server proxy-inner-tunnel {
proxy-inner-tunnel
This is a virtual server that handles only inner tunnel requests for EAP-TTLS and PEAP types.
This example is very simple. All inner tunnel requests get proxied to another RADIUS server.
authorize
authorize {
Do other things here, as necessary; e.g., run the "realms" module to decide how to proxy the inner tunnel request.
update control {
Proxy-To-Realm := "example.com"
}
}
authenticate
authenticate {
eap
}
Having eap in the authenticate section is necessary so that the inner tunnel EAP-MSCHAPv2 method can be called. That method takes care of turning EAP-MSCHAPv2 into plain MS-CHAPv2, if necessary.
post-proxy
eap is required in post-proxy for LEAP or if proxy_tunneled_request_as_eap is set
post-proxy {
eap
}