server inner-tunnel {

  listen {
         ipaddr = 127.0.0.1
         port = 18120
         type = auth
  }

  authorize {
  	filter_username
  	chap
  	mschap
  	suffix
  	update control {
  		&Proxy-To-Realm := LOCAL
  	}
    
  	eap {
  		ok = return
  	}
    
  	sql
  	expiration
  	logintime
  	pap
  }

  authenticate {

  	Auth-Type PAP {
  		pap
  	}
    
  	Auth-Type CHAP {
  		chap
  	}
    
  	Auth-Type MS-CHAP {
  		mschap
  	}
  	mschap
  	eap
  }
  session {
  	radutmp
  	sql
  }

  post-auth {
  	sql
  	if (0) {
  		update reply {
  			User-Name !* ANY
  			Message-Authenticator !* ANY
  			EAP-Message !* ANY
  			Proxy-State !* ANY
  			MS-MPPE-Encryption-Types !* ANY
  			MS-MPPE-Encryption-Policy !* ANY
  			MS-MPPE-Send-Key !* ANY
  			MS-MPPE-Recv-Key !* ANY
  		}
  		update {
  			&outer.session-state: += &reply:
  		}
  	}
    
  	Post-Auth-Type REJECT {
  		sql
  		attr_filter.access_reject
  		update outer.session-state {
  			&Module-Failure-Message := &request:Module-Failure-Message
  		}
  	}
  }

  pre-proxy {
  }

  post-proxy {
  	eap
  }

  } # inner-tunnel server block