FreeRADIUS - ERROR: TLS Alert read:fatal:access denied

[PiMas]

Hallo

Ich habe FreeRADIUS mit lokalen Usern eingerichtet, welche sich über die Unfi AC Pro ins WLAN verbinden und die VLAN ID bekommen. Das hat alles wunderbar funktioniert. Bis ich an der OPNsense ein bisschen optimiert habe: Domäne umbenennt und das Zertifikat für WebGUI neu generiert und hinterlegt.

Seither können die Clients sich nicht mehr am WLAN anmelden. Der Fehler im FreeRADIUS log ist

Code: [Select]

ERROR: (6) eap_peap: ERROR: TLS Alert read:fatal:access denied
Wenn ich allerdings bei den Clients die System-Uhrzeit vor diesen Zeitpunkt zurückstellen, funktioniert die Anmeldung am WLAN.

Leider kann ich den Fehler nicht finden: Habe schon versucht die Benutzer & Clients neu zu erstellen so wie das Plugin neu zu installieren.

Brauche eure Hilfe 

[fabian]

Hast du die Zertifikate erneuert? Vielleicht sind die für die neue Domain nicht gültig bzw. passen nicht zusammen.

[PiMas]

Ich benutze für FreeRADIUS keine Zertifikate, nur Benutzername & Passwort

[mimugmail]

Du brauchst trotzdem ein Zertifikat bei WLAN.

[PiMas]

ok
Ist es das Zertifikat vom WebGUI welches ich geändert habe? Wo wird das konfiguriert?

[mimugmail]

System : Trust
Da legst du eine CA an und ein passendes Serverzertifikat

[PiMas]

Eine CA hab ich schon, mit dieser hab ich auch das Zertifikat für die WebGUI geändert.

Den Zusammenhang mit FreeRADIUS verstehe ich allerdings nicht, da dieser bisher ohne ein Zertifikat wunderbar lief. In der Doku, nach welcher ich die Einrichtung vorgenommen habe, wird davon nichts erwähnt: https://docs.opnsense.org/manual/how-tos/freeradius.html

Was für ein Zertifikat braucht den FreeRADIUS? Wo wird es zugewiesen?

[mimugmail]

Wenn du es leer lässt nimmt der den default vom Paket selbst, aber irgendwo hast du da wohl was zerschossen.

Dann wähl doch einfach das von der Webgui wenns eigene CA ist. Wichtig ist nur dass es Type Server ist.

[PiMas]

Du meinst unter FreeRADIUS > EAP?
Hab mal ein neues Server Zertifikat erstellt und folgendes ausgwählt:

Default EAP Type: MD5
Use own certificates: x
Root Certificate: meine RootCA
Server Certificate: mein neues Server Zertifikat
CRL: nichts

Keine Verbesserung - Der Fehler ist immer noch

Code: [Select]

ERROR: (8) eap_peap: ERROR: TLS Alert read:fatal:access denied

[PiMas]

Habe den FreeRADIUS mal im debug mode gestartet:

Hier das Log

Code: [Select]

