wpa_supplicant fails to connect with EAP

Dan Williams dcbw at redhat.com
Tue Aug 18 13:01:55 EDT 2015


On Tue, 2015-08-18 at 11:05 -0500, Kenny Pearce wrote:
> NetworkManager does not appear to be messing with my MTU after I set
> it. I went into the 'edit connection' screen for this connection, and
> there is an MTU setting and it was set to 'Automatic'. I changed it to
> 1500 in there, since I've read that manual setting of MTU (with
> ifconfig) is not persistent across reboots.

NM won't change the MTU of the interface unless you specifically tell it
to do so, or unless DHCP returns an MTU.  "Automatic" just means "let
DHCP do it, otherwise leave it alone".  If DHCP isn't returning an MTU,
then it could have been set outside NM from other network scripts or
tools.  NM prints the received DHCP options to syslog, so look for
something like this:

NetworkManager[730]: <info>  (wlp4s0): DHCPv4 state changed bound -> bound
NetworkManager[730]: <info>    address 192.168.1.43
NetworkManager[730]: <info>    plen 24 (255.255.255.0)
NetworkManager[730]: <info>    gateway 192.168.1.1
NetworkManager[730]: <info>    lease time 900
NetworkManager[730]: <info>    nameserver '74.82.42.42'
NetworkManager[730]: <info>    mtu 1500

and you'll know if it came from DHCP.  If you don't see 'mtu' it didn't
come from DHCP.

Dan

> On Tue, 18 Aug 2015 10:57:21 -0500
> Dan Williams <dcbw at redhat.com> wrote:
> 
> > On Tue, 2015-08-18 at 09:55 -0500, Kenny Pearce wrote:
> > > Thanks! The MTU was set to 1280 (I don't know why). Changing it to
> > > 1500 fixed the problem.
> > 
> > Also, NetworkManager should look at the MTU of the wifi interface and
> > make sure the fragment size is lower than that.  Although one issue
> > here is that if the MTU gets set via DHCP, we have a chicken + egg
> > issue since the MTU would be changed long after we've sent the config
> > to the supplicant.
> > 
> > Dan
> > 
> > > On Tue, 18 Aug 2015 02:39:46 +0300
> > > Jouni Malinen <j at w1.fi> wrote:
> > > 
> > > > On Mon, Aug 17, 2015 at 11:35:48AM -0500, Kenny Pearce wrote:
> > > > > Aug 17 11:15:24 parmenides wpa_supplicant[1312]: wlan21:
> > > > > CTRL-EVENT-EAP-METHOD EAP vendor 0 method 13 (TLS) selected Aug
> > > > > 17 11:15:24 parmenides wpa_supplicant[1312]: l2_packet_send -
> > > > > sendto: Message too long
> > > > 
> > > > What MTU do you have configured on wlan21? E.g., check what
> > > > "ifconfig wlan0" returns.
> > > > 
> > > > > The only thing that looks like a significant error to me in this
> > > > > output is "l2_packet_send - sendto: Message too long" but
> > > > > Googling that message did not lead to any useful hits. Does
> > > > > anyone know what might cause this kind of problem, or how to
> > > > > fix it?
> > > > 
> > > > I have not seen this before, but my first guess would be that
> > > > something has reduced the MTU on the netdev so much that the
> > > > default EAP-TLS fragmentation limit gets hit. wpa_supplicant does
> > > > not currently check the MTU and update the fragmentation limit
> > > > automatically, but now that I learned about this, I'll probably
> > > > make it do so. As a workaround, you can try to reduce EAP
> > > > fragment size with fragment_size=<bytes> parameter (though, I do
> > > > not know how to do that with NetworkManager). Setting
> > > > fragment_size to something like 100 bytes less than netdev MTU
> > > > would hopefully get rid of this issue (or alternatively, increase
> > > > the MTU back to more common 1500 if there is no real need to make
> > > > it smaller). 
> > > 
> > > 
> > > 
> > 
> > 
> 
> 




More information about the HostAP mailing list