I have a EAP-MSCAPv2 WPA-Enterprise setup working so that's good. I get warnings about "Outer and inner identities are the same," however. Searching the list doesn't do a lot to illuminate me as to exactly what the inner and outer tunnels are. I think I understand this warning - though some explanation would be handy. I assume, given the message, that the User identity is available outside the MS-CHAP/MPPE "envelope" - in the "outer" tunnel. But, if we're using a CA/server-cert+key, the user identity should be encrypted inside the "outer" tunnel too, right? To say that another way - the outer tunnel is protected via the server-cert+key, and the inner tunnel is protected by the chapv2/mppe protocol. Do I have that right? In this case, the MPPE tunnel is far less secure [provided modern encryption standards] than say a AES-256/SHA-256 RSA outer tunnel, and I shouldn't need to worry about the warning. If there's a doc somewhere that covers this, I'd be happy to read it, but I haven't seen one - or been able to find one by searching. --- Lets deal with that first, and then once I understand it well enough, I may have follow-on questions. TIA -Greg