Hi, > As I don't use RADIUS-over-IPSec myself, I asked one of our national > eduroam operators for his practical experiences in that respect. I'll keep > you posted. I got: "I've seen fragmentation problems on IPsec only once, and that quite long ago so I can't recall more info than it was related to CISCO PIX FW in situation when we were using both AH and ESP headers. After droping AH it started working reliably. That time I realized that AH headers are not necessary and now we are using only ESP. [...] I'm doing from time to time test with big EAP requests to be sure that our Czech eduroam is running on correctly setup network. When I discover problem I ask admins to fix that. So far I never had to disconnect anyone for this incompatibility." Which looks like forcing admins to tweak stuff until it works. Stefan -- Stefan WINTER Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche Ingenieur Forschung & Entwicklung 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg E-Mail: stefan.winter@restena.lu Tel.: +352 424409-1 http://www.restena.lu Fax: +352 422473
Attachment:
signature.asc
Description: This is a digitally signed message part.