[prev in list] [next in list] [prev in thread] [next in thread]
List: freeradius-users
Subject: AW: [EXTERNAL] AW: AW: Setting Framed-MTU Attribute
From: Luca Bertoncello <L.Bertoncello () queo-group ! com>
Date: 2022-03-24 11:31:00
Message-ID: 1648121460638.96975 () queo-group ! com
[Download RAW message or body]
Hi,
I already tried to change the MTU on the APs. No changes in the situation.
The UDP pakets are originated by the APs (Ubiquity). So, if I understand you, there \
no possibility to change the behaviour and the only solution is to install a \
Freeradius in the second office, correct?
Thank your
Luca Bertoncello
________________________________________
Von: Freeradius-Users \
<freeradius-users-bounces+l.bertoncello=queo-group.com@lists.freeradius.org> im \
Auftrag von Winfield, Alister (Senior Solutions Architect) via Freeradius-Users \
<freeradius-users@lists.freeradius.org>
Gesendet: Donnerstag, 24. März 2022 11:51
An: FreeRadius users mailing list
Cc: Winfield, Alister (Senior Solutions Architect)
Betreff: Re: [EXTERNAL] AW: AW: Setting Framed-MTU Attribute
Okay simple check if you take your device sending UDP and force the configured MTU on \
the egress interface to be smaller than 1500 bytes then restart the application in \
question… does it still send 1500 byte packets ? If it does, then nothing you do with \
the AP, DHCP or RADIUS will have any effect. This is as likely to be a software issue \
as anything else. TCP flows tend to honour the MTU of the interface although in some \
annoying cases even this fails to work out well.
Oh before I forget …If that UDP originates outside your setup forget it nothing you \
do will change the fragmentation here. Protocols using UDP rarely if ever negotiate \
an MTU / MRU value just relying on fragmentation to ensure the packets get from A to \
B.
A.
From: Freeradius-Users \
<freeradius-users-bounces+alister.winfield=sky.uk@lists.freeradius.org> on behalf of \
Luca Bertoncello <L.Bertoncello@queo-group.com>
Date: Thursday, 24 March 2022 at 08:39
To: FreeRadius users mailing list <freeradius-users@lists.freeradius.org>
Subject: [EXTERNAL] AW: AW: Setting Framed-MTU Attribute
Hi Matthew,
so, I checked the OpenVPN configuration on the servers and I have mtu-disc set to \
yes. In the documentation of OpenVPN I read:
--mtu-disc type
Should we do Path MTU discovery on TCP/UDP channel? Only supported on \
OSes such as Linux that supports the necessary system call to set.
'no' -- Never send DF (Don't Fragment) frames
'maybe' -- Use per-route hints
'yes' -- Always DF (Don't Fragment)
So, it seems I already use the PMTUD.
Do you (or someone other) have any suggestion to solve my problem or must I install a \
Freeradius in the second office, too?
Thanks
Luca Bertoncello
-----Ursprüngliche Nachricht-----
Von: Freeradius-Users \
<freeradius-users-bounces+l.bertoncello=queo-group.com@lists.freeradius.org> Im \
Auftrag von Matthew Newton
Gesendet: Mittwoch, 23. März 2022 16:38
An: freeradius-users@lists.freeradius.org
Betreff: Re: AW: Setting Framed-MTU Attribute
On 23/03/2022 15:28, Luca Bertoncello wrote:
> I read the site-available/default but since I don't know what I have to search for, \
> it's very difficult...
As Alan said, the default config is full of examples of how to update attributes. You \
just have to read it. Updating attributes is also documented in the unlang man pages.
e.g.
https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FFreeRAD \
IUS%2Ffreeradius-server%2Fblob%2Fv3.0.x%2Fraddb%2Fsites-available%2Fdefault%23L864-L86 \
7&data=04%7C01%7Calister.winfield%40sky.uk%7C3aa9370e68c44f72d07208da0d71b807%7C68 \
b865d5cf184b2b82a4a4eddb9c5237%7C0%7C0%7C637837079911260262%7CUnknown%7CTWFpbGZsb3d8ey \
JWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=adtrx1xJ4fTEDm8gLiLjeRO976yKq07wGQ%2F90JjS6l8%3D&reserved=0
> Currently, I tried to change the mods_enabled/eap and set use_tunneled_reply to \
> yes. I also changed the mods-config/attr_filter/access_challenge and added \
> Framed-MTU = 1344 at the start of the "DEFAULT" section. No changes in my \
> situation.
Because as you've already been told, attr_filter *removes* attributes, it doesn't add \
them.
update reply {
Framed-MTU := 1000
}
From your original post, though, I suspect this won't help. That attribute is for \
telling the NAS what MTU to use. It won't make its way through to any device on wifi.
If you have a VPN in the way of that RADIUS server that's causing MTU problems, drop \
the MTU on the NAS or RADIUS server, or fix the VPN / PMTUD so that the path MTU is \
calculated correctly. You can't fix that by changing attributes.
--
Matthew
-
List info/subscribe/unsubscribe? See \
https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.freeradius.org%2F \
list%2Fusers.html&data=04%7C01%7Calister.winfield%40sky.uk%7C3aa9370e68c44f72d0720 \
8da0d71b807%7C68b865d5cf184b2b82a4a4eddb9c5237%7C0%7C0%7C637837079911260262%7CUnknown% \
7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=wHIVYDpAslhU%2BoCGoK8Klft8GR9NWjHU%2FitXnRaQZNI%3D&reserved=0
-
List info/subscribe/unsubscribe? See \
https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.freeradius.org%2F \
list%2Fusers.html&data=04%7C01%7Calister.winfield%40sky.uk%7C3aa9370e68c44f72d0720 \
8da0d71b807%7C68b865d5cf184b2b82a4a4eddb9c5237%7C0%7C0%7C637837079911260262%7CUnknown% \
7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=wHIVYDpAslhU%2BoCGoK8Klft8GR9NWjHU%2FitXnRaQZNI%3D&reserved=0
--------------------------------------------------------------------
This email is from an external source. Please do not open attachments or click links \
from an unknown or suspicious origin. Phishing attempts can be reported by using the \
report message button in Outlook or sending them as an attachment to phishing@sky.uk. \
Thank you
--------------------------------------------------------------------
Information in this email including any attachments may be privileged, confidential \
and is intended exclusively for the addressee. The views expressed may not be \
official policy, but the personal views of the originator. If you have received it in \
error, please notify the sender by return e-mail and delete it from your system. You \
should not reproduce, distribute, store, retransmit, use or disclose its contents to \
anyone. Please note we reserve the right to monitor all e-mail communication through \
our internal and external networks. SKY and the SKY marks are trademarks of Sky \
Limited and Sky International AG and are used under licence.
Sky UK Limited (Registration No. 2906991), Sky-In-Home Service Limited (Registration \
No. 2067075), Sky Subscribers Services Limited (Registration No. 2340150) and Sky CP \
Limited (Registration No. 9513259) are direct or indirect subsidiaries of Sky Limited \
(Registration No. 2247735). All of the companies mentioned in this paragraph are \
incorporated in England and Wales and share the same registered office at Grant Way, \
Isleworth, Middlesex TW7 5QD
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic