eap {
	default_eap_type = ttls

	gtc {
		auth_type = PAP
	}
	tls-config tls-common {
		private_key_file = ${certdir}/server.pem
		certificate_file = ${certdir}/server.pem
		ca_file = ${cadir}/ca.pem
		tls_min_version = "1.2"
	}
	ttls {
		tls = tls-common
		default_eap_type = gtc
		use_tunneled_reply = yes
		virtual_server = "inner-tunnel"
	}
}