(0) Received Access-Request Id 0 from 10.0.1.102:45988 to 10.0.0.1:1812 length 194
(0)   User-Name = "Gast"
(0)   NAS-IP-Address = 10.0.1.102
(0)   NAS-Identifier = "822aa8841f92"
(0)   Called-Station-Id = "82-2A-A8-84-1F-92:WAK"
(0)   NAS-Port-Type = Wireless-802.11
(0)   Service-Type = Framed-User
(0)   Calling-Station-Id = "C4-85-08-11-37-6C"
(0)   Connect-Info = "CONNECT 0Mbps 802.11b"
(0)   Acct-Session-Id = "7C7B8BB192692965"
(0)   WLAN-Pairwise-Cipher = 1027076
(0)   WLAN-Group-Cipher = 1027076
(0)   WLAN-AKM-Suite = 1027073
(0)   Framed-MTU = 1400
(0)   EAP-Message = 0x021600090147617374
(0)   Message-Authenticator = 0x654eab4aa3cb0bcbdf2bcbbb0795d48f
(0) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
(0)   authorize {
(0)     policy filter_username {
(0)       if (&User-Name) {
(0)       if (&User-Name)  -> TRUE
(0)       if (&User-Name)  {
(0)         if (&User-Name =~ / /) {
(0)         if (&User-Name =~ / /)  -> FALSE
(0)         if (&User-Name =~ /@[^@]*@/ ) {
(0)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
(0)         if (&User-Name =~ /\.\./ ) {
(0)         if (&User-Name =~ /\.\./ )  -> FALSE
(0)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(0)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
(0)         if (&User-Name =~ /\.$/)  {
(0)         if (&User-Name =~ /\.$/)   -> FALSE
(0)         if (&User-Name =~ /@\./)  {
(0)         if (&User-Name =~ /@\./)   -> FALSE
(0)       } # if (&User-Name)  = notfound
(0)     } # policy filter_username = notfound
(0)     [preprocess] = ok
(0)     [chap] = noop
(0)     [mschap] = noop
(0)     [digest] = noop
(0) suffix: Checking for suffix after "@"
(0) suffix: No '@' in User-Name = "Gast", looking up realm NULL
(0) suffix: No such realm "NULL"
(0)     [suffix] = noop
(0) eap: Peer sent EAP Response (code 2) ID 22 length 9
(0) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
(0)     [eap] = ok
(0)   } # authorize = ok
(0) Found Auth-Type = eap
(0) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(0)   authenticate {
(0) eap: Peer sent packet with method EAP Identity (1)
(0) eap: Calling submodule eap_md5 to process data
(0) eap_md5: Issuing MD5 Challenge
(0) eap: Sending EAP Request (code 1) ID 23 length 22
(0) eap: EAP session adding &reply:State = 0x56c727b056d0237f
(0)     [eap] = handled
(0)   } # authenticate = handled
(0) Using Post-Auth-Type Challenge
(0) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(0)   Challenge { ... } # empty sub-section is ignored
(0) Sent Access-Challenge Id 0 from 10.0.0.1:1812 to 10.0.1.102:45988 length 0
(0)   EAP-Message = 0x0117001604109719ff79c6936eb4ac00942c3f5c2251
(0)   Message-Authenticator = 0x00000000000000000000000000000000
(0)   State = 0x56c727b056d0237f73c1cb3525835086
(0) Finished request
Waking up in 4.9 seconds.
(1) Received Access-Request Id 1 from 10.0.1.102:45988 to 10.0.0.1:1812 length 210
(1)   User-Name = "Gast"
(1)   NAS-IP-Address = 10.0.1.102
(1)   NAS-Identifier = "822aa8841f92"
(1)   Called-Station-Id = "82-2A-A8-84-1F-92:WAK"
(1)   NAS-Port-Type = Wireless-802.11
(1)   Service-Type = Framed-User
(1)   Calling-Station-Id = "C4-85-08-11-37-6C"
(1)   Connect-Info = "CONNECT 0Mbps 802.11b"
(1)   Acct-Session-Id = "7C7B8BB192692965"
(1)   WLAN-Pairwise-Cipher = 1027076
(1)   WLAN-Group-Cipher = 1027076
(1)   WLAN-AKM-Suite = 1027073
(1)   Framed-MTU = 1400
(1)   EAP-Message = 0x02170007031915
(1)   State = 0x56c727b056d0237f73c1cb3525835086
(1)   Message-Authenticator = 0x4b116cbc679f6f373720ded0092ea29b
(1) session-state: No cached attributes
(1) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
(1)   authorize {
(1)     policy filter_username {
(1)       if (&User-Name) {
(1)       if (&User-Name)  -> TRUE
(1)       if (&User-Name)  {
(1)         if (&User-Name =~ / /) {
(1)         if (&User-Name =~ / /)  -> FALSE
(1)         if (&User-Name =~ /@[^@]*@/ ) {
(1)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
(1)         if (&User-Name =~ /\.\./ ) {
(1)         if (&User-Name =~ /\.\./ )  -> FALSE
(1)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(1)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
(1)         if (&User-Name =~ /\.$/)  {
(1)         if (&User-Name =~ /\.$/)   -> FALSE
(1)         if (&User-Name =~ /@\./)  {
(1)         if (&User-Name =~ /@\./)   -> FALSE
(1)       } # if (&User-Name)  = notfound
(1)     } # policy filter_username = notfound
(1)     [preprocess] = ok
(1)     [chap] = noop
(1)     [mschap] = noop
(1)     [digest] = noop
(1) suffix: Checking for suffix after "@"
(1) suffix: No '@' in User-Name = "Gast", looking up realm NULL
(1) suffix: No such realm "NULL"
(1)     [suffix] = noop
(1) eap: Peer sent EAP Response (code 2) ID 23 length 7
(1) eap: No EAP Start, assuming it's an on-going EAP conversation
(1)     [eap] = updated
(1) files: users: Matched entry Gast at line 58
(1)     [files] = ok
(1)     [expiration] = noop
(1)     [logintime] = noop
(1) pap: WARNING: Auth-Type already set.  Not setting to PAP
(1)     [pap] = noop
(1)   } # authorize = updated
(1) Found Auth-Type = eap
(1) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(1)   authenticate {
