Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Hardware or config problem ?

    Hardware
    2
    4
    2.6k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      vd
      last edited by

      Hi all

      I'm using pfsense as a captive portal with authentification based on a win 2003 AD to authenticate my wifi users.
      I've got 2 network adapters : one for lan which is on the same subnet as the wifi access points (172.16.1.x/21) and the other for wan which is on the subnet for my students (192.168.102.x/24).
      All is on the same physical network.

      At one time, I can have up to 160 user connected.

      I've tried pfsense on 3 different hardware :
      1 P4 1.6 Ghz 512 Mb Ram with 2 DLink DFE530TX.
      1 Atlhlon 64 2 Ghz 512 Mb RAM with 2 broadcom Gb cards.
      1 P3 933 Mhz 1 Gb RAM with 2 DLink DFE530TX.

      On all three platforms, I've seen that CPU load is very often VERY high (between 80% to 100%). When CPU is so high, with a top command, I've seen that there were many PHP processes consumming the cpu load.
      When It's 100%, users can not access the authentification page or it's EXTREMELY SLOW.
      So i'm wondering if it's a config problem or a hardware problem.
      Could you advice me for hardware that could meet the reqirements described above ? (number of connected people)
      If you rather think it's a config problem, please let me know. I can send config file.

      Thanks in advance for your help.

      Vincent

      1 Reply Last reply Reply Quote 0
      • H
        hoba
        last edited by

        The problem is by "design" of the cp. It doesn't use threads and can't authenticate more than one user simultaneously. So if you have more than 60 users for example and one authentication against a radius server takes about 1 second and you have "Reauthenticate connected users every minute" enabled it will be busy all the time to authenticate users. Jonathan DeGreave, the creator of the CP in m0n0 is already working on a more powerful CP version that won't have this limitation and which will run threaded.

        Atm you simply reach the limit of what the current CP implementation is capable to handle.

        1 Reply Last reply Reply Quote 0
        • V
          vd
          last edited by

          Thanks Hoba for your response.

          Well, while waiting for the new version of CP, do you have any workaround to this limit ?
          Am I the only user to have reach this limit ?

          Thanks in advance for you invaluable help and for your great product

          Vincent

          1 Reply Last reply Reply Quote 0
          • H
            hoba
            last edited by

            I don't think there is a workaround for this. The situation can even become worse if a user has a typo during login as some radius servers then usually delay the answer to prevent brute force attacks. You should try to discuss this at the m0n0 list as the CP we use is nearly a 100% port of the m0n0 feature and as it is still under developement there we don't plan to touch it to stay syncable with their code regarding to this.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.