This is an old revision of the document!



PPSK support in FreeRADIUS

  • FreeRADIUS offers support for Perl and Python modules that can be loaded.
  • RADIUSdesk includes a couple of Perl modules with FreeRADIUS to help where the use of Unlang is not the optimal solution.
  • The RADIUS protocol in its most traditional implementation does not allow communication back to the RADIUS client, e.g. to terminate a user's session with a NAS.
  • With the development of the RADIUS protocol, a mechanism was created over time to reach the client via Change Of Authority (COA) and Packet Of Disconnect (POD) requests from the RADIUS server to the RADIUS client.
  • In a way, the RADIUS client took on features of the RADIUS server.
  • This mechanism works well in an environment where the RADIUS server can reach the RADIUS client directly at IP level (no NAT firewalls in between)
  • Unfortunately, this no longer works so well in today's environment, so alternative ways of reaching the RADIUS client from the RADIUS server have emerged.
  • Mikrotik generally uses the API that is part of RouterOS.
  • In MESHdesk and APdesk we use the MQTT system (or heartbeat fallback).
  • With this in mind, let us look at the flow of a simple Private PSK implementation on RADIUSdesk as well as a more advanced Private PSK implementation with data restrictions.

Simple hotstapd with RADIUS flow



  • technical/ppsk-radius.1714366911.txt.gz
  • Last modified: 2024/04/29 07:01
  • by system