eap {
    default_eap_type = md5
    timer_expire = 60
    ignore_unknown_eap_types = no
    cisco_accounting_username_bug = no
    max_sessions = ${max_requests}
 
    md5 {
    }
 
    gtc {
        auth_type = PAP
    }
 
 
    tls-config tls-common {
                private_key_file = {{ radius_certs_path }}/trusted_server.key
         
                certificate_file = {{ radius_certs_path }}/trusted_server_chain.crt
                auto_chain = no
 
                $INCLUDE ../eap-tls-base.conf
         
        cache {
            enable = no
 
            lifetime = 24 # hours
 
            store {
                Tunnel-Private-Group-Id
            }
        }
 
        verify {
        }
 
        ocsp {
            enable = no
 
            override_cert_url = yes
 
            url = "http://127.0.0.1/ocsp/"
        }
    }
 
    tls {
        tls = tls-common
    }
 
    ttls {
         
        tls = tls-common
 
        default_eap_type = md5
 
        copy_request_to_tunnel = no
 
        use_tunneled_reply = no
 
        virtual_server = "inner-tunnel"
    }
 
    peap {
                tls = tls-common   
                default_eap_type = mschapv2
                copy_request_to_tunnel = yes
                use_tunneled_reply = yes
                proxy_tunneled_request_as_eap = yes
                virtual_server = "inner-tunnel"
                require_client_cert = no
    }
 
    mschapv2 {
    }
}  