PPSK support in FreeRADIUS

FreeRADIUS offers support for Perl and Python modules that can be loaded.

RADIUSdesk includes a couple of Perl modules with FreeRADIUS to help where the use of Unlang is not the optimal solution.

The RADIUS protocol in its most traditional implementation does not allow communication back to the RADIUS client, e.g. to terminate a user's session with a NAS.

With the development of the RADIUS protocol, a mechanism was created over time to reach the client via Change Of Authority (COA) and Packet Of Disconnect (POD) requests from the RADIUS server to the RADIUS client.

In a way, the RADIUS client took on features of the RADIUS server.

This mechanism works well in an environment where the RADIUS server can reach the RADIUS client directly at IP level (no NAT firewalls in between)

Unfortunately, this no longer works so well in today's environment, so alternative ways of reaching the RADIUS client from the RADIUS server have emerged.

Mikrotik generally uses the API that is part of RouterOS.

In MESHdesk and APdesk we use the MQTT system (or heartbeat fallback).

With this in mind, let us look at the flow of a simple Private PSK implementation on RADIUSdesk as well as a more advanced Private PSK implementation with data restrictions.