This is an old revision of the document!
PPSK support in FreeRADIUS
Introduction
- FreeRADIUS offers support for loadable modules in Perl and Python.
- RADIUSdesk includes a couple of Perl modules with its FreeRADIUS implementation to help where Unlang lacks in capabilities.
- The RADIUS protocol in its most traditional implementation does not allow communication back to the RADIUS client, e.g. to terminate a user's session with a NAS.
- As new enhancements were added to the RADIUS protocol, a mechanism was added to reach the client via Change Of Authority (COA) and Packet Of Disconnect (POD) requests from the RADIUS server to the RADIUS client.
- We can say that the RADIUS client took on features of the RADIUS server.
- This mechanism works well in an environment where the RADIUS server can reach the RADIUS client directly at IP level (no NAT firewalls in between)
- Unfortunately, not all environments offer this possibility today, so alternative ways have emerged to reach the RADIUS client from the RADIUS server.
- In RADIUSdesk we use the API that is part of RouterOS to reach Mikrotik RADIUS Clients.
- In MESHdesk and APdesk we use the MQTT system (or heartbeat fallback).
- With this in mind, let us look at the flow of a simple Private PSK implementation on RADIUSdesk as well as a more advanced Private PSK implementation with data restrictions.