Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    freeradius limit speed per user

    Scheduled Pinned Locked Moved General pfSense Questions
    18 Posts 3 Posters 4.3k Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E Offline
      ed-tech
      last edited by

      Hi there, i am trying to setup speed limit per user with freeradius, i did put the limit to Traffic and Bandwidth but it does not work, users still get full speed. Is there any specific configuration that i need to make ?

      1 Reply Last reply Reply Quote 0
      • GertjanG Offline
        Gertjan
        last edited by

        Hi,

        151455ca-c19d-4491-bd2a-460b40d5255a-image.png

        Limits me to 5 Mbits up, and 5 Mbits down. A speed test confirmed these numbers.
        And 4096 Mbytes traffic (up and down combined) per day (not related here but believe me, after 4 G bytes I'm thrown off the portal).

        Check : my device uses IP 192.168.2.75 :

        ipfw table all list
        ......
        --- table(cpzone1_auth_up), set(0) ---
        192.168.2.75/32 02:81:5f:85:a4:a0 2018 7397 10202718 1606236310
        .......
        --- table(cpzone1_auth_down), set(0) ---
        192.168.2.75/32 2019 4776 490820 1606236245
        .......
        

        Rule numbers are 2018 and 2019.

        Back in the GUI :

        bd9fd526-687b-4090-8010-7f612b497b92-image.png

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 0
        • E Offline
          ed-tech
          last edited by

          I know that it works with captive portal but i dont want to use captive portal, i just want to use freeradius and my client to connect with pppoe

          1 Reply Last reply Reply Quote 0
          • stephenw10S Offline
            stephenw10 Netgate Administrator
            last edited by

            So you are using the PPPoE server in pfSense authenticating against Freeadius also in pfSense?

            Anything logged that shows it might be trying to use the values?

            Steve

            1 Reply Last reply Reply Quote 0
            • E Offline
              ed-tech
              last edited by

              yes i have enable pppoe server that redirects client to freeradius in pfsense. Here are the information from clients config :
              /usr/local/etc/raddb/users

              "test" Cleartext-Password := "test"

              WISPr-Bandwidth-Max-Up := 1000000,
              WISPr-Bandwidth-Max-Down := 1000000,
              WISPr-Redirection-URL := http://www.google.com,
              pfSense-Max-Total-Octets := 5242880000,
              
              Exec-Program-Wait = "/bin/sh /usr/local/etc/raddb/scripts/datacounter_auth.sh test monthly"
              
              GertjanG 1 Reply Last reply Reply Quote 0
              • GertjanG Offline
                Gertjan @ed-tech
                last edited by

                @edmond said in freeradius limit speed per user:

                WISPr-Bandwidth-Max-Up := 1000000,
                WISPr-Bandwidth-Max-Down := 1000000,

                That's what the Freeradius package from pfSense, the GUI, uses as it's config file. What you see on screen is used to build a users.conf file.
                Do what I did : look at a firewall level, see if you can find how authorized users are able to pass through. Is pppoe using firewall rules for this ? Is it using limiters or something like that ? Etc.

                No "help me" PM's please. Use the forum, the community will thank you.
                Edit : and where are the logs ??

                1 Reply Last reply Reply Quote 0
                • E Offline
                  ed-tech
                  last edited by

                  in the firewall rule PPPoe Server tab i have pppoe client as Source, i dont have any limiter, no idea how to make it work

                  1 Reply Last reply Reply Quote 0
                  • GertjanG Offline
                    Gertjan
                    last edited by

                    As far as I know, the pfSense Freeradius package is build to support some option that are made available to the captive portal part of pfSense.
                    The captive portal makes us of a second firewall, ipfw, in extension to the default pf firewall, the one you can manipulate using the GUI.