(1) eap: Expiring EAP session with state 0x56c727b056d0237f
(1) eap: Finished EAP session with state 0x56c727b056d0237f
(1) eap: Previous EAP request found for state 0x56c727b056d0237f, released from the list
(1) eap: Peer sent packet with method EAP NAK (3)
(1) eap: Found mutually acceptable type PEAP (25)
(1) eap: Calling submodule eap_peap to process data
(1) eap_peap: Initiating new TLS session
(1) eap_peap: [eaptls start] = request
(1) eap: Sending EAP Request (code 1) ID 24 length 6
(1) eap: EAP session adding &reply:State = 0x56c727b057df3e7f
(1)     [eap] = handled
(1)   } # authenticate = handled
(1) Using Post-Auth-Type Challenge
(1) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(1)   Challenge { ... } # empty sub-section is ignored
(1) Sent Access-Challenge Id 1 from 10.0.0.1:1812 to 10.0.1.102:45988 length 0
(1)   Framed-Protocol = PPP
(1)   EAP-Message = 0x011800061920
(1)   Message-Authenticator = 0x00000000000000000000000000000000
(1)   State = 0x56c727b057df3e7f73c1cb3525835086
(1) Finished request
Waking up in 4.9 seconds.
(2) Received Access-Request Id 2 from 10.0.1.102:45988 to 10.0.0.1:1812 length 369
(2)   User-Name = "Gast"
(2)   NAS-IP-Address = 10.0.1.102
(2)   NAS-Identifier = "822aa8841f92"
(2)   Called-Station-Id = "82-2A-A8-84-1F-92:WAK"
(2)   NAS-Port-Type = Wireless-802.11
(2)   Service-Type = Framed-User
(2)   Calling-Station-Id = "C4-85-08-11-37-6C"
(2)   Connect-Info = "CONNECT 0Mbps 802.11b"
(2)   Acct-Session-Id = "7C7B8BB192692965"
(2)   WLAN-Pairwise-Cipher = 1027076
(2)   WLAN-Group-Cipher = 1027076
(2)   WLAN-AKM-Suite = 1027073
(2)   Framed-MTU = 1400
(2)   EAP-Message = 0x021800a619800000009c16030300970100009303035e27095a1157791eff24fb0e61bcd1133cb6584c0ec83d73b537762f74a68b3600002ac02cc02bc030c02f009f009ec024c023c028c027c00ac009c014c013009d009c003d003c0035002f000a01000040000500050100000000000a00080006001d00170018000b00020100000d001400120401050102010403050302030202060106030023000000170000ff01000100
(2)   State = 0x56c727b057df3e7f73c1cb3525835086
(2)   Message-Authenticator = 0x0cb2781a63ab3b1da5e6780da79d6f37
(2) session-state: No cached attributes
(2) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
(2)   authorize {
(2)     policy filter_username {
(2)       if (&User-Name) {
(2)       if (&User-Name)  -> TRUE
(2)       if (&User-Name)  {
(2)         if (&User-Name =~ / /) {
(2)         if (&User-Name =~ / /)  -> FALSE
(2)         if (&User-Name =~ /@[^@]*@/ ) {
(2)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
(2)         if (&User-Name =~ /\.\./ ) {
(2)         if (&User-Name =~ /\.\./ )  -> FALSE
(2)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(2)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
(2)         if (&User-Name =~ /\.$/)  {
(2)         if (&User-Name =~ /\.$/)   -> FALSE
(2)         if (&User-Name =~ /@\./)  {
(2)         if (&User-Name =~ /@\./)   -> FALSE
(2)       } # if (&User-Name)  = notfound
(2)     } # policy filter_username = notfound
(2)     [preprocess] = ok
(2)     [chap] = noop
(2)     [mschap] = noop
(2)     [digest] = noop
(2) suffix: Checking for suffix after "@"
(2) suffix: No '@' in User-Name = "Gast", looking up realm NULL
(2) suffix: No such realm "NULL"
(2)     [suffix] = noop
(2) eap: Peer sent EAP Response (code 2) ID 24 length 166
(2) eap: Continuing tunnel setup
(2)     [eap] = ok
(2)   } # authorize = ok
(2) Found Auth-Type = eap
(2) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(2)   authenticate {
(2) eap: Expiring EAP session with state 0x56c727b057df3e7f
(2) eap: Finished EAP session with state 0x56c727b057df3e7f
(2) eap: Previous EAP request found for state 0x56c727b057df3e7f, released from the list
(2) eap: Peer sent packet with method EAP PEAP (25)
(2) eap: Calling submodule eap_peap to process data
(2) eap_peap: Continuing EAP-TLS
(2) eap_peap: Peer indicated complete TLS record size will be 156 bytes
(2) eap_peap: Got complete TLS record (156 bytes)
(2) eap_peap: [eaptls verify] = length included
(2) eap_peap: (other): before/accept initialization
(2) eap_peap: TLS_accept: before/accept initialization
(2) eap_peap: <<< recv TLS 1.2  [length 0097]
(2) eap_peap: TLS_accept: unknown state
(2) eap_peap: >>> send TLS 1.2  [length 0059]
(2) eap_peap: TLS_accept: unknown state
(2) eap_peap: >>> send TLS 1.2  [length 0d16]
(2) eap_peap: TLS_accept: unknown state
(2) eap_peap: >>> send TLS 1.2  [length 024d]
(2) eap_peap: TLS_accept: unknown state
(2) eap_peap: >>> send TLS 1.2  [length 0004]
(2) eap_peap: TLS_accept: unknown state
(2) eap_peap: TLS_accept: unknown state
(2) eap_peap: TLS_accept: unknown state
(2) eap_peap: TLS_accept: Need to read more data: unknown state
(2) eap_peap: TLS_accept: Need to read more data: unknown state
(2) eap_peap: TLS - In Handshake Phase
(2) eap_peap: TLS - got 4052 bytes of data
(2) eap_peap: [eaptls process] = handled
(2) eap: Sending EAP Request (code 1) ID 25 length 1004
(2) eap: EAP session adding &reply:State = 0x56c727b054de3e7f
(2)     [eap] = handled
(2)   } # authenticate = handled
(2) Using Post-Auth-Type Challenge
(2) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(2)   Challenge { ... } # empty sub-section is ignored
