eap {
	default_eap_type = peap
	timer_expire     = 60
	ignore_unknown_eap_types = no
	max_sessions = ${max_requests}

	tls-config tls-common {
		private_key_password = ***
		certificate_file = ${certdir}/server.pem
		private_key_file = ${certdir}/server.key

		ca_file = ${cadir}/ca.pem
		dh_file = ${certdir}/dh
		ca_path = ${cadir}

		cipher_list = "DEFAULT"
		ecdh_curve = "prime256v1"
		cache {
			enable = yes
			max_entries = 255
		}

		ocsp {
			enable = yes
			override_cert_url = no
			use_nonce = yes
		}
	}

	tls {
		tls = tls-common
	}


	ttls {
		tls = tls-common
		default_eap_type = mschapv2
		copy_request_to_tunnel = no
		use_tunneled_reply = no
		virtual_server = "inner-tunnel"
	}

	peap {
		tls = tls-common
		default_eap_type = mschapv2
		copy_request_to_tunnel = no
		use_tunneled_reply = no
		virtual_server = "inner-tunnel"
	}

	...
}