IPv6 fragmentation

[Panagiotis Georgopoulos]

Hello all,

                

                I am having a fragmentation problem on the following setup.

 

                I have hostapd running on PC A that has one wireless card
acting as an Access Point (AP) and an Ethernet card that forms a secure
tunnel to PC B that is in the same network with my AAA server. So it looks
something like this : 

 

              wireless_client <---->[AP] hostapd_PC_A  <---- secure tunnel
----> PC_B <---> AAA_Server

 

                Now, when my wireless client initiates an EAP-TLS based
network request (using wpa_supplicant) the 4 initial exchanges of Access
Request and Access Accept packets happen just fine (8 packets in total).
Then, the next Access Request (which seems to be containing a certificate)
arrives at PC_B correctly but PC_B does NOT forwarding it to the AAA_Server,
and replies to the hostapd_PC_A with an ICMPv6 error of "too big" to PC_A.

 

This seems to me a fragmentation problem and occurs because hostapd_PC_A
does not split the packet appropriately. I've seen the fragm_thershold on
hostapd's configuration file and set it to 1300 but it seems that it has no
effect. 

 

Does it work on IPv6 Packets? Does it work only for the Access point side or
also to the packets that the NAS is forwarding to the AAA_Server?

 

I would really appreciate if your help. I can of course provide more info if
needed.

Cheers,

                Panos

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20110303/846a652b/attachment.htm