Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    CP + Radius + Bandwidth limits (broken?)

    Captive Portal
    3
    8
    4.7k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      thermo
      last edited by

      Could anyone using the CP with Radius and Upload/Download bandwidth restrictions please confirm the following;
      The CP seems to get confused with its accounting and returns the accounting data which has occurred in the last minute, rather than the total accumulation since the session start. Disabling the CP bandwidth restrictions seems to return it its normal working state, which is to account for the total data since the start of the session.

      Steps to reproduce:

      Captive Portal:

      • Enable Per-User Bandwidth Restriction (Upload and Download limits left blank)

      • Enable & Configure radius server for authentication and accounting.

      • Enable Interim Updates

      • Enable Re-Authentication every minute

      Radius:

      • Create a user with these reply items:

      WISPr-Bandwidth-Max-Down := 128000
          WISPr-Bandwidth-Max-Up := 32000

      Connect the client through the CP, and download some random amount of data (for under 60 secs).

      radiushost: /usr/sbin/radiusd -X

      
*1st Accounting-Request:

      Acct-Input-Packets = 894
**    Acct-Input-Octets = 66224
      Acct-Input-Gigawords = 0
      Acct-Output-Packets = 517
**    Acct-Output-Octets = 397630

-->*Now let the client be idle without any download activity*

 *2nd accounting request:

    Acct-Input-Packets = 59
**  Acct-Input-Octets = 4489
    Acct-Input-Gigawords = 0
    Acct-Output-Packets = 15
**  Acct-Output-Octets = 4252
    Acct-Output-Gigawords = 0
    Acct-Session-Time = 157

*3rd accounting request:

     Acct-Input-Packets = 10
**   Acct-Input-Octets = 1552
     Acct-Input-Gigawords = 0
     Acct-Output-Packets = 8
**   Acct-Output-Octets = 2829
     Acct-Output-Gigawords = 0
     Acct-Session-Time = 217

*and eventual 4th/final:

    Acct-Input-Packets = 0
**  Acct-Input-Octets = 0
    Acct-Input-Gigawords = 0
    Acct-Output-Packets = 0
**  Acct-Output-Octets = 0
    Acct-Output-Gigawords = 0
-->  Acct-Session-Time = 4294834785 (looks odd)
    Acct-Terminate-Cause = Idle-Timeout
      1 Reply Last reply Reply Quote 0
      • N
        Nachtfalke
        last edited by

        You mixed up some things.

        Bandwidth and quota.

        Limiting the bandwith is what you did. You limit a user to use a maximum of 128000 Bit per seconds for download and upload.

        Acct_input-Octets (what you posted in the log) is for download/upload quota.
        With pfsense 2.0.1 this is not working because of a bug in CP. It was fixed in pfsense 2.0.2 and 2.1.

        1 Reply Last reply Reply Quote 0
        • T
          thermo
          last edited by

          Hi Nachtfalke,
          sorry I should I have mentioned, this is with 2.0.2 - I was aware that 2.0.1 CP had problems with counting data.
          2.0.2 CP  works fine with counting the amount of download/upload, but if the bandwidth limit is enabled via Radius (WISPr-Bandwidth-Max-Down/UP), then the data counting doesn't work as per my previous post.

          To try and make it clearer, assume that a CP user is downloading+uploading 500KB per minute for 3 minutes.

          How it should work in the accounting requests, (and does work OK with CP+Radius bandwidth limit off)

          After 1 minute:
              Download + Upload = 500KB
          After 2 minutes:
              Download + Upload = 1000KB
          After 3 Minutes:
              Download + Upload = 1500KB

          But enable bandwidth limit & Wispr* reply attributes, and the Accounting becomes:
          1 minute: 500KB
          2 minutes: 500KB
          3 minutes: 500KB

          Hope that is clearer.

          1 Reply Last reply Reply Quote 0
          • N
            Nachtfalke
            last edited by

            Ah ok,

            which kind of accounting do you use - stop/start or interim ?
            For quota you must use stop/start accounting.

            What is happening if you set the bandwidth limit on CP page instead on RADIUS?

            1 Reply Last reply Reply Quote 0
            • T
              thermo
              last edited by

              • Using interim updates.
              • Disabling the Wispr* attributes and putting in a limit on the CP has the same problem (accounting is for the last minute only), so Wispr* isn't directly connected.
              1 Reply Last reply Reply Quote 0
              • perikoP
                periko
                last edited by

                Hi thermo.

                I have some issue like yours, but I want to use "Amount of Time", the accounting is not doing his job.

                I'm working on a full install on other machine, doing this manually and see what is causing accounting not working, I need to understand how FR2 works and see if pfsense have issues with or FR2.

                I will let u know, but looks like is the same behavior.

                pfsense 2.0.1.

                Necesitan Soporte de Pfsense en México?/Need Pfsense Support in Mexico?
                www.bajaopensolutions.com
                https://www.facebook.com/BajaOpenSolutions
                Quieres aprender PfSense, visita mi canal de youtube:
                https://www.youtube.com/c/PedroMorenoBOS

                1 Reply Last reply Reply Quote 0
                • T
                  thermo
                  last edited by

                  Periko,
                  I haven't looked at the time based accounting, but to debug, kill then start freeradius with "radiusd -X", and look at the accounting Request packets which are sent. Do you have any bandwidth limits on the captive portal enabled?

                  1 Reply Last reply Reply Quote 0
                  • perikoP
                    periko
                    last edited by

                    No bandwidth limits in CP, I will try your tip and let u know, thanks!!!

                    Necesitan Soporte de Pfsense en México?/Need Pfsense Support in Mexico?
                    www.bajaopensolutions.com
                    https://www.facebook.com/BajaOpenSolutions
                    Quieres aprender PfSense, visita mi canal de youtube:
                    https://www.youtube.com/c/PedroMorenoBOS

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.