Also package cache_tls module while is required by the tls_cache server

files/cache_tls

+cache cache_tls_session {
+	driver = "rlm_cache_rbtree"
+
+	#  The key used to index the cache.  It is dynamically expanded
+	#  at run time.
+	key = &TLS-Session-Id
+
+	#  The TTL of cache entries, in seconds.  Entries older than this
+	#  will be expired.
+	#
+	#  This value should be between 10 and 86400.
+	ttl = 3600	# 60 mins
+
+	update {
+		&session-state:TLS-Session-Data := &session-state:TLS-Session-Data
+
+		#
+		#  If you want to store authorization attributes too, consider
+		#  performing LDAP/SQL lookups in the tls-cache virtual server
+		#  and storing the results in &session-state:
+		#
+		#  The complete list can then be restored along with the
+		#  TLS-Session-Data using the entry below.
+		#
+		#  Policies run in Post-Auth then have access to the same data
+		#  irrespective of whether the session is being resumed.
+		#
+#		&session-state: += &session-state:
+	}
+}
+
+cache cache_ocsp {
+	driver = "rlm_cache_rbtree"
+
+	#  The key used to index the cache.  It is dynamically expanded
+	#  at run time.
+	key = &session-state:TLS-Client-Cert-Serial
+
+	update {
+		&control:TLS-OCSP-Cert-Valid := &TLS-OCSP-Cert-Valid
+	}
+}

manifests/init.pp

@@ -78,6 +78,9 @@ class freeradius (
   freeradius::site { 'tls-cache':
     source => 'puppet:///modules/freeradius/tls-cache',
   }
+  freeradius::module { 'cache_tls':
+    source => 'puppet:///modules/freeradius/cache_tls',
+  }
 
   # Set up concat policy file, as there is only one global policy
   # We also add standard header and footer