Description
This article describes a known issue that can occur with FortiGate sending RADSEC Accounting (RADIUS TLS) to the RADIUS server.
Scope
FortiGate, RADIUS.
Solution
Error examples for debugging seen when debugging:
FortiGate, fnbamd debug looks 'ok':
__create_acct_request-Created RADIUS Acct-Request. Len: 124.
__rad_tcps_send-Sent 124/124.
__rad_tcps_send-Sent all. Total 124.
__rad_rxtx-Sent radius req to server 'FAC01': fd=10, IP=192.168.1.5(192.168.1.5:2083) code=4 id=32 len=116
__rad_rxtx-Start rad conn timer.
__rad_rxtx-fd 10, state 4(Acct)
__rad_rxtx-Stop rad conn timer.
__rad_rxtx-
__rad_tcps_recv-tcps_read() failed: to_go=4096, 5(Input/output error)
__rad_error-Ret 5, st = 4.
__rad_error-
FortiAuthenticator receives the following with an error:
(0) (TLS) Connection Established
(0) TLS-Session-Cipher-Suite = "TLS_AES_256_GCM_SHA384"
(0) TLS-Session-Version = "TLS 1.3"
(0) (TLS) Application data.
(0) (TLS) OpenSSL says that it needs to read more data.
Waking up in 0.1 seconds.
(0) (TLS) recv TLS 1.3 Handshake, Finished
(0) (TLS) Received bad packet: Length 124 contents 116
(TLS) Closing socket from client port 21788
Another example is when FreeRADIUS receives accounting from FortiGate:
(0) (TLS) recv TLS 1.3 Handshake, Finished
(0) (TLS) We already have 197 bytes of application data, processing it.
(0) (TLS) Received bad packet: Length 197 contents 191
(TLS) Closing socket from client port 23409
Related documents:
