FR2 - proxying inner tunnel

Dmitry Sergienko trooper+freeradius+users at
Fri Feb 15 16:11:15 CET 2008


Alan DeKok wrote:
> Dmitry Sergienko wrote:
>> Config file is the same as default example proxy-inner-tunnel in 2.0.2
>> release with modified realm name only.
>   I really don't understand.
>   1) default config

Configuration from scratch.
on Debian:
cd freeradius-server-2.0.2
dpkg-buildpackage -rfakeroot -uc -b
dpkg -i ../freeradius_2.0.2-0_i386.deb

>   2) edit eap.conf, peap{} section to set proxy_tunneled_request_as_eap = no
>   3) edit eap.conf, peap{} section to set virtual_server =
> "proxy-inner-tunnel"

also copied proxy-inner-tunnel from examples bundled with 2.0.2.

>   4) edit proxy.conf to add realm "" with another RADIUS server.

done. also added client in clients.conf.

>   5) send PEAP request.
>   6) verify that MS-CHAPv2 is proxied to second RADIUS server

all correct. Answer from proxy is Access-Accept.

>   7) verify that the supplicant receives EAP-MSCHAPv2 with MSCHAP Success.

It's here.

Both logs of xsupplicant and freeradius are available here (posting here exceeds the limit of 100Kb):

Best wishes,
Dmitry Sergienko (SDA104-RIPE)
Trifle Co., Ltd.

More information about the Freeradius-Users mailing list