proxy-inner-tunnel

This is a virtual server that handles only inner tunnel requests for EAP-TTLS and PEAP types.

server proxy-inner-tunnel {

This example is very simple. All inner tunnel requests get proxied to another RADIUS server.

authorize

authorize {

Do other things here, as necessary; e.g., run the "realms" module to decide how to proxy the inner tunnel request.

	update control {
		Proxy-To-Realm := "example.com"
	}
}

authenticate

authenticate {
	eap
}

Having eap in the authenticate section is necessary so that the inner tunnel EAP-MSCHAPv2 method can be called. That method takes care of turning EAP-MSCHAPv2 into plain MS-CHAPv2, if necessary.

post-proxy

eap is required in post-proxy for LEAP or if proxy_tunneled_request_as_eap is set

post-proxy {
	eap
}