Support for IoT/Endpoint Device Management with PPSK in OpenWISP Controller

[iainherd]

Description

First-time GitHub issue, apologies for any missteps.

Managing numerous legacy IoT devices using PPSK (Private Pre-Shared Key) with RADIUS authentication on OpenWISP. PPSK benefits include:

• Unified SSID: Single SSID across sites with per-device passphrases, ensuring Layer 2 isolation, seamless roaming, and reduced RF overhead.
• Seamless Mobility: Devices stay connected across access points and sites.
• Security & Compatibility: Strong encryption without enterprise credentials, ideal for legacy IoT devices not supporting Passpoint.
• Mechanism: PPSK uses a MIC Resolver in the WPA2 4-way handshake, cycling through valid passphrases to match the client’s MIC.

Currently, the OpenWISP Controller's "Devices" menu is non-collapsible and assumes all devices are access points/routers, limiting IoT/endpoint device management with PPSK.

Proposed Enhancement
Extend the "Devices" menu to support IoT/Endpoint devices alongside Access Points/Routers by making the "Devices" menu collapsible, similar to "Configuration" (e.g., Templates | VPN Servers | Access Credentials | Device Groups), with two sub-entries:

• Access Points: Existing functionality for access points/routers.
• IoT/Endpoint Devices: New section for managing IoT devices.

Add two new screens:

IoT/Endpoint Device View: Summary table view linked from the "IoT/Endpoint Devices" menu entry, displaying registered IoT devices and attributes:

• Organization
• User
• MAC Address
• Serial Number
• PPSK state

Add IoT/Endpoint Device View: Form for adding new IoT devices with the following attributes:

• Organization (required)
• User (optional)
• MAC Address (required)
• Serial Number (optional)
• PPSK Support:
  -- Checkbox to enable PPSK.
  -- Option to manually enter or auto-generate a unique PPSK.

Automatic RADIUS Integration:
Upon saving an IoT device, create entries in openwisp-radius:

radCheck:

• Username: device MAC address
• Organization: device organization
• Attribute: Cleartext-Password
• Operator: :=
• Value: device MAC address

radReply:

• Username: device MAC address
• Organization: device organization
• Attribute: Tunnel-Password
• Operator: :=
• Value: unique device PPSK

Use Case
Managing multiple legacy IoT devices which only support WPA2-Personal across a multi-access point, multi-site WiFi network using PPSK for secure, high-capacity data offloads. Device MAC addresses and PPSKs need registration in OpenWISP with automatic RADIUS updates for seamless authentication.

Benefits

• Simplifies IoT device onboarding and PPSK management.
• Enhances OpenWISP for diverse IoT use cases
• Streamlines RADIUS configuration, reducing manual errors.