Having issue freeradius with a meraki ap

I have setup freeradius on openwrt, I am using a mr33 meraki access point (cisco firmware)

When I do a test connection from the MR33 it does talk to the openwrt router with freeradius, freeradius is not authenicating properly. It gets so far

  1. eap_peap: Continuing EAP-TLS
    (2) eap_peap: [eaptls verify] = ok
    (2) eap_peap: Done initial handshake
    (2) eap_peap: (other): before SSL initialization
    (2) eap_peap: TLS_accept: before SSL initialization
    (2) eap_peap: TLS_accept: before SSL initialization
    (2) eap_peap: <<< recv TLS 1.3 [length 0096]
    (2) eap_peap: >>> send TLS 1.0 Alert [length 0002], fatal protocol_version
    (2) eap_peap: ERROR: TLS Alert write:fatal:protocol version
    tls: TLS_accept: Error in error
    (2) eap_peap: ERROR: Failed in FUNCTION (SSL_read): error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol
    (2) eap_peap: ERROR: System call (I/O) error (-1)
    (2) eap_peap: ERROR: TLS receive handshake failed during operation
    (2) eap_peap: ERROR: [eaptls process] = fail
    (2) eap: ERROR: Failed continuing EAP PEAP (25) session. EAP sub-module failed
    (2) eap: Sending EAP Failure (code 4) ID 2 length 4

googling routines:tls_early_post_process_client_hello:unsupported protocol, would indicate your device only supporting TLS 1.0, which is also stated in your error message.

Does freeradius only support tls 1.0

Is there a way updating freeradius to use 1.3 tls

you tell me, I know nothing about your openwrt device ...

but I could also imagine the issue's at the other end of the ethernet cable.

1 Like