Captiveportal max users

dhatz

Perhaps the Pfsense project could also consider SQLite (http://en.wikipedia.org/wiki/SQLite http://www.freebsd.org/cgi/cvsweb.cgi/ports/databases/sqlite3/) instead of PostgresSQL

ianrhen

this is my customized monitoring module for captiveportal logged-in users in one of our network segment. :) using pfsense 2.0, apache2, php5, postgresql9 DBserver.

monitoring.jpg_thumb

valshare

is the bug existent in 2.0 Final?

If not, are there any workaround?

dhatz

I wonder, what are the practical limitations of pfsense's Captive Portal?
Has anyone used pfsense for large hotspots, e.g. 2000 or even 5000 active users?
What are the bottlenecks of the built-in voucher system?

I've been experimenting with /var/etc/lighty-CaptivePortal.conf in an attempt to improve performance.

I've also checked the suggestions in http://mum.mikrotik.com/presentations/US10/FelixWindt.pdf some are obviously platform-specific, others however are general, e.g.:

Lots of applications use HTTP but are not prepared to handle Hotspots
We see an average of 14 redirects to the login page before the user interacts with it
Malware can spawn HTTP requests at a very high rate
Offload services: DHCP, DNS, User Authentication
etc

eri--

From what i know in pfSense 2.0 there is not much overhead on lighty and the speed should be quite managable.
Usually it depends on the hardware but i can say it can scale up-to 5000 if you have more than 2GB of RAM and a decent CPU.

dhatz

Thx for feedback Ermal.

I'm asking because a diff /var/etc/lighty-*conf shows very few differences between the config used for pfsense webGUI and CP, basically only the server.max-request-size

I did some testing with ab (apachebench)

$ ab -n 300 -c 4 http://pfsense-ip:8000/

but the benchmark results weren't very high (however this was on a lowly 256MB VM)

So I'm experimenting with increasing RAM and tuning lighttpd, e.g. server.max-keep-alive-requests and increasing php-fcgi children.

eri--

I am not sure you will gain much.
What will help with tweaking is pretty much an option on the GUI.

Though i wonder how you test the CP performance?

valshare

Hi,

is there a fix for the limit of the max. users?

regards, valle

dhatz

@ermal:

I am not sure you will gain much.
What will help with tweaking is pretty much an option on the GUI.

Though i wonder how you test the CP performance?

Right, I can't think of an easy way to simulate many (1000+) users actually logging-in via the CP. It seems one would have to obtain multiple MAC addresses and hold all of the received IPs in use with virtual interfaces and submit a form post of the username+pass via the CP login form. Which is why I asked for any real-life hotspots using pfsense.

However, I did try some performance testing of just /usr/local/captiveportal/index.php using apachebench (stats I've seen suggest that it takes ~20 redirects to a CP splash-page for every actual login, apparently due to the various widgets that people run on their devices, e.g. to retrieve weather info, stockmarket data, update antivirus db etc)

valshare

@ianrhen:

sure. just give me some time to organize it first. i will also explain things about my setup so those others out there who might also looking for this kind of setup would benefit from it :)

why you didn´t share your setup with us?

cmb

@dhatz:

I wonder, what are the practical limitations of pfsense's Captive Portal?
Has anyone used pfsense for large hotspots, e.g. 2000 or even 5000 active users?

Yes, there are WISPs who have 2000+ active users on a single box.

trunglam

anybody try with freeradius?
I think ianrhen have good idea to build radius server

j.comulada

I've tried with 40.000 users.

Scenario: 2 computers
pfSense 1: old VIA Nehemia CPU with Captive Portal, 2.0.1 Release (i386), 1Gb RAM
pfSense 2: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz with FreeRadius2, 2.0.1 Release (i386), 4 Gb RAM

In PC 1 I have a Captive Portal with Radius Authentication over second PC.

Provisioning users to Radius has been via .xml configuration files.

I've been uploading users from 10.000 to 10.000. All changes and problems had been at FreeRADIUS computer.

Until 20.000 users, system works fine, nothing changes (well, a little bit slow)
At 30.000 users, system has been slowed seriously: more than 5 minutes to boot, load, save configuration o any other work that involves a write to disk.
At 40.000 users, system has been slowed DRAMATICALLY: more than 45 minutes to boot, load, save configuration, etc…

But, it works !!!!

I can authenticate in my CP as fewer users load.

Best regards.

ianrhen

you mean 40,000 users connected at the same time?

j.comulada

No, I have about 100-200 concurrent users.

40K users are in Radius database.