wpa_supplicant fails to connect with EAP

[Dan Williams]

On Tue, 2015-08-18 at 09:55 -0500, Kenny Pearce wrote:
> Thanks! The MTU was set to 1280 (I don't know why). Changing it to 1500
> fixed the problem.

Also, NetworkManager should look at the MTU of the wifi interface and
make sure the fragment size is lower than that.  Although one issue here
is that if the MTU gets set via DHCP, we have a chicken + egg issue
since the MTU would be changed long after we've sent the config to the
supplicant.

Dan

> On Tue, 18 Aug 2015 02:39:46 +0300
> Jouni Malinen <j at w1.fi> wrote:
> 
> > On Mon, Aug 17, 2015 at 11:35:48AM -0500, Kenny Pearce wrote:
> > > Aug 17 11:15:24 parmenides wpa_supplicant[1312]: wlan21:
> > > CTRL-EVENT-EAP-METHOD EAP vendor 0 method 13 (TLS) selected Aug 17
> > > 11:15:24 parmenides wpa_supplicant[1312]: l2_packet_send - sendto:
> > > Message too long
> > 
> > What MTU do you have configured on wlan21? E.g., check what "ifconfig
> > wlan0" returns.
> > 
> > > The only thing that looks like a significant error to me in this
> > > output is "l2_packet_send - sendto: Message too long" but Googling
> > > that message did not lead to any useful hits. Does anyone know what
> > > might cause this kind of problem, or how to fix it?
> > 
> > I have not seen this before, but my first guess would be that
> > something has reduced the MTU on the netdev so much that the default
> > EAP-TLS fragmentation limit gets hit. wpa_supplicant does not
> > currently check the MTU and update the fragmentation limit
> > automatically, but now that I learned about this, I'll probably make
> > it do so. As a workaround, you can try to reduce EAP fragment size
> > with fragment_size=<bytes> parameter (though, I do not know how to do
> > that with NetworkManager). Setting fragment_size to something like
> > 100 bytes less than netdev MTU would hopefully get rid of this issue
> > (or alternatively, increase the MTU back to more common 1500 if there
> > is no real need to make it smaller). 
> 
> 
>