It is currently Wed Sep 26, 2018 5:54 am

All times are UTC [ DST ]




Post new topic Reply to topic  [ 2 posts ] 
Author Message
 Post subject: eap-tls through RADIUS fails with openl2tp
PostPosted: Tue Jan 03, 2012 5:43 pm 

Joined: Tue Oct 19, 2010 12:01 pm
Posts: 27
I've configured ppp to do EAP-TLS authentication through RADIUS. This was done by adapting a patch based on ppp-heiart.tar.bz2 (which is based on ppp v2.4.3).

I've made a patch based on this version for the ppp as found in the Debian Squeeze repository, which can be found here.

Using this patch and xl2tpd, I can successfully authenticate against my freeradius server using EAP-TLS auth.

With openl2tp, authentication fails, and the following appears in my radius log:
Code:
Error: TLS Alert write:fatal:decrypt error
Error:     TLS_accept: failed in SSLv3 read certificate verify B
Error: rlm_eap: SSL error error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01
Error: SSL: SSL_read failed inside of TLS (-1), TLS session fails.
Auth: Login incorrect (TLS Alert write:fatal:decrypt error): [testuser@testcert] (from client test-dev port 0)

Would this suggest that somehow openl2tp is interfering with the communication between pppd and the RADIUS server?

I'm setting all ppp options in /etc/ppp/options, which are the same for xl2tpd and openl2tp. Note that MS-CHAPv2 authentication against the RADIUS server works ok with openl2tp in my setup. Only EAP-TLS is affected.

Would it help if I do a packet capture of both the EAP-TLS auth from xl2tpd as well as openl2tp against the RADIUS server?


Top
 Profile  
 
 Post subject: Re: eap-tls through RADIUS fails with openl2tp
PostPosted: Tue Jan 03, 2012 7:27 pm 

Joined: Tue Oct 19, 2010 12:01 pm
Posts: 27
update:
Upgrading to the 2.6.39 kernel in the squeeze-backports repository fixes this.

I suppose there's an update to the kernel l2tp/ppp driver between 2.6.32 and 2.6.39 that fixes this issue.

If the commit could be identified, I'd propose it to be included to the squeeze kernel (2.6.32).


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 

All times are UTC [ DST ]


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group