(2) Sent Access-Challenge Id 2 from 10.0.0.1:1812 to 10.0.1.102:45988 length 0
(2)   EAP-Message = 0x011903ec19c000000fd41603030059020000550303f5b2a90e2b20e555f063de64c47990ffba220e0347149b6f4248cee00d0c90052033003c00c1e3fa2fab1e04e3546f59e43cce1f01c6eed080b70814486a416f85c03000000dff01000100000b0004030001021603030d160b000d12000d0f0007103082070c308204f4a003020102020112300d06092a864886f70d01010d0500308194310b30090603550406130243483115301306035504080c0c4d65696e6550726f76696e7a3112301006035504070c094d65696e6543697479311a3018060355040a0c114d65696e654f7267616e69736174696f6e3128302606092a864886f70d0109011619696e666f404d65696e654f7267616e69736174696f6e2e63683114301206035504030c0b696e7465726e616c2d6361301e170d3230303132323231303031355a170d3330303131393231303031355a308193310b30090603550406130243483115301306035504080c0c4d65696e6550726f76696e7a311230
(2)   Message-Authenticator = 0x00000000000000000000000000000000
(2)   State = 0x56c727b054de3e7f73c1cb3525835086
(2) Finished request
Waking up in 4.9 seconds.
(3) Received Access-Request Id 3 from 10.0.1.102:45988 to 10.0.0.1:1812 length 209
(3)   User-Name = "Gast"
(3)   NAS-IP-Address = 10.0.1.102
(3)   NAS-Identifier = "822aa8841f92"
(3)   Called-Station-Id = "82-2A-A8-84-1F-92:WAK"
(3)   NAS-Port-Type = Wireless-802.11
(3)   Service-Type = Framed-User
(3)   Calling-Station-Id = "C4-85-08-11-37-6C"
(3)   Connect-Info = "CONNECT 0Mbps 802.11b"
(3)   Acct-Session-Id = "7C7B8BB192692965"
(3)   WLAN-Pairwise-Cipher = 1027076
(3)   WLAN-Group-Cipher = 1027076
(3)   WLAN-AKM-Suite = 1027073
(3)   Framed-MTU = 1400
(3)   EAP-Message = 0x021900061900
(3)   State = 0x56c727b054de3e7f73c1cb3525835086
(3)   Message-Authenticator = 0x6d297c582b8a2ae865bada821edd2f1d
(3) session-state: No cached attributes
(3) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
(3)   authorize {
(3)     policy filter_username {
(3)       if (&User-Name) {
(3)       if (&User-Name)  -> TRUE
(3)       if (&User-Name)  {
(3)         if (&User-Name =~ / /) {
(3)         if (&User-Name =~ / /)  -> FALSE
(3)         if (&User-Name =~ /@[^@]*@/ ) {
(3)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
(3)         if (&User-Name =~ /\.\./ ) {
(3)         if (&User-Name =~ /\.\./ )  -> FALSE
(3)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(3)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
(3)         if (&User-Name =~ /\.$/)  {
(3)         if (&User-Name =~ /\.$/)   -> FALSE
(3)         if (&User-Name =~ /@\./)  {
(3)         if (&User-Name =~ /@\./)   -> FALSE
(3)       } # if (&User-Name)  = notfound
(3)     } # policy filter_username = notfound
(3)     [preprocess] = ok
(3)     [chap] = noop
(3)     [mschap] = noop
(3)     [digest] = noop
(3) suffix: Checking for suffix after "@"
(3) suffix: No '@' in User-Name = "Gast", looking up realm NULL
(3) suffix: No such realm "NULL"
(3)     [suffix] = noop
(3) eap: Peer sent EAP Response (code 2) ID 25 length 6
(3) eap: Continuing tunnel setup
(3)     [eap] = ok
(3)   } # authorize = ok
(3) Found Auth-Type = eap
(3) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(3)   authenticate {
(3) eap: Expiring EAP session with state 0x56c727b054de3e7f
(3) eap: Finished EAP session with state 0x56c727b054de3e7f
(3) eap: Previous EAP request found for state 0x56c727b054de3e7f, released from the list
(3) eap: Peer sent packet with method EAP PEAP (25)
(3) eap: Calling submodule eap_peap to process data
(3) eap_peap: Continuing EAP-TLS
(3) eap_peap: Peer ACKed our handshake fragment
(3) eap_peap: [eaptls verify] = request
(3) eap_peap: [eaptls process] = handled
(3) eap: Sending EAP Request (code 1) ID 26 length 1000
(3) eap: EAP session adding &reply:State = 0x56c727b055dd3e7f
(3)     [eap] = handled
(3)   } # authenticate = handled
(3) Using Post-Auth-Type Challenge
(3) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(3)   Challenge { ... } # empty sub-section is ignored
(3) Sent Access-Challenge Id 3 from 10.0.0.1:1812 to 10.0.1.102:45988 length 0
(3)   EAP-Message = 0x011a03e81940af2cb59e2532ad041b7d5232b95b0a717321ca2d107104e10203010001a38201663082016230090603551d1304023000301106096086480186f8420101040403020640303306096086480186f842010d042616244f70656e53534c2047656e65726174656420536572766572204365727469666963617465301d0603551d0e04160414b4711bae42dc28643aa6b57d283b1a2ad383f92f3081c10603551d230481b93081b68014dc37b50d8b75681d88d8c8d77b84112e66897daaa1819aa48197308194310b30090603550406130243483115301306035504080c0c4d65696e6550726f76696e7a3112301006035504070c094d65696e6543697479311a3018060355040a0c114d65696e654f7267616e69736174696f6e3128302606092a864886f70d0109011619696e666f404d65696e654f7267616e69736174696f6e2e63683114301206035504030c0b696e7465726e616c2d6361820100301d0603551d250416301406082b0601050507030106
(3)   Message-Authenticator = 0x00000000000000000000000000000000
(3)   State = 0x56c727b055dd3e7f73c1cb3525835086
(3) Finished request
Waking up in 4.8 seconds.
(4) Received Access-Request Id 4 from 10.0.1.102:45988 to 10.0.0.1:1812 length 209
(4)   User-Name = "Gast"
(4)   NAS-IP-Address = 10.0.1.102
(4)   NAS-Identifier = "822aa8841f92"
(4)   Called-Station-Id = "82-2A-A8-84-1F-92:WAK"
