Created attachment 1484574 [details]
fix: correct receiving of multiple RADIUS packets through RadSec
On a site with high load with FreeRADIUS v3 there is a bug with receiving multiple packet from incoming TLS (RadSec) connection that cause the site to fail authorisations for roaming users.
The patch has been verified by multiple admins of eduroam sites and tested in 3.0.12, 3.0.14 and 3.0.15 release.
The bug has been reported upstream and accepted in 3.0.16 release:
There is a workaround to set lifetime to 600 sec on smaller sites:
Also there is a bug in 3.0.17 released on Apr 2018 so using latest version is not a solution: https://github.com/FreeRADIUS/freeradius-server/issues/2270
Thank you for the thorough report and explanation, Milan. We'll see if we can incorporate the fix in one of our future releases. If you're a customer, or know a customer affected by this, make sure our support is aware of the issue to speed up resolution.