Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
technical:ppsk-radius [2024/04/23 10:10] systemtechnical:ppsk-radius [2024/04/29 09:03] (current) – [Advanced Private PSK Flow] system
Line 5: Line 5:
  
 ----- -----
-====== PPSK support in RADIUSdesk ======+====== PPSK support in FreeRADIUS ======
 ===== Introduction ===== ===== Introduction =====
-  * RADIUSdesk is taking the lead by being the first open source front-end to FreeRADIUS that includes PPSK support for OpenWrt+  * FreeRADIUS offers support for loadable modules in Perl and Python. 
-  * This in combination with MESHdesk and APdesk allows us to offer PPSK implementation that includes daily, weekly and monthly data quotas. Something that the commercial PPSK implementations does not currently offer.+  * RADIUSdesk includes a couple of Perl modules with its FreeRADIUS implementation to help where Unlang lacks in capabilities.  
 +  * The RADIUS protocol in its most traditional implementation does not allow communication back to the RADIUS client, e.g. to terminate a user's session with a NAS. 
 +  * As new enhancements were added to the RADIUS protocol, a mechanism was added to reach the client via Change Of Authority (COA) and Packet Of Disconnect (POD) requests from the RADIUS server to the RADIUS client. 
 +  * We can say that the RADIUS client took on features of the RADIUS server
 +  * This mechanism works well in an environment where the RADIUS server can reach the RADIUS client directly at IP level (no NAT firewalls in between) 
 +  * Unfortunately, not all environments offer this possibility today, so alternative ways have emerged to reach the RADIUS client from the RADIUS server. 
 +  * In RADIUSdesk we use the API that is part of RouterOS to reach Mikrotik RADIUS Clients. 
 +  * In MESHdesk and APdesk we use the MQTT system (or heartbeat fallback). 
 +  * With this in mind, let us look at the flow of simple Private PSK implementation on RADIUSdesk as well as a more advanced Private PSK implementation with data restrictions.
  
 ------ ------
 +
 +===== Simple Private PSK Flow =====
 +
 +<panel type="info" title="Simple hotstapd with RADIUS flow">
 +{{ :technical:ppsk:simpleflow.png |}}
 +</panel>
 +
 +----
 +
 +===== Advanced Private PSK Flow =====
 +<panel type="info" title="Advanced hotstapd with RADIUS flow">
 +{{ :technical:ppsk:advancedflow.png |}}
 +</panel>
 +  * The **Intelligent VLAN Engine** runs on the RADIUSdesk server and is crucial if you want to implement Private PSK with data restrictions.
 +  * It constantly monitors a user's usage and if it detects that a certain limit has been reached, it will act accordingly.
 +  * This usually starts by sending a disconnect instruction to the AP or mesh node the user is currently connected to.
 +  * The user's device will attempt to reconnect to the same SSID after it has been disconnected.
 +  * The **Intelligent VLAN Engine** will now apply the new restrictions to the newly established connection, if there are any.
 +  * The **Intelligent VLAN Engine** also removes restrictions by disconnecting and reconnecting a user when it detects that a restriction needs to be lifted, e.g. when a daily, weekly or monthly limit no longer applies
 +
 +----
 +
  • technical/ppsk-radius.1713859843.txt.gz
  • Last modified: 2024/04/23 10:10
  • by system