(4)   NAS-Port-Type = Wireless-802.11
(4)   Service-Type = Framed-User
(4)   Calling-Station-Id = "C4-85-08-11-37-6C"
(4)   Connect-Info = "CONNECT 0Mbps 802.11b"
(4)   Acct-Session-Id = "7C7B8BB192692965"
(4)   WLAN-Pairwise-Cipher = 1027076
(4)   WLAN-Group-Cipher = 1027076
(4)   WLAN-AKM-Suite = 1027073
(4)   Framed-MTU = 1400
(4)   EAP-Message = 0x021a00061900
(4)   State = 0x56c727b055dd3e7f73c1cb3525835086
(4)   Message-Authenticator = 0xaadc0b51c9001f5bece784a188c278ed
(4) session-state: No cached attributes
(4) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
(4)   authorize {
(4)     policy filter_username {
(4)       if (&User-Name) {
(4)       if (&User-Name)  -> TRUE
(4)       if (&User-Name)  {
(4)         if (&User-Name =~ / /) {
(4)         if (&User-Name =~ / /)  -> FALSE
(4)         if (&User-Name =~ /@[^@]*@/ ) {
(4)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
(4)         if (&User-Name =~ /\.\./ ) {
(4)         if (&User-Name =~ /\.\./ )  -> FALSE
(4)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(4)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
(4)         if (&User-Name =~ /\.$/)  {
(4)         if (&User-Name =~ /\.$/)   -> FALSE
(4)         if (&User-Name =~ /@\./)  {
(4)         if (&User-Name =~ /@\./)   -> FALSE
(4)       } # if (&User-Name)  = notfound
(4)     } # policy filter_username = notfound
(4)     [preprocess] = ok
(4)     [chap] = noop
(4)     [mschap] = noop
(4)     [digest] = noop
(4) suffix: Checking for suffix after "@"
(4) suffix: No '@' in User-Name = "Gast", looking up realm NULL
(4) suffix: No such realm "NULL"
(4)     [suffix] = noop
(4) eap: Peer sent EAP Response (code 2) ID 26 length 6
(4) eap: Continuing tunnel setup
(4)     [eap] = ok
(4)   } # authorize = ok
(4) Found Auth-Type = eap
(4) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(4)   authenticate {
(4) eap: Expiring EAP session with state 0x56c727b055dd3e7f
(4) eap: Finished EAP session with state 0x56c727b055dd3e7f
(4) eap: Previous EAP request found for state 0x56c727b055dd3e7f, released from the list
(4) eap: Peer sent packet with method EAP PEAP (25)
(4) eap: Calling submodule eap_peap to process data
(4) eap_peap: Continuing EAP-TLS
(4) eap_peap: Peer ACKed our handshake fragment
(4) eap_peap: [eaptls verify] = request
(4) eap_peap: [eaptls process] = handled
(4) eap: Sending EAP Request (code 1) ID 27 length 1000
(4) eap: EAP session adding &reply:State = 0x56c727b052dc3e7f
(4)     [eap] = handled
(4)   } # authenticate = handled
(4) Using Post-Auth-Type Challenge
(4) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(4)   Challenge { ... } # empty sub-section is ignored
(4) Sent Access-Challenge Id 4 from 10.0.0.1:1812 to 10.0.1.102:45988 length 0
(4)   EAP-Message = 0x011b03e819406e7a3112301006035504070c094d65696e6543697479311a3018060355040a0c114d65696e654f7267616e69736174696f6e3128302606092a864886f70d0109011619696e666f404d65696e654f7267616e69736174696f6e2e63683114301206035504030c0b696e7465726e616c2d6361301e170d3139313132353131343935395a170d3239313132323131343935395a308194310b30090603550406130243483115301306035504080c0c4d65696e6550726f76696e7a3112301006035504070c094d65696e6543697479311a3018060355040a0c114d65696e654f7267616e69736174696f6e3128302606092a864886f70d0109011619696e666f404d65696e654f7267616e69736174696f6e2e63683114301206035504030c0b696e7465726e616c2d636130820222300d06092a864886f70d01010105000382020f003082020a0282020100d297387984efaac0d2c276e5120c88d4d68581e66515db392e7f458398fa0a01a7cb80fe13c181
(4)   Message-Authenticator = 0x00000000000000000000000000000000
(4)   State = 0x56c727b052dc3e7f73c1cb3525835086
(4) Finished request
Waking up in 4.8 seconds.
(5) Received Access-Request Id 5 from 10.0.1.102:45988 to 10.0.0.1:1812 length 209
(5)   User-Name = "Gast"
(5)   NAS-IP-Address = 10.0.1.102
(5)   NAS-Identifier = "822aa8841f92"
(5)   Called-Station-Id = "82-2A-A8-84-1F-92:WAK"
(5)   NAS-Port-Type = Wireless-802.11
(5)   Service-Type = Framed-User
(5)   Calling-Station-Id = "C4-85-08-11-37-6C"
(5)   Connect-Info = "CONNECT 0Mbps 802.11b"
(5)   Acct-Session-Id = "7C7B8BB192692965"
(5)   WLAN-Pairwise-Cipher = 1027076
(5)   WLAN-Group-Cipher = 1027076
(5)   WLAN-AKM-Suite = 1027073
(5)   Framed-MTU = 1400
(5)   EAP-Message = 0x021b00061900
(5)   State = 0x56c727b052dc3e7f73c1cb3525835086
(5)   Message-Authenticator = 0x7a4318131acf12e2da99ed9a1b2a2c9d
(5) session-state: No cached attributes
(5) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
(5)   authorize {
(5)     policy filter_username {
(5)       if (&User-Name) {
(5)       if (&User-Name)  -> TRUE
(5)       if (&User-Name)  {
(5)         if (&User-Name =~ / /) {
(5)         if (&User-Name =~ / /)  -> FALSE
(5)         if (&User-Name =~ /@[^@]*@/ ) {
(5)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
(5)         if (&User-Name =~ /\.\./ ) {
(5)         if (&User-Name =~ /\.\./ )  -> FALSE
(5)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(5)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
(5)         if (&User-Name =~ /\.$/)  {
(5)         if (&User-Name =~ /\.$/)   -> FALSE
(5)         if (&User-Name =~ /@\./)  {
