Hi, I have tried to add EAP-TLS support to my working configuration with PEAP/MSCHAPv2, following: http://notes.asd.me.uk/2012/01/20/freeradius-with-peap-eap-tls-for-microsoft... First it complains (/etc/freeradius/sites-enabled/inner-tunnel[26]: Unknown Auth-Type "inner-eap" in authenticate sub-section) about having innereap in the authenticate section of the inner-tunnel, if I leave eap (which I think is correct?!) Then the EAP authentication stops with: (480) eap: Peer sent packet with method EAP NAK (3) (480) eap: Peer NAK'd asking for unsupported EAP type TLS (13), skipping... (480) eap: ERROR: No mutually acceptable types found Which should mean that the inner-eap config file is not working? Currently the inner-eap config looks like that: eap inner-eap { default_eap_type = tls timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no mschapv2 { } tls-config tls-inner { private_key_file = ${raddbdir}/tls-certs/vpn.key certificate_file = ${raddbdir}/tls-certs/vpn.crt ca_file = ${raddbdir}/tls-certs/ca.pem dh_file = ${raddbdir}/tls-certs/dh.pem random_file = /dev/urandom fragment_size = 1024 check_crl = no cipher_list = "DEFAULT" } tls { tls = tls-inner } } I am not sure about the tls-config, the sample files use the tls config like that for the eap file, but the inner-eap sitll has the config directly in the tls sections - anyways, I tried both and same result. Additionally mschapv2 just continues to work, if I add it, or remove it, no change. I'm using: radiusd: FreeRADIUS Version 3.0.20 (git #d94c953), for host x86_64-pc-linux-gnu FreeRADIUS Version 3.0.20 I also read that there's a new option "inner_eap_module" for the PEAP section inside eap, but I can't figure out if that's actually in 3.0.20 or not ... Can someone provide a working config for PEAP/EAP-TLS? Can someone describe why my config is not working? Thanks Thomas