From c6afab5728c13408876c6a00ca498ffa3b3ef8cf Mon Sep 17 00:00:00 2001
From: Jeltz <jeltz@auro.re>
Date: Thu, 1 Sep 2022 02:21:12 +0200
Subject: [PATCH] freeradius: add eap_inner module

---
 roles/freeradius/defaults/main.yml              |  1 +
 roles/freeradius/tasks/main.yml                 |  1 +
 .../freeradius/templates/mods-available/eap.j2  | 14 ++++++--------
 .../templates/mods-available/eap_inner.j2       | 17 +++++++++++++++++
 4 files changed, 25 insertions(+), 8 deletions(-)
 create mode 100644 roles/freeradius/templates/mods-available/eap_inner.j2

diff --git a/roles/freeradius/defaults/main.yml b/roles/freeradius/defaults/main.yml
index 8dce938..43f13d3 100644
--- a/roles/freeradius/defaults/main.yml
+++ b/roles/freeradius/defaults/main.yml
@@ -19,6 +19,7 @@ radiusd__enabled_modules_minimal:
   - preprocess # TODO
   - realm # TODO
   - unpack # TODO
+  - eap_inner
   - utf8
 radiusd__enabled_modules: []
 radiusd__tls_cipher_list: DEFAULT
diff --git a/roles/freeradius/tasks/main.yml b/roles/freeradius/tasks/main.yml
index c8b014e..754cd7a 100644
--- a/roles/freeradius/tasks/main.yml
+++ b/roles/freeradius/tasks/main.yml
@@ -51,6 +51,7 @@
     - mods-available/utf8
     - mods-available/always
     - mods-available/eap
+    - mods-available/eap_inner
   notify:
     - Restart freeradius
 
diff --git a/roles/freeradius/templates/mods-available/eap.j2 b/roles/freeradius/templates/mods-available/eap.j2
index 2025591..7e96d58 100644
--- a/roles/freeradius/templates/mods-available/eap.j2
+++ b/roles/freeradius/templates/mods-available/eap.j2
@@ -3,9 +3,14 @@
 eap {
 
     default_eap_type = peap
-    timer_expire = 60
+
+    type = peap
+
     ignore_unknown_eap_types = no
+
     cisco_accounting_username_bug = no
+
+    timer_expire = 60
     max_sessions = ${max_requests}
 
     tls-config tls-common {
@@ -37,11 +42,4 @@ eap {
         virtual_server = inner-tunnel
     }
 
-    gtc {
-        auth_type = local
-    }
-
-    mschapv2 {
-    }
-
 }
diff --git a/roles/freeradius/templates/mods-available/eap_inner.j2 b/roles/freeradius/templates/mods-available/eap_inner.j2
new file mode 100644
index 0000000..e1d6585
--- /dev/null
+++ b/roles/freeradius/templates/mods-available/eap_inner.j2
@@ -0,0 +1,17 @@
+{{ ansible_managed | comment }}
+
+eap inner-eap {
+
+    default_eap_type = gtc
+
+    type = gtc
+    type = mschapv2
+
+    gtc {
+        auth_type = local
+    }
+
+    mschapv2 {
+    }
+
+}