Captive Portal per User Bandwidth limits from RADIUS ignored
-
I dont have access to the trace data until next Tuesday.
However, it is the same RADIUS server that was used with the Chilli-spot config which is currently working.
The RADIUS server is hosted at WiFiGator.com
The Vendor ID was the WISPr ID (14122)
WISPr-Bandwidth-Max-Up was set to 1024000 (defined as 1000 k dn on WiFiGator.com)
WISPr-Bandwidth-Max-Down was set to 102400 (defined 100 k up on WiFiGator.com)
I will try to post a copy of the CP Config here too. -
I have the config as a PDF which the forum will not let me attach, I have saved the pages as JPGs but the forum says they are too big.
I can e-mail it to you.
The config option are set as follows (if you are willing to trust me);
RADIUS secrets removed!Services, Captive Portal
Enable - check
Interface - LAN
Idle timeout 15
Hard timeout blank
After auth redir URL http://communityuk.net
Disable concurrent logins - checked
Disable MAC filtering - checked
Enable per-user bandwidth restrictions - checked
Download 2048, Upload 512
RADIUS auth - checked
Primary IP - 67.139.73.199
secret - xxxxxxxxx
Secondary IP - 67.139.73.199
secret - xxxxxxxxx
Send RADIUS accounting packets - checked
Reauth connected users every minute - checked
Accounting updates - Interim updates
RADIUS NAS IP - WAN
Use RADIUS Session-Timeout attribute - checked
Save -
pfSense recognizes these attributes from WISPr
WISPr-Bandwidth-Min-Up
WISPr-Bandwidth-Min-Down
WISPr-Bandwidth-Max-Up
WISPr-Bandwidth-Max-Downotherwise it seems correct
-
So do we have a bug here?
-
Without a packet trace i cannot tell.
Also an 'ipfw show' and 'ipfw pipe show' output might help.
also a 'ipfw table all list' output. -
As I mentioned before, the trace shows;
The Vendor ID was the WISPr ID (14122)
WISPr-Bandwidth-Max-Up was set to 1024000 (defined as 1000 k dn on WiFiGator.com)
WISPr-Bandwidth-Max-Down was set to 102400 (defined 100 k up on WiFiGator.com)
But I understand why would will not take this as true without an actual trace.
Its Easter weekend in the UK but I can try to get the hardware together t run a test and get a trace.
Apart from the 'ipfw' commands, is the anything else that will help?
Seeing as I've got to get the hardware together for the trace I'd like to cover off anything else that will track it down.
Could you point me at where the code is that handles the dynamic pipe creation so I can read it through. -
1024000Heh that is your issue.
pfSense by default assumes Kbit/s so you have to scale that value to take this into consideration.
Meaning you have to divide that value by 1024 or 1000 depending on preference. -
I just committed this https://rcs.pfsense.org/projects/pfsense/repos/mainline/commits/2d4003aab1d969ed9ba3e52f2fe3ec083e4bef8c fix.
You wait for it in the next snapshot or apply manually.
It should fix your issues.Thank you for the information.
-
Ah so it was a bug!
-
I was so impressed by the speed of the fix, even if you were a bit odd about my offer to help, that
I got together all the hardware I would need to test, and it works!
Thanks for that. I'd like to see CheckPoint or Cisco move that fast!
Richard