I've pushed changes to the git "master" branch which enable RadSec to work. So far, all I've done is to test the server proxying to itself. i.e. opening an outgoing radsec connection, then accepting it, and doing TLS. Please download && test it. For now, it only accepts one type of packet on a RadSec socket, so doing "auth+acct" is not possible. That can be fixed later. I *believe* that the code is stable. 90% of it is the pre-existing rlm_eap_tls code, which has been moved to the server core. The rest is a bit of "glue" code to tie the TLS code into the sockets. The result is that the TLS configuration is *identical* in EAP-TLS and in RadSec. Even better, all of the features of EAP-TLS, like certificate checking, OCSP, etc. are automatically features of RadSec. Alan DeKok.