eap {
  default_eap_type = tls

  tls-config tls-common {
    private_key_file = ${certdir}/aaaKey.pem
    certificate_file = ${certdir}/aaaCert.pem
    ca_file = ${cadir}/strongswanCert.pem
    cipher_list = "DEFAULT"
    random_file = ${certdir}/random
    check_cert_cn = %{User-Name}
  }

  tls {
    tls = tls-common
  }
}
