In the scenario of the public wifi service provider (eg something like hotspotsystem, cloud4wi etc), generally the hotspot is running on embedded devices with limited resources so the TLS option and local proxy is just not feasible. Plus it really impacts the "off the shelf" approach to providing such a service.
DD-WRT can cope with IPSec fine, and it runs on extremely resource constrained systems. The volume of RADIUS traffic for individual access points is also very low, so I really don't buy your argument.
Would just be nice if the option was there for those who want to use it or some alternative that can provide similar functionality then we can.
It's a terrible approach that shouldn't be encouraged. That's why the module hasn't been merged. -Arran Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS development team FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2