Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
technical:ppsk-radius [2024/04/29 05:18] systemtechnical:ppsk-radius [2024/04/29 09:03] (current) – [Advanced Private PSK Flow] system
Line 7: Line 7:
 ====== PPSK support in FreeRADIUS ====== ====== PPSK support in FreeRADIUS ======
 ===== Introduction ===== ===== Introduction =====
-  * FreeRADIUS offers support for Perl and Python modules that can be loaded+  * FreeRADIUS offers support for loadable modules in Perl and Python. 
-  * RADIUSdesk includes a couple of Perl modules with FreeRADIUS to help where the use of Unlang is not the optimal solution.+  * RADIUSdesk includes a couple of Perl modules with its FreeRADIUS implementation to help where Unlang lacks in capabilities
   * The RADIUS protocol in its most traditional implementation does not allow communication back to the RADIUS client, e.g. to terminate a user's session with a NAS.   * The RADIUS protocol in its most traditional implementation does not allow communication back to the RADIUS client, e.g. to terminate a user's session with a NAS.
-  * With the development of the RADIUS protocol, a mechanism was created over time to reach the client via Change Of Authority (COA) and Packet Of Disconnect (POD) requests from the RADIUS server to the RADIUS client. +  * As new enhancements were added to the RADIUS protocol, a mechanism was added to reach the client via Change Of Authority (COA) and Packet Of Disconnect (POD) requests from the RADIUS server to the RADIUS client. 
-  * In a way, the RADIUS client took on features of the RADIUS server.+  * We can say that the RADIUS client took on features of the RADIUS server.
   * This mechanism works well in an environment where the RADIUS server can reach the RADIUS client directly at IP level (no NAT firewalls in between)   * This mechanism works well in an environment where the RADIUS server can reach the RADIUS client directly at IP level (no NAT firewalls in between)
-  * Unfortunately, this no longer works so well in today's environment, so alternative ways of reaching the RADIUS client from the RADIUS server have emerged+  * Unfortunately, not all environments offer this possibility today, so alternative ways have emerged to reach the RADIUS client from the RADIUS server. 
-  * Mikrotik generally uses the API that is part of RouterOS.+  * In RADIUSdesk we use the API that is part of RouterOS to reach Mikrotik RADIUS Clients.
   * In MESHdesk and APdesk we use the MQTT system (or heartbeat fallback).   * In MESHdesk and APdesk we use the MQTT system (or heartbeat fallback).
-  * With this in mind, let us look at the flow of a simple Private PSK implementation on RADIUSdesk as well as a more complicated Private PSK implementation with data restrictions.+  * With this in mind, let us look at the flow of a simple Private PSK implementation on RADIUSdesk as well as a more advanced Private PSK implementation with data restrictions.
  
 ------ ------
 +
 +===== Simple Private PSK Flow =====
 +
 +<panel type="info" title="Simple hotstapd with RADIUS flow">
 +{{ :technical:ppsk:simpleflow.png |}}
 +</panel>
 +
 +----
 +
 +===== Advanced Private PSK Flow =====
 +<panel type="info" title="Advanced hotstapd with RADIUS flow">
 +{{ :technical:ppsk:advancedflow.png |}}
 +</panel>
 +  * The **Intelligent VLAN Engine** runs on the RADIUSdesk server and is crucial if you want to implement Private PSK with data restrictions.
 +  * It constantly monitors a user's usage and if it detects that a certain limit has been reached, it will act accordingly.
 +  * This usually starts by sending a disconnect instruction to the AP or mesh node the user is currently connected to.
 +  * The user's device will attempt to reconnect to the same SSID after it has been disconnected.
 +  * The **Intelligent VLAN Engine** will now apply the new restrictions to the newly established connection, if there are any.
 +  * The **Intelligent VLAN Engine** also removes restrictions by disconnecting and reconnecting a user when it detects that a restriction needs to be lifted, e.g. when a daily, weekly or monthly limit no longer applies
 +
 +----
 +
  • technical/ppsk-radius.1714360689.txt.gz
  • Last modified: 2024/04/29 05:18
  • by system