"use_tunnel_reply" not working in EAP-PEAP (Proxied as plain MSCHAPv2) in eap.conf

Nitin Bhardwaj nbhardwaj at merunetworks.com
Tue Jul 5 19:03:34 CEST 2011

Hello All,

I'm using FreeRADIUS 2.1.11 as a proxy for authenticating PEAP clients with RADIUS server not supporting EAP.

All is working well except that when I use "proxy_tunneled_request_as_eap = no" in eap.conf, FreeRADIUS is not passing back all the AVPs sent by RADIUS server in Access-Accept(MSCHAPv2) to the Client, only few ones.

But when I set it as "proxy_tunneled_request_as_eap = yes", FreeRADIUS is relaying back all the AVPs received from the RADIUS server properly.

eap {
     peap {
            copy_request_to_tunnel = yes
            use_tunneled_reply = yes
            proxy_tunneled_request_as_eap = no
            virtual_server = "proxy-inner-tunnel"

Hence, in spite of setting "use_tunneled_reply = yes", why isnt FR copying all attributes in Access-Accept back to client ?
Is this some bug, fixed in 3.x ?


More information about the Freeradius-Users mailing list