Set vpn rate limit via external radius server

djmatze

Hi there,

we are using PFsense 2.0 as vpn server with external radius authentification. Everything is working fine, but we want to limit the speed per "dialed-in" user.

we tried the mpd-limit option via radius with no success so far

we added

mpd-limit += "out#1=all shape 6400"
  mpd-limit += "in#1=all shape 6400"

to our radius configuration. Nothing seems to be shaped there.

We also tried the "other" way with mpd-pipe

after loading the modules ipfw and dummynet we added
  mpd-pipe += "1=bw 8Kbyte/s",
  mpd-pipe += "5=bw 8Kbyte/s",
  mpd-rule += "1=pipe %p1 all from any to any in",
  mpd-rule += "2=pipe %p5 all from any to any out",

the rules are added (you can see it with ipfw show and ipfw pipw show) but there are no packets assigned to.

does anyone has an Idea how to manage the rate limit per user?

in all other points Pfsense is matches perfect our needs. Good work Guys ;D

Many thanks

Matze

eri--

I will suggest to integrate ng_car into the mpd config

djmatze

Many Thanks for this Ermal.

Is there also an easy way to integrate the ng_car module into an existing pfsense installation? (maybe a precompiled package or so, without rebuilding The PFSense Image) I am using the "normal" hdd-installed Version.

eri--

EDIT:

2.0 has already ng_car/ng_bpf in kernel so you just need to teach mpd through config lines.

djmatze

Thanks again for checking this.

my next question is: What I have to add in the mpd config for using ng_car. I already searched the mpd documentation on sourceforge, but I didnt found anything related to this.

As I said in my first post I addes the mp-limit lines to my radius configuration, but it is still not working.
If I add some mpd-pipe rules, they are added on the system, so I assume the radius configuration is working for giving this parameters.

many thanks again.

eri--

Look here
http://mpd.sourceforge.net/doc/mpd62.html#62

it has all you need.

djmatze

this is the documentation I already had: it is describing what to do in the radius conf.

I added the lines
  mpd-limit += "out#1=all shape 6400"
  mpd-limit += "in#1=all shape 6400"
to my radius conf, but it doesn't  work for me.

do i have to change someting in the mpd conf(s) as well?

any ideas?

thanks again

djmatze

Ok thanks to all especially Ermal. It is working now for me perfectly.

I made a mistake in my radiusconf it must be

mpd-limit := "out#1=all shape 64000"
mpd-limit := "in#1=all shape 64000"

not
  mpd-limit += "out#1=all shape 64000"
  mpd-limit += "in#1=all shape 64000"