From 5bc0ed6e118ef1a0b082e8613a40cdc2443b232b Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens@goauthentik.io>
Date: Thu, 15 May 2025 14:32:38 +0200
Subject: [PATCH] apparently it works now

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---
 internal/outpost/radius/eap/tls/payload.go | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/internal/outpost/radius/eap/tls/payload.go b/internal/outpost/radius/eap/tls/payload.go
index 2965f9040f..a1e71c2af9 100644
--- a/internal/outpost/radius/eap/tls/payload.go
+++ b/internal/outpost/radius/eap/tls/payload.go
@@ -12,6 +12,7 @@ import (
 	"goauthentik.io/internal/outpost/radius/eap/debug"
 	"goauthentik.io/internal/outpost/radius/eap/protocol"
 	"layeh.com/radius"
+	"layeh.com/radius/rfc2865"
 	"layeh.com/radius/vendors/microsoft"
 )
 
@@ -100,6 +101,12 @@ func (p *Payload) Handle(stt any) (protocol.Payload, *State) {
 			},
 			ClientAuth:   tls.RequireAnyClientCert,
 			Certificates: certs,
+			CipherSuites: []uint16{
+				tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA,
+				tls.TLS_RSA_WITH_RC4_128_SHA,
+				tls.TLS_RSA_WITH_AES_128_CBC_SHA,
+				// tls.TLS_RSA_WITH_RC4_128_MD5,
+			},
 		})
 		go func() {
 			defer cancel()
@@ -142,6 +149,9 @@ func (p *Payload) Handle(stt any) (protocol.Payload, *State) {
 			ModifyPacket: func(p *radius.Packet) *radius.Packet {
 				p.Code = radius.CodeAccessAccept
 				microsoft.MSMPPERecvKey_Set(p, st.MPPEKey[:32])
+				microsoft.MSMPPESendKey_Set(p, st.MPPEKey[64:64+32])
+				rfc2865.UserName_SetString(p, "foo")
+				rfc2865.FramedMTU_Set(p, rfc2865.FramedMTU(1400))
 				return p
 			},
 		}, st