Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How do I create bandwidth caps?

    Traffic Shaping
    4
    9
    4.7k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      fbiryujin
      last edited by

      I have an IPSec site-to-site setup, and I'd like to create a monthly hard limit on the amount of GB a single LAN IP can transfer over the IPSec connection in order to prevent transfer abuse.  How can I set this up?

      Thanks

      1 Reply Last reply Reply Quote 0
      • M
        Metu69salemi
        last edited by

        if i remember right there is no straight forward mean to do monthly restrictions. but i can remember it wrongly

        1 Reply Last reply Reply Quote 0
        • jimpJ
          jimp Rebel Alliance Developer Netgate
          last edited by

          There isn't a way to set long-term limits in that way built into the system.

          If you use something like Captive Portal and tie that back to a RADIUS server, you could do such a limit via RADIUS accounting if the RADIUS server software supports limits like that.

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • F
            fbiryujin
            last edited by

            That could work.  Do you know if Windows Server 2008 R2 RADIUS supports that feature?

            1 Reply Last reply Reply Quote 0
            • jimpJ
              jimp Rebel Alliance Developer Netgate
              last edited by

              I don't know. I know it does support accounting if you turn that on, but I'm not sure if it can act on the data there. It's probably something you can do in NPS one way or another. I know there are a lot of different policies you can set in there. I haven't done much with it first-hand but I've helped several people get it talking to pfSense for use with things like OpenVPN.

              Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

              Need help fast? Netgate Global Support!

              Do not Chat/PM for help!

              1 Reply Last reply Reply Quote 0
              • F
                fbiryujin
                last edited by

                Ah ok.  Right now I'm trying to figure that out. Also gotta figure out how to have RADIUS for PPTP and Captive Portal, without users having access to both or neither.  So far I can only get it to authenticate both, or neither :/ (That's probably too off topic, and in need of another thread though)

                1 Reply Last reply Reply Quote 0
                • jimpJ
                  jimp Rebel Alliance Developer Netgate
                  last edited by

                  Not sure if that is possible the way things are done, but yeah that's probably a topic for another thread. I'm not sure if NPS can distinguish between pfSense requests for those two systems. You might be able to find a radius attribute that is only present in one or the other and limit based on that, make groups that can only get access based on the presence of a certain attribute.

                  Probably need to sniff the requests with tcpdump/wireshark and insepct them.

                  Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                  Need help fast? Netgate Global Support!

                  Do not Chat/PM for help!

                  1 Reply Last reply Reply Quote 0
                  • F
                    fbiryujin
                    last edited by

                    That might work.  I think that if RADIUS auth's any of the parameters in the list, it is considered a success though, so I think I'd need to either have 2 separate RADIUS servers, or contact a Windows expert.

                    1 Reply Last reply Reply Quote 0
                    • R
                      rafaelmagu
                      last edited by

                      I have that with daloRADIUS. Each user has 1GB free per month (it's a hostel) and they can buy additional data packs. It does require a manual reset of the free plans, though. I suppose a clever cron job could run that every 1st of the month.

                      Bear in mind that traffic accounting seems to be broken in pfSense 2.0-RELEASE. I'm seeing a big increase in traffic usage reports from RADIUS even though the ISP saw no difference on the monthly usage. It seems pfSense is incorrectly multiplying the real traffic used (sometimes by 6 times).

                      Pretty much the same as here: http://forum.pfsense.org/index.php/topic,39555.0.html

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.