephen (Jake) wrote: > I have read on the list and the FR wiki that decreasing the MTU value > for the tunnel can help alleviate the pesky EAP session did not finish > problem. I would like to try this as I am getting the same issue on IOS > and Android based phones using the default certs FR ships with.
It *might* help. Or it might not. If you get 4-5 Request/Challenge exchanges, then changing MTU likely won't help. > However I cannot find where to specify the MTU value, I assume it is in > the inner-tunnel virtual server, Nope. > but my google-fu is weak today and > cannot find any instructions. I see several messages on the list saying > that is should be done but none actually explaining HOW. Like most things in FreeRADIUS: you don't. It's calculated automatically. If the NAS sends a Framed-MTU, then FreeRADIUS uses that to calculate the maximum MTU. The simplest thing to try is to see eap.conf, and change fragment_size to something smaller. Anything less than 1K is likely useless, as Ethernet always supports 1.5K packets. If it still doesn't work when fragment_size=1K, then the problem isnt MTU. It's something else. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
