We have a need to run the post-auth section on proxied peap/ttls inner (proxied as EAP - none of the crazy packet mangling hacks). 2.x doesn't do this, I haven't checked 3.x but assume it's unchanged? I've tried a few crazy hacks in the source but it all explodes; does anyone have any insight into what needs doing?