{{ ansible_managed | comment }} eap { default_eap_type = peap type = peap type = ttls ignore_unknown_eap_types = no cisco_accounting_username_bug = no timer_expire = 60 max_sessions = ${max_requests} tls-config tls-common { private_key_file = {{ radiusd__tls_private_key_file }} certificate_file = {{ radiusd__tls_certificate_file }} ca_file = {{ radiusd__tls_ca_file }} dh_file = ${certdir}/dh cipher_list = {{ radiusd__tls_cipher_list | enquote }} cipher_server_preferences = yes tls_min_version = "1.2" tls_max_version = "1.2" # TODO: 1.3 # TODO # cache { # enable = yes # lifetime = 24 # name = "eap" # persistdir = "${logdir}/tlscache" # store { # Tunnel-Private-Group-Id # } # } ocsp { enable = no } } peap { tls = tls-common default_eap_type = gtc require_client_cert = no copy_request_to_tunnel = no use_tunneled_reply = no virtual_server = inner-tunnel } ttls { tls = tls-common default_eap_type = pap require_client_cert = no copy_request_to_tunnel = no use_tunneled_reply = no virtual_server = inner-tunnel } }