Hello all,

I am having a fragmentation problem on the following setup (which I don't think is IPv6 specific to be honest). What I am trying to achieve is to get a wireless client (laptop) to authenticate to a WPA2 hostapd access point with the aid of a backend AAA server.

So, I have hostapd running on Ubuntu_A that has one wireless card acting as an Access Point (AP) and an Ethernet card that forms a secure IPsec tunnel to Ubuntu_B box that is in the same network with another Ubuntu_AAA_server (FreeRadius). So it looks something like this :

wireless_client <---->[AP] hostapd_Ubuntu_A <---- IPsec tunnel ----> Ubuntu_B <---> Ubuntu_AAA_Server

Now, when my wireless client initiates an EAP-TLS based network request (using wpa_supplicant) to the Access Point, the 4 initial exchanges of Access Request and Access Accept packets happen just fine (8 packets in total go back and forth all the way from the wireless client, to Hostapd_Ubuntu_A, then to Ubuntu_B and then to Ubuntu_AAA_Server and back). Then, when the next Access Request (which seems to be containing a certificate) is sent from the wireless client, it arrives at Ubuntu_B correctly, but Ubuntu_B does NOT forward it to the AAA_Server, and replies to the hostapd_Ubuntu_A with an ICMPv6 error of “too big”.

This seems to be a fragmentation problem and occurs because hostapd_Ubuntu_A does not split the packet appropriately.

How could I solve this problem? I would really appreciate your help. I can of course provide more info if needed.

Many many thanks in advance,
Panos