(5)         if (&User-Name =~ /@\./)   -> FALSE
(5)       } # if (&User-Name)  = notfound
(5)     } # policy filter_username = notfound
(5)     [preprocess] = ok
(5)     [chap] = noop
(5)     [mschap] = noop
(5)     [digest] = noop
(5) suffix: Checking for suffix after "@"
(5) suffix: No '@' in User-Name = "Gast", looking up realm NULL
(5) suffix: No such realm "NULL"
(5)     [suffix] = noop
(5) eap: Peer sent EAP Response (code 2) ID 27 length 6
(5) eap: Continuing tunnel setup
(5)     [eap] = ok
(5)   } # authorize = ok
(5) Found Auth-Type = eap
(5) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(5)   authenticate {
(5) eap: Expiring EAP session with state 0x56c727b052dc3e7f
(5) eap: Finished EAP session with state 0x56c727b052dc3e7f
(5) eap: Previous EAP request found for state 0x56c727b052dc3e7f, released from the list
(5) eap: Peer sent packet with method EAP PEAP (25)
(5) eap: Calling submodule eap_peap to process data
(5) eap_peap: Continuing EAP-TLS
(5) eap_peap: Peer ACKed our handshake fragment
(5) eap_peap: [eaptls verify] = request
(5) eap_peap: [eaptls process] = handled
(5) eap: Sending EAP Request (code 1) ID 28 length 1000
(5) eap: EAP session adding &reply:State = 0x56c727b053db3e7f
(5)     [eap] = handled
(5)   } # authenticate = handled
(5) Using Post-Auth-Type Challenge
(5) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(5)   Challenge { ... } # empty sub-section is ignored
(5) Sent Access-Challenge Id 5 from 10.0.0.1:1812 to 10.0.1.102:45988 length 0
(5)   EAP-Message = 0x011c03e819406f60903ce1af8dfd14bf6f44d759e439ac6cd0da2756c8bbb54dbfa49b2015c95024d03b5409c65641cc2959e509baffd6bf4d6f36d213f7c78d80abf3374512b77de1a1cd8e7337180d9c3e774d70fec360c00e5bb806546073470747c167b0d8111fabcc20950f81f2848b425dcad5be3f6bfb917ca07c7e2aed66350b5f5d74dbff25e92a21653cf69b406f95fe50e365a39d867b6b3ad6a5d7a9ce2957ea4c6166e35c10d8c9438bbf555f8d44516413761dd51646341c0e69f7314d19f450c37152bab76ce32fc8e13d1c3eaa396f359c497b021f1c8a38a543bf68d2c59e15c036fb8b1952c0d264e1069342c77bec9e8c2332b143e71d2a7ec2c1f3009e4b5a737a175a15474142feee8171af7ad9a8df209770db9ae9fd4b02dfd8810ccc26e37cf324da296b6dd2282dffc8382bf5f6a0a94733bf6a49d745b61284755357f2cc3752da2c60f3ba18b04c7d334ba3d93867e1f00b006744c60b828e8625dddfb916d3af5ac817d4bfbf318d54
(5)   Message-Authenticator = 0x00000000000000000000000000000000
(5)   State = 0x56c727b053db3e7f73c1cb3525835086
(5) Finished request
Waking up in 4.8 seconds.
(6) Received Access-Request Id 6 from 10.0.1.102:45988 to 10.0.0.1:1812 length 209
(6)   User-Name = "Gast"
(6)   NAS-IP-Address = 10.0.1.102
(6)   NAS-Identifier = "822aa8841f92"
(6)   Called-Station-Id = "82-2A-A8-84-1F-92:WAK"
(6)   NAS-Port-Type = Wireless-802.11
(6)   Service-Type = Framed-User
(6)   Calling-Station-Id = "C4-85-08-11-37-6C"
(6)   Connect-Info = "CONNECT 0Mbps 802.11b"
(6)   Acct-Session-Id = "7C7B8BB192692965"
(6)   WLAN-Pairwise-Cipher = 1027076
(6)   WLAN-Group-Cipher = 1027076
(6)   WLAN-AKM-Suite = 1027073
(6)   Framed-MTU = 1400
(6)   EAP-Message = 0x021c00061900
(6)   State = 0x56c727b053db3e7f73c1cb3525835086
(6)   Message-Authenticator = 0x735479308c4019ad34f7cc2d07586119
(6) session-state: No cached attributes
(6) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
(6)   authorize {
(6)     policy filter_username {
(6)       if (&User-Name) {
(6)       if (&User-Name)  -> TRUE
(6)       if (&User-Name)  {
(6)         if (&User-Name =~ / /) {
(6)         if (&User-Name =~ / /)  -> FALSE
(6)         if (&User-Name =~ /@[^@]*@/ ) {
(6)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
(6)         if (&User-Name =~ /\.\./ ) {
(6)         if (&User-Name =~ /\.\./ )  -> FALSE
(6)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(6)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
(6)         if (&User-Name =~ /\.$/)  {
(6)         if (&User-Name =~ /\.$/)   -> FALSE
(6)         if (&User-Name =~ /@\./)  {
(6)         if (&User-Name =~ /@\./)   -> FALSE
(6)       } # if (&User-Name)  = notfound
(6)     } # policy filter_username = notfound
(6)     [preprocess] = ok
(6)     [chap] = noop
(6)     [mschap] = noop
(6)     [digest] = noop
(6) suffix: Checking for suffix after "@"
(6) suffix: No '@' in User-Name = "Gast", looking up realm NULL
(6) suffix: No such realm "NULL"
(6)     [suffix] = noop
(6) eap: Peer sent EAP Response (code 2) ID 28 length 6
(6) eap: Continuing tunnel setup
(6)     [eap] = ok
(6)   } # authorize = ok
(6) Found Auth-Type = eap
(6) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(6)   authenticate {
(6) eap: Expiring EAP session with state 0x56c727b053db3e7f
(6) eap: Finished EAP session with state 0x56c727b053db3e7f
(6) eap: Previous EAP request found for state 0x56c727b053db3e7f, released from the list
(6) eap: Peer sent packet with method EAP PEAP (25)
(6) eap: Calling submodule eap_peap to process data
(6) eap_peap: Continuing EAP-TLS
(6) eap_peap: Peer ACKed our handshake fragment
(6) eap_peap: [eaptls verify] = request
(6) eap_peap: [eaptls process] = handled
(6) eap: Sending EAP Request (code 1) ID 29 length 82
(6) eap: EAP session adding &reply:State = 0x56c727b050da3e7f
(6)     [eap] = handled
(6)   } # authenticate = handled
(6) Using Post-Auth-Type Challenge
(6) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(6)   Challenge { ... } # empty sub-section is ignored
(6) Sent Access-Challenge Id 6 from 10.0.0.1:1812 to 10.0.1.102:45988 length 0
(6)   EAP-Message = 0x011d00521900faf9a64a1e199299f5f9ca8382bb0583ac8c23972706ac23c0d740ad18ca3a41f99a5f54734e74245907c6feb35727d00c32ede8797b43067516a3ac2c2ec3e0e06ed716030300040e000000
(6)   Message-Authenticator = 0x00000000000000000000000000000000
(6)   State = 0x56c727b050da3e7f73c1cb3525835086
(6) Finished request
Waking up in 4.8 seconds.
(7) Received Access-Request Id 7 from 10.0.1.102:45988 to 10.0.0.1:1812 length 339
(7)   User-Name = "Gast"
(7)   NAS-IP-Address = 10.0.1.102
(7)   NAS-Identifier = "822aa8841f92"
(7)   Called-Station-Id = "82-2A-A8-84-1F-92:WAK"
(7)   NAS-Port-Type = Wireless-802.11
(7)   Service-Type = Framed-User
(7)   Calling-Station-Id = "C4-85-08-11-37-6C"
(7)   Connect-Info = "CONNECT 0Mbps 802.11b"
(7)   Acct-Session-Id = "7C7B8BB192692965"
(7)   WLAN-Pairwise-Cipher = 1027076
(7)   WLAN-Group-Cipher = 1027076
(7)   WLAN-AKM-Suite = 1027073
(7)   Framed-MTU = 1400
(7)   EAP-Message = 0x021d008819800000007e160303004610000042410456beeb815e6980255b7999cbcd56ed5ce4fcfce4713b644e94f08d64903b93a55b4da3565efaa6297e670f01ba7e1c8ea3a5cbd79813673f0c09bee4dee83c56140303000101160303002800000000000000003e5491713b0e3742ef3012923dab09d180fc88bc4c24d26666d4bbfd8a6a03f0
(7)   State = 0x56c727b050da3e7f73c1cb3525835086
(7)   Message-Authenticator = 0xcbb3b5f68ef08d079eadda51e0374a3f
(7) session-state: No cached attributes
(7) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
(7)   authorize {
(7)     policy filter_username {
(7)       if (&User-Name) {
(7)       if (&User-Name)  -> TRUE
(7)       if (&User-Name)  {
(7)         if (&User-Name =~ / /) {
(7)         if (&User-Name =~ / /)  -> FALSE
(7)         if (&User-Name =~ /@[^@]*@/ ) {
(7)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
(7)         if (&User-Name =~ /\.\./ ) {
(7)         if (&User-Name =~ /\.\./ )  -> FALSE
(7)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(7)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
(7)         if (&User-Name =~ /\.$/)  {
(7)         if (&User-Name =~ /\.$/)   -> FALSE
(7)         if (&User-Name =~ /@\./)  {
(7)         if (&User-Name =~ /@\./)   -> FALSE
(7)       } # if (&User-Name)  = notfound
(7)     } # policy filter_username = notfound
(7)     [preprocess] = ok
(7)     [chap] = noop
(7)     [mschap] = noop
(7)     [digest] = noop
(7) suffix: Checking for suffix after "@"
(7) suffix: No '@' in User-Name = "Gast", looking up realm NULL
(7) suffix: No such realm "NULL"
(7)     [suffix] = noop
(7) eap: Peer sent EAP Response (code 2) ID 29 length 136
(7) eap: Continuing tunnel setup
(7)     [eap] = ok
(7)   } # authorize = ok
(7) Found Auth-Type = eap
(7) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(7)   authenticate {
(7) eap: Expiring EAP session with state 0x56c727b050da3e7f
(7) eap: Finished EAP session with state 0x56c727b050da3e7f
(7) eap: Previous EAP request found for state 0x56c727b050da3e7f, released from the list
(7) eap: Peer sent packet with method EAP PEAP (25)
(7) eap: Calling submodule eap_peap to process data
(7) eap_peap: Continuing EAP-TLS
(7) eap_peap: Peer indicated complete TLS record size will be 126 bytes
(7) eap_peap: Got complete TLS record (126 bytes)
(7) eap_peap: [eaptls verify] = length included
(7) eap_peap: <<< recv TLS 1.2  [length 0046]
(7) eap_peap: TLS_accept: unknown state
(7) eap_peap: TLS_accept: unknown state
(7) eap_peap: <<< recv TLS 1.2  [length 0001]
(7) eap_peap: <<< recv TLS 1.2  [length 0010]
(7) eap_peap: TLS_accept: unknown state
(7) eap_peap: >>> send TLS 1.2  [length 0001]
(7) eap_peap: TLS_accept: unknown state
(7) eap_peap: >>> send TLS 1.2  [length 0010]
(7) eap_peap: TLS_accept: unknown state
(7) eap_peap: TLS_accept: unknown state
(7) eap_peap: (other): SSL negotiation finished successfully
(7) eap_peap: TLS - Connection Established
(7) eap_peap: TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
(7) eap_peap: TLS-Session-Version = "TLS 1.2"
(7) eap_peap: TLS - got 51 bytes of data
(7) eap_peap: [eaptls process] = handled
(7) eap: Sending EAP Request (code 1) ID 30 length 57
(7) eap: EAP session adding &reply:State = 0x56c727b051d93e7f
(7)     [eap] = handled
(7)   } # authenticate = handled
(7) Using Post-Auth-Type Challenge
(7) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(7)   Challenge { ... } # empty sub-section is ignored
(7) session-state: Saving cached attributes
(7)   TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
(7)   TLS-Session-Version = "TLS 1.2"
(7) Sent Access-Challenge Id 7 from 10.0.0.1:1812 to 10.0.1.102:45988 length 0
(7)   EAP-Message = 0x011e0039190014030300010116030300288e2820306f468b96688c258c90d32a5fa8a68298867c1cbf6ddd74baf87ad9c0fd3b6e329359ea06
(7)   Message-Authenticator = 0x00000000000000000000000000000000
(7)   State = 0x56c727b051d93e7f73c1cb3525835086
(7) Finished request
Waking up in 4.8 seconds.
(8) Received Access-Request Id 8 from 10.0.1.102:45988 to 10.0.0.1:1812 length 244
