At first, goodevening to eveone. I am simulating an authentication plataform. The situation is this one: PC 1: Supplicant.Access by networkManager. The crendential are: login= david@i2t passwd=david EAP=TTLS phase2=PAP PC 2: HostAP. It's correctly configured and works fine. PC 3: Proxy Freeradius. It has got a realm i2t defined, and proxyes the access requests to de PC4. PC 4: Final Freeradius. It contains the credential for the users of the i2t realm stored on a LDAP directory. The interconections between the PCs is this one: PC1 <-----> PC2 <-----> PC3 <-----> PC4 I have got some conceptual questions: I generated some certificates in PC3, and when I do the suply in PC1, I set the certificate of PC3. Is this correct? Or should I do it with a certificate of PC4? The conections between PC1&PC2 and PC2&PC3 are encrypted. But, what about PC3&P4? Is also a secure comunication? Could anyone explain how should it work? Once the tunnel has been created, what type of authentication method shall I use? Can I afford to use PAP with an LDAP direcotry at the backend PC? CHAP? GTC? Lots of thanks! I hope you have a good day.