                    (Free)Radius can only do one thing : depending on its input parameters, it can say yes or no. Often used as "access" or "no access". Glue code is needed to open a door, or maintain a firewall rule and a rate a limiter.
                    It's very possible that the rate limiting you look for isn't implemented in the pppoe server when access is granted using the freeradius package.

                    I hope some one can proof me wrong. I'm not using the pppoe server myself.

                    No "help me" PM's please. Use the forum, the community will thank you.
                    Edit : and where are the logs ??

                    1 Reply Last reply Reply Quote 0
                    • E Offline
                      ed-tech
                      last edited by

                      i just want to control the speed of my client based on username so the only way to do that i think its with pppoe

                      1 Reply Last reply Reply Quote 0
                      • E Offline
                        ed-tech
                        last edited by

                        this is how i made it to work for now: In captive protal add mac address for that user and speed limit (not sure why it only works with mac adress), in free radius Users the Amount of Download and Upload Traffic works but the speed limit is not working. So the speed limit works with captive protal and the amount of traffic works in freeradius Users

                        1 Reply Last reply Reply Quote 0
                        • GertjanG Offline
                          Gertjan
                          last edited by

                          If you do not have many users, and every user has it's own access firewall rule, you could add - manually - to each rule a 'pipe' that controls the speed of that user.

                          No "help me" PM's please. Use the forum, the community will thank you.
                          Edit : and where are the logs ??

                          1 Reply Last reply Reply Quote 0
                          • stephenw10S Offline
                            stephenw10 Netgate Administrator
                            last edited by

                            mpd5 should do the rate limiting here as long as it's passed the correct attributes by radius.
                            For example: https://forum.netgate.com/topic/141034/rate-limit-on-radius-reply-attributes-for-pppoe-connections-not-working

                            I was pretty sure I had tested this at some point but looking back I may only have tested radius accounting.

                            Steve

                            E 1 Reply Last reply Reply Quote 0
                            • E Offline
                              ed-tech
                              last edited by

                              Its interesting because when i add a mac address from freeradius for a user with speed limit here is what is see on the LIMITER INFO: Limiters: No limiters were found on this system. But when i add a mac address on the captive portal with speed limit here is what i see on the LIMITER INFO: Limiters:
                              02002: 1.700 Mbit/s 0 ms burst 0
                              q133074 100 sl. 0 flows (1 buckets) sched 67538 weight 0 lmax 0 pri 0 droptail
                              sched 67538 type FIFO flags 0x0 16 buckets 0 active
                              02003: 1.700 Mbit/s 0 ms burst 0
                              q133075 100 sl. 0 flows (1 buckets) sched 67539 weight 0 lmax 0 pri 0 droptail
                              sched 67539 type FIFO flags 0x0 16 buckets 0 active

                              I dont know why it works with captive portal and not with freeradius

                              1 Reply Last reply Reply Quote 0
                              • E Offline
                                ed-tech @stephenw10
                                last edited by

                                @stephenw10 so it looks like it needs some modification to work, now its working with those modifications

                                1 Reply Last reply Reply Quote 0
                                • stephenw10S Offline
                                  stephenw10 Netgate Administrator
                                  last edited by stephenw10

                                  You have tested that and it's working for you?

                                  Seems like we would only need that dictionary file added to Freeradius.

                                  Steve

                                  1 Reply Last reply Reply Quote 0
                                  • E Offline
                                    ed-tech
                                    last edited by

                                    Yes its working for me

                                    1 Reply Last reply Reply Quote 0
                                    • stephenw10S Offline
                                      stephenw10 Netgate Administrator
                                      last edited by

                                      Ah good to hear!

                                      1 Reply Last reply Reply Quote 0
                                      • stephenw10S Offline
                                        stephenw10 Netgate Administrator
                                        last edited by

                                        Opened a feature request: https://redmine.pfsense.org/issues/11102

                                        Add a comments there if more is needed.

                                        Steve

                                        1 Reply Last reply Reply Quote 0
                                        • First post
                                          Last post
                                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.