Proxy EAP - TLS Nesting.

Alan DeKok aland at
Wed Apr 28 16:17:14 CEST 2010

brisstony21 at wrote:
> I have some troubles to proxy PEAP requests to (internal) virtual server :
> I have one proxy server (with realms define in proxy.conf file) that forward the
> request internally to a virtual server define in site-enabled directory.

  Why is there a need to proxy the PEAP packets?

> For basic authentication request (PAP, CHAP, MSCHAP, ...) , authentication is
> successful, but with PEAP it doesn't work (work with EAP-TTLS). I have this
> error message : "Multiple levels of TLS nesting is invalid".

  <sigh>  Deleting all of the other messages doesn't help.

  Are you sure it's just PEAP (MSCHAP), and not PEAP-TLS?

  Alan DeKok.

More information about the Freeradius-Users mailing list