[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: draft-winter-radsec-01 published



Hi,

> As I don't use RADIUS-over-IPSec myself, I asked one of our national
> eduroam operators for his practical experiences in that respect. I'll keep
> you posted.

I got:

"I've seen fragmentation problems on IPsec only once, and that quite long
ago so I can't recall more info than it was related to CISCO PIX FW in
situation when we were using both AH and ESP headers. After droping AH
it started working reliably. That time I realized that AH headers are
not necessary and now we are using only ESP.

[...]

I'm doing from time to time test with big EAP requests to be sure that
our Czech eduroam is running on correctly setup network. When I discover
problem I ask admins to fix that. So far I never had to disconnect
anyone for this incompatibility."

Which looks like forcing admins to tweak stuff until it works.

Stefan

-- 
Stefan WINTER

Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de 
la Recherche
Ingenieur Forschung & Entwicklung

6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
E-Mail: stefan.winter@restena.lu     Tel.:     +352 424409-1
http://www.restena.lu                Fax:      +352 422473

Attachment: signature.asc
Description: This is a digitally signed message part.