Hello, If I can manage to get a patch together, what is everyone's feelings about being able to dynamically tune the EAP fragment_size setting, based on hints from the server? I'm struggling with a low MTU network and EAP-TLS not working due to the RADIUS Auth-Request packets being too large - they are fragmented at layer 4 (UDP), but dropped in the network path due to fragmentation not being correctly supported by the firewall devices. On the server side, we've got FreeRADIUS and we've been able to configure it with a low EAP fragment_size value of 1012, however, it isn't possible to configure this on the clients, as they are all running Chrome OS (so using the Linux version of wpa_supplicant/hostapd, but with a read only rootfs where it's impossible to tune the configuration file) for both wireless WPA2-Enterprise & 802.1X. I've spent nearly a week searching for a solution here, and while the RADIUS standard supports the Framed-MTU attribute to adjust the maximum packet size, this only appears to be supported in the Client -> Server direction: this isn't helpful in our instance, as the wpa_supplicant isn't doing PMTUD, it's just hard coding a value of 1400. There are plenty of examples of people online suffering the same problems and as far as I can tell, very few solutions are found, beyond people giving up - at-least, none are posted. A lot of people mention how impractical it is to be required to tune the fragment_size value in the configuration of each client, rather than having it pushed centrally. My thoughts are accepting Framed-MTU from the server as part of the Access-Challenge response, then tuning the EAP fragement_size based on that (taking into account the additional overheads): would you be willing to accept such a change? Regards, Samuel Melrose [ Senior Systems Engineer ] Tel: +44 (0) 1332 922429 [ A1 Comms Ltd. Contract House, Turnpike Business Park, Alfreton, DE55 7AD ] This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender and delete the email. Any views or opinions presented in this email are solely those of the author and do not necessarily represent those of A1 Comms Ltd. Please check this email and any attachments for the presence of viruses as we accept no liability for any damage caused by any virus transmitted by this email. Registered Company No. 04455131 VAT No. 282 8135 89 _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
