RADIUSdesk

logo
Trace: disconnect

This is an old revision of the document!

Table of Contents

Disconnecting Active RADIUS Users

Introduction

  • The RADIUS protocol uses UDP to communicate between the client and the server.
  • The client initiates all communication and the server simply replies.
  • There are however times when the need arise for the server to initiate communication to the client.
  • A typical example will be when there is a need to disconnect an active user.
  • Since January 2023 RADIUSdesk introduced an update that will allow you do send disconnect requests to RADIUS Clients in order to disconnect active users.

Some technical information

  • In order for the RADIUS server to communicate with the RADIUS Client we need determine two things.
    • The type of client.
    • The type of client in turn will determine how we will communicate with the RADIUS Client.
  • We currently support two types of clients.
    • CoovaChilli (Used by MESHdesk and APdesk)
    • Mikrotik
  • In the rest of the document we will discuss how the RADIUSdesk system communicate with these two types of clients.
  • We will also take a look where to make changes in order to add support for additional types of RADIUS Clients.

CoovaChilli on MESHdesk and APdesk

  • MESHdesk and APdesk automatically adds an associated RADIUS Client when adding a Captive Portal exit point.
  • This RADIUS Client will have the type of Coova-On-Meshdesk.

  • Disconnecting a user will then utilize the /var/www/rdcore/cake4/rd_cake/src/Controller/Component/KickerComponent.php component to contact the AP with instructions to disconnect the user.
  • When the MQTT mechanism is implemented disconnecting will be in real-time.
  • Without the MQTT mechanism disconnecting a user will take up to one minute.
  • The disconnect command used on CoovaChilli will be chilli_query logout mac <MAC Address>

Mikrotik

  • With the Mikrotik RADIUS Clients we make use of the RouterOS API Client to communicate with the Mikrotik. (https://github.com/EvilFreelancer/routeros-api-php)
  • This is already included with RADIUSdesk.
  • Many times there will be a NAT connection between the Mikrotik and the RADIUSdesk server preventing the server to reach the Mikrotik directly.
  • Mikrotik fortunately supports a large amount of VPN technologies which you can choose from.
  • https://help.mikrotik.com/docs/display/ROS/Virtual+Private+Networks
  • If needed, please select one of your choosing. Setting them up is well documented in the Mikrotik documentation in the link above.
  • When adding a RADIUS Client and selecting the Mikrotik-API type you will be presented with a dialog to supply the detail for the API connection to the Mikrotik.
  • There is also a Test API Connection button which allows you to confirm that the API communication to the Mikrotik is indeed working.
  • In the screenshot above you can se part of the reply from the Mikrotik indicating that the communication via the API is established and good.
Last modified: 2023/01/03 07:31