[Looking at 3.0.x branch] In raddb/mods-available/inner-eap there is a definition of "inner-eap". But as far as I can tell, this is not referenced from anywhere. Was it intended that the inner-tunnel server should use inner-eap instead of eap? It would seem to make sense - we don't want to enable TLS/TTLS/PEAP being used inside a TTLS/PEAP tunnel. Regards, Brian.
On Thu, Oct 20, 2016 at 01:43:13PM +0100, Brian Candler wrote:
In raddb/mods-available/inner-eap there is a definition of "inner-eap". But as far as I can tell, this is not referenced from anywhere.
Was it intended that the inner-tunnel server should use inner-eap instead of eap? It would seem to make sense - we don't want to enable TLS/TTLS/PEAP being used inside a TTLS/PEAP tunnel.
It's for e.g. PEAP/EAP-TLS. Most people don't need it. Matthew -- Matthew Newton, Ph.D. <mcn4@leicester.ac.uk> Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, <ithelp@le.ac.uk>
On Oct 20, 2016, at 8:43 AM, Brian Candler <b.candler@pobox.com> wrote:
In raddb/mods-available/inner-eap there is a definition of "inner-eap". But as far as I can tell, this is not referenced from anywhere.
Was it intended that the inner-tunnel server should use inner-eap instead of eap?
It's a good idea for most people. It's there as an example. However... the default configuration is designed to be flexible. So the inner-tunnel method uses normal "eap".
It would seem to make sense - we don't want to enable TLS/TTLS/PEAP being used inside a TTLS/PEAP tunnel.
Some people do. Alan DeKok.
participants (3)
-
Alan DeKok -
Brian Candler -
Matthew Newton