Hi, > But when using this method through a proxy way, wher eis data encryption ?
the TLS tunnel is set up with the remote server - the traffic being passed through all the interim proxies. so the client only trusts the remote server (ie the server they authenticate against) - all the traffic is encapsulated within the TLS tunnel (which is transferred in RADIUS packets). so long as the client is configured to trust only the CA of the remote RADIUS server and the CommonName of the remote RADIUS server, you have the PKI assurance. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html