Hi, I'm configuring FR 3.0.12 and I'm unable to get SSL session resumption / fast reauthentication to work. The first authentication caches the Stripped-User-Name. (9) eap_peap: Received EAP-TLV response (9) eap_peap: Success (9) eap_peap: caching Stripped-User-Name = "XXXXXX" (9) eap_peap: Failed to find 'persist_dir' in TLS configuration. Session will not be cached on disk. (9) eap: Sending EAP Success (code 3) ID 9 length 4 (9) eap: Freeing handler (9) [eap] = ok (9) } # authenticate = ok (9) # Executing section post-auth from file /etc/raddb/sites-enabled/default The second auth doesn't appear to use the cache but continues to phase 2 auth protocol. I'm I failing to return the relevant attributes required for session resumption / fast reauthentication to work? Thanks, Chris Howley In the post-auth section of site-enabled/inner-tunnel # # Instead of "use_tunneled_reply", uncomment the # next two "update" blocks. # update { &outer.session-state: += &reply: } # # These attributes are for the inner session only. # They MUST NOT be sent in the outer reply. # # If you uncomment the previous block and leave # this one commented out, WiFi WILL NOT WORK, # because the client will get two MS-MPPE-keys # update outer.session-state { MS-MPPE-Encryption-Policy !* ANY MS-MPPE-Encryption-Types !* ANY MS-MPPE-Send-Key !* ANY MS-MPPE-Recv-Key !* ANY Message-Authenticator !* ANY EAP-Message !* ANY Proxy-State !* ANY } In eap.conf cache { enable = yes lifetime = 24 # hours max_entries = 255 #name = "EAP module" #persist_dir = "${logdir}/tlscache" }