Terminate EAP-TTLS then proxy

adrian.p.smith at bt.com adrian.p.smith at bt.com
Fri Sep 22 09:32:31 CEST 2017

OK, so it appears that the proxying is actually done back in the outer tunnel.

So, in my inner-tunnel server I added:

    ## clear proxy control from outer request 
	update control {
		&outer.Proxy-To-Realm !*

And that seems to have got this working.



-----Original Message-----
From: Freeradius-Users [mailto:freeradius-users-bounces+adrian.p.smith=bt.com at lists.freeradius.org] On Behalf Of Alan DeKok
Sent: 21 September 2017 23:28
To: FreeRadius users mailing list
Subject: Re: Terminate EAP-TTLS then proxy

On Sep 21, 2017, at 6:24 PM, <adrian.p.smith at bt.com> <adrian.p.smith at bt.com> wrote:
> Hi Alan,
> I proxy-to-realn LOCAL in the default server as I was advised to do this as part of the EAP-TTLS termination and Transfer to the inner-tunnel.
> Perhaps this is not needed?

  It's needed if you don't want to proxy the outer EAP session.

> My aim is be able to terminate the EAP and then proxy the request to another server.

  Then edit the inner tunnel to delete the "Proxy-To-Realm = Local" attribute.

  Alan DeKok.

List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list