Hi, I'm using freeradius for EAP-TLS authentication with my WPA NAS, with MS-CHAPv2 for ppp auth (in a L2TP/IPSEC VPN) and for a while for EAP-TLS for ppp auth (about half a year ago).
However, without me consciously changing anything in my setup (running Debian Squeeze, connecting clients run MS Windows Vista), EAP-TLS for ppp auth no longer works since I've tested it again recently. I now get the following error in my radius log on an auth attempt: Error: TLS Alert write:fatal:decrypt error Error: TLS_accept: failed in SSLv3 read certificate verify B Error: rlm_eap: SSL error error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01 Error: SSL: SSL_read failed inside of TLS (-1), TLS session fails. Now there's several issues: - I don't know what I changed which caused this behaviour (maybe an openssl update in Squeeze? Something changes in Windows Vista?) - the client certificates are valid (tested with openssl cli), and work fine when using for WPA auth - I don't really know what this error means - I can't find a solution for it. I've tried: 2048 bit (vs. 4096 bit) RSA certs and the extensions for XP for both the server and client certs Again, the same certificates work fine for WPA auth I hope someone can shed some light onto this issue, or how to pin down the exact cause of the 'rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01' error. Regards, Frank - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html