2022-08-31 03:40:26 +02:00
|
|
|
{{ ansible_managed | comment }}
|
|
|
|
|
|
|
|
eap {
|
|
|
|
|
|
|
|
default_eap_type = peap
|
2022-09-01 02:21:12 +02:00
|
|
|
|
|
|
|
type = peap
|
2022-09-01 17:35:22 +02:00
|
|
|
type = ttls
|
2022-09-01 02:21:12 +02:00
|
|
|
|
2022-08-31 03:40:26 +02:00
|
|
|
ignore_unknown_eap_types = no
|
2022-09-01 02:21:12 +02:00
|
|
|
|
2022-08-31 03:40:26 +02:00
|
|
|
cisco_accounting_username_bug = no
|
2022-09-01 02:21:12 +02:00
|
|
|
|
|
|
|
timer_expire = 60
|
2022-08-31 03:40:26 +02:00
|
|
|
max_sessions = ${max_requests}
|
|
|
|
|
|
|
|
tls-config tls-common {
|
|
|
|
private_key_file = {{ radiusd__tls_private_key_file }}
|
|
|
|
certificate_file = {{ radiusd__tls_certificate_file }}
|
|
|
|
ca_file = {{ radiusd__tls_ca_file }}
|
|
|
|
dh_file = ${certdir}/dh
|
|
|
|
cipher_list = {{ radiusd__tls_cipher_list | enquote }}
|
|
|
|
cipher_server_preferences = yes
|
|
|
|
tls_min_version = "1.2"
|
|
|
|
tls_max_version = "1.2" # TODO: 1.3
|
|
|
|
# TODO
|
|
|
|
# cache {
|
|
|
|
# enable = yes
|
|
|
|
# lifetime = 24
|
|
|
|
# name = "eap"
|
|
|
|
# persistdir = "${logdir}/tlscache"
|
|
|
|
# store {
|
|
|
|
# Tunnel-Private-Group-Id
|
|
|
|
# }
|
|
|
|
# }
|
2022-09-01 08:18:39 +02:00
|
|
|
ocsp {
|
|
|
|
enable = no
|
|
|
|
}
|
2022-08-31 03:40:26 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
peap {
|
|
|
|
tls = tls-common
|
|
|
|
default_eap_type = gtc
|
2022-09-01 17:35:22 +02:00
|
|
|
require_client_cert = no
|
|
|
|
copy_request_to_tunnel = no
|
|
|
|
use_tunneled_reply = no
|
|
|
|
virtual_server = inner-tunnel
|
|
|
|
}
|
|
|
|
|
|
|
|
ttls {
|
|
|
|
tls = tls-common
|
|
|
|
default_eap_type = pap
|
|
|
|
require_client_cert = no
|
2022-08-31 03:40:26 +02:00
|
|
|
copy_request_to_tunnel = no
|
|
|
|
use_tunneled_reply = no
|
|
|
|
virtual_server = inner-tunnel
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|