PPSK support in FreeRADIUS

FreeRADIUS offers support for loadable modules in Perl and Python.

RADIUSdesk includes a couple of Perl modules with its FreeRADIUS implementation to help where Unlang lacks in capabilities.

The RADIUS protocol in its most traditional implementation does not allow communication back to the RADIUS client, e.g. to terminate a user's session with a NAS.

As new enhancements were added to the RADIUS protocol, a mechanism was added to reach the client via Change Of Authority (COA) and Packet Of Disconnect (POD) requests from the RADIUS server to the RADIUS client.

We can say that the RADIUS client took on features of the RADIUS server.

This mechanism works well in an environment where the RADIUS server can reach the RADIUS client directly at IP level (no NAT firewalls in between)

Unfortunately, not all environments offer this possibility today, so alternative ways have emerged to reach the RADIUS client from the RADIUS server.

In RADIUSdesk we use the API that is part of RouterOS to reach Mikrotik RADIUS Clients.

In MESHdesk and APdesk we use the MQTT system (or heartbeat fallback).

With this in mind, let us look at the flow of a simple Private PSK implementation on RADIUSdesk as well as a more advanced Private PSK implementation with data restrictions.