wpa_supplicant fails to connect with EAP
kenny at kennypearce.net
Tue Aug 18 12:05:59 EDT 2015
NetworkManager does not appear to be messing with my MTU after I set
it. I went into the 'edit connection' screen for this connection, and
there is an MTU setting and it was set to 'Automatic'. I changed it to
1500 in there, since I've read that manual setting of MTU (with
ifconfig) is not persistent across reboots.
On Tue, 18 Aug 2015 10:57:21 -0500
Dan Williams <dcbw at redhat.com> wrote:
> On Tue, 2015-08-18 at 09:55 -0500, Kenny Pearce wrote:
> > Thanks! The MTU was set to 1280 (I don't know why). Changing it to
> > 1500 fixed the problem.
> Also, NetworkManager should look at the MTU of the wifi interface and
> make sure the fragment size is lower than that. Although one issue
> here is that if the MTU gets set via DHCP, we have a chicken + egg
> issue since the MTU would be changed long after we've sent the config
> to the supplicant.
> > On Tue, 18 Aug 2015 02:39:46 +0300
> > Jouni Malinen <j at w1.fi> wrote:
> > > On Mon, Aug 17, 2015 at 11:35:48AM -0500, Kenny Pearce wrote:
> > > > Aug 17 11:15:24 parmenides wpa_supplicant: wlan21:
> > > > CTRL-EVENT-EAP-METHOD EAP vendor 0 method 13 (TLS) selected Aug
> > > > 17 11:15:24 parmenides wpa_supplicant: l2_packet_send -
> > > > sendto: Message too long
> > >
> > > What MTU do you have configured on wlan21? E.g., check what
> > > "ifconfig wlan0" returns.
> > >
> > > > The only thing that looks like a significant error to me in this
> > > > output is "l2_packet_send - sendto: Message too long" but
> > > > Googling that message did not lead to any useful hits. Does
> > > > anyone know what might cause this kind of problem, or how to
> > > > fix it?
> > >
> > > I have not seen this before, but my first guess would be that
> > > something has reduced the MTU on the netdev so much that the
> > > default EAP-TLS fragmentation limit gets hit. wpa_supplicant does
> > > not currently check the MTU and update the fragmentation limit
> > > automatically, but now that I learned about this, I'll probably
> > > make it do so. As a workaround, you can try to reduce EAP
> > > fragment size with fragment_size=<bytes> parameter (though, I do
> > > not know how to do that with NetworkManager). Setting
> > > fragment_size to something like 100 bytes less than netdev MTU
> > > would hopefully get rid of this issue (or alternatively, increase
> > > the MTU back to more common 1500 if there is no real need to make
> > > it smaller).
More information about the HostAP