Ok, I've tried this with 2.2 and still get the same behavior.. If I actually look at the proxy-inner-tunnel I see the following for post-proxy..
post-proxy { # # This is necessary for LEAP, or if you set: # # proxy_tunneled_request_as_eap = no # eap I see that eap needs be invoked if using proxy_tunneled_request_as_eap = no Does it actually need to NOT be there for proxy_tunneled_request_as_eap = no I should say I'm actually NOT using the proxy-inner-tunnel server, but rather the default inner-tunnl with: # If you want the inner tunnel request to be proxied, delete # the next few lines. # # update control { # Proxy-To-Realm := LOCAL # } Thanks, Robert ________________________________________ From: freeradius-users-bounces+robert.roll=utah....@lists.freeradius.org [freeradius-users-bounces+robert.roll=utah....@lists.freeradius.org] on behalf of Phil Mayers [p.may...@imperial.ac.uk] Sent: Thursday, August 29, 2013 9:38 AM To: freeradius-users@lists.freeradius.org Subject: Re: EAP-Peap-MSchapv2 proxy from innertunnel On 29/08/13 15:56, Robert Roll wrote: > > I guess I assumed the id: in the TCP dump below was the "EAP Response > Identifier" maybe not ? Is there a different > EAP response identifier ? Yes, in the EAP-Message attribute (EAP packet) > I actually have been running with debug radius -X. Obviously a lot longer > output than just the TCP dump. > That is why I first tried just the TCP dump. I guess I was also hoping > somebody might have just > had a thought about a common configuration issue... TBH proxying EAP inner is not common at all; there have been bugs in that area in the past. Re-reading I notice that you're running 2.10 - upgrade. I'm pretty certain that version has inner-eap proxy bugs. Go to 2.2.0. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html