(8)   User-Name = "Gast"
(8)   NAS-IP-Address = 10.0.1.102
(8)   NAS-Identifier = "822aa8841f92"
(8)   Called-Station-Id = "82-2A-A8-84-1F-92:WAK"
(8)   NAS-Port-Type = Wireless-802.11
(8)   Service-Type = Framed-User
(8)   Calling-Station-Id = "C4-85-08-11-37-6C"
(8)   Connect-Info = "CONNECT 0Mbps 802.11b"
(8)   Acct-Session-Id = "7C7B8BB192692965"
(8)   WLAN-Pairwise-Cipher = 1027076
(8)   WLAN-Group-Cipher = 1027076
(8)   WLAN-AKM-Suite = 1027073
(8)   Framed-MTU = 1400
(8)   EAP-Message = 0x021e002919800000001f150303001a00000000000000015a841eef5925e6a59588173684a534fff4d7
(8)   State = 0x56c727b051d93e7f73c1cb3525835086
(8)   Message-Authenticator = 0xdd59d29c2cdb083501718a4f917bfd27
(8) Restoring &session-state
(8)   &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
(8)   &session-state:TLS-Session-Version = "TLS 1.2"
(8) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
(8)   authorize {
(8)     policy filter_username {
(8)       if (&User-Name) {
(8)       if (&User-Name)  -> TRUE
(8)       if (&User-Name)  {
(8)         if (&User-Name =~ / /) {
(8)         if (&User-Name =~ / /)  -> FALSE
(8)         if (&User-Name =~ /@[^@]*@/ ) {
(8)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
(8)         if (&User-Name =~ /\.\./ ) {
(8)         if (&User-Name =~ /\.\./ )  -> FALSE
(8)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(8)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
(8)         if (&User-Name =~ /\.$/)  {
(8)         if (&User-Name =~ /\.$/)   -> FALSE
(8)         if (&User-Name =~ /@\./)  {
(8)         if (&User-Name =~ /@\./)   -> FALSE
(8)       } # if (&User-Name)  = notfound
(8)     } # policy filter_username = notfound
(8)     [preprocess] = ok
(8)     [chap] = noop
(8)     [mschap] = noop
(8)     [digest] = noop
(8) suffix: Checking for suffix after "@"
(8) suffix: No '@' in User-Name = "Gast", looking up realm NULL
(8) suffix: No such realm "NULL"
(8)     [suffix] = noop
(8) eap: Peer sent EAP Response (code 2) ID 30 length 41
(8) eap: Continuing tunnel setup
(8)     [eap] = ok
(8)   } # authorize = ok
(8) Found Auth-Type = eap
(8) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(8)   authenticate {
(8) eap: Expiring EAP session with state 0x56c727b051d93e7f
(8) eap: Finished EAP session with state 0x56c727b051d93e7f
(8) eap: Previous EAP request found for state 0x56c727b051d93e7f, released from the list
(8) eap: Peer sent packet with method EAP PEAP (25)
(8) eap: Calling submodule eap_peap to process data
(8) eap_peap: Continuing EAP-TLS
(8) eap_peap: Peer indicated complete TLS record size will be 31 bytes
(8) eap_peap: Got complete TLS record (31 bytes)
(8) eap_peap: [eaptls verify] = length included
(8) eap_peap: <<< recv TLS 1.2  [length 0002]
(8) eap_peap: ERROR: TLS Alert read:fatal:access denied
(8) eap_peap: SSL_read Error
(8) eap_peap: ERROR: Error in fragmentation logic
(8) eap_peap: ERROR: Failed in __FUNCTION__ (SSL_read): error:14094419:SSL routines:ssl3_read_bytes:tlsv1 alert access denied
(8) eap_peap: ERROR: [eaptls process] = fail
(8) eap: ERROR: Failed continuing EAP PEAP (25) session.  EAP sub-module failed
(8) eap: Sending EAP Failure (code 4) ID 30 length 4
(8) eap: Failed in EAP select
(8)     [eap] = invalid
(8)   } # authenticate = invalid
(8) Failed to authenticate the user
(8) Using Post-Auth-Type Reject
(8) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(8)   Post-Auth-Type REJECT {
(8) attr_filter.access_reject: EXPAND %{User-Name}
(8) attr_filter.access_reject:    --> Gast
(8) attr_filter.access_reject: Matched entry DEFAULT at line 11
(8)     [attr_filter.access_reject] = updated
(8)     [eap] = noop
(8)     policy remove_reply_message_if_eap {
(8)       if (&reply:EAP-Message && &reply:Reply-Message) {
(8)       if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(8)       else {
(8)         [noop] = noop
(8)       } # else = noop
(8)     } # policy remove_reply_message_if_eap = noop
(8)   } # Post-Auth-Type REJECT = updated
(8) Delaying response for 1.000000 seconds
Waking up in 0.3 seconds.
Waking up in 0.6 seconds.
(8) Sending delayed response
(8) Sent Access-Reject Id 8 from 10.0.0.1:1812 to 10.0.1.102:45988 length 44
(8)   EAP-Message = 0x041e0004
(8)   Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 3.7 seconds.
(0) Cleaning up request packet ID 0 with timestamp +111
(1) Cleaning up request packet ID 1 with timestamp +111
(2) Cleaning up request packet ID 2 with timestamp +111
(3) Cleaning up request packet ID 3 with timestamp +111
(4) Cleaning up request packet ID 4 with timestamp +111
(5) Cleaning up request packet ID 5 with timestamp +111
(6) Cleaning up request packet ID 6 with timestamp +111
(7) Cleaning up request packet ID 7 with timestamp +111
(8) Cleaning up request packet ID 8 with timestamp +111



[mimugmail]

Hast du im Client auch ausgewählt dass die Zertifikate nicht überprüft werden müssen?

[PiMas]

Mein Client ist Windows 10 und bietet diese Option nicht.

[mimugmail]

Doch, ist versteckt in der Adapter Konfiguration, hatte auch Probleme das mim Kunden zu finden.

[PiMas]

Habe nun das Upgrade auf 20.1 gemacht und es funktioniert plötzlich