Hi,
After doing some more digging, I think I am catching onto this... somewhat.
It sounds like I need to have the Radius Proxy, authenticate the Outer Identity of the EAP-TTLS session locally, while the Inner Identity is proxied to the Home Radius server.
I have setup the Outer identity to be Anonymous@outer which is proxied to LOCAL, while the Inner identity is @inner and proxied to Home Radius. The problem is that when I run radiusd -x, I never see the @outer message, so the @inner is getting forwarded as an EAP, instead of only as a MS-CHAP-V2.
Anyone know what I am overlooking? I have a crude understanding of this entire process at best, I know. :)
if you only want to deal with the inner 'natively' then you'd probably want to terminate the EAP on your FreeRADIUS box - ie use inner-tunnel and then proxy the inner stuff from there. (see the big warnings) alan