Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    freeradius limit speed per user

    Scheduled Pinned Locked Moved General pfSense Questions
    18 Posts 3 Posters 4.3k Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • GertjanG Offline
      Gertjan
      last edited by

      Hi,

      151455ca-c19d-4491-bd2a-460b40d5255a-image.png

      Limits me to 5 Mbits up, and 5 Mbits down. A speed test confirmed these numbers.
      And 4096 Mbytes traffic (up and down combined) per day (not related here but believe me, after 4 G bytes I'm thrown off the portal).

      Check : my device uses IP 192.168.2.75 :

      ipfw table all list
      ......
      --- table(cpzone1_auth_up), set(0) ---
      192.168.2.75/32 02:81:5f:85:a4:a0 2018 7397 10202718 1606236310
      .......
      --- table(cpzone1_auth_down), set(0) ---
      192.168.2.75/32 2019 4776 490820 1606236245
      .......
      

      Rule numbers are 2018 and 2019.

      Back in the GUI :

      bd9fd526-687b-4090-8010-7f612b497b92-image.png

      No "help me" PM's please. Use the forum, the community will thank you.
      Edit : and where are the logs ??

      1 Reply Last reply Reply Quote 0
      • E Offline
        ed-tech
        last edited by

        I know that it works with captive portal but i dont want to use captive portal, i just want to use freeradius and my client to connect with pppoe

        1 Reply Last reply Reply Quote 0
        • stephenw10S Offline
          stephenw10 Netgate Administrator
          last edited by

          So you are using the PPPoE server in pfSense authenticating against Freeadius also in pfSense?

          Anything logged that shows it might be trying to use the values?

          Steve

          1 Reply Last reply Reply Quote 0
          • E Offline
            ed-tech
            last edited by

            yes i have enable pppoe server that redirects client to freeradius in pfsense. Here are the information from clients config :
            /usr/local/etc/raddb/users

            "test" Cleartext-Password := "test"

            WISPr-Bandwidth-Max-Up := 1000000,
            WISPr-Bandwidth-Max-Down := 1000000,
            WISPr-Redirection-URL := http://www.google.com,
            pfSense-Max-Total-Octets := 5242880000,
            
            Exec-Program-Wait = "/bin/sh /usr/local/etc/raddb/scripts/datacounter_auth.sh test monthly"
            
            GertjanG 1 Reply Last reply Reply Quote 0
            • GertjanG Offline
              Gertjan @ed-tech
              last edited by

              @edmond said in freeradius limit speed per user:

              WISPr-Bandwidth-Max-Up := 1000000,
              WISPr-Bandwidth-Max-Down := 1000000,

              That's what the Freeradius package from pfSense, the GUI, uses as it's config file. What you see on screen is used to build a users.conf file.
              Do what I did : look at a firewall level, see if you can find how authorized users are able to pass through. Is pppoe using firewall rules for this ? Is it using limiters or something like that ? Etc.

              No "help me" PM's please. Use the forum, the community will thank you.
              Edit : and where are the logs ??

              1 Reply Last reply Reply Quote 0
              • E Offline
                ed-tech
                last edited by

                in the firewall rule PPPoe Server tab i have pppoe client as Source, i dont have any limiter, no idea how to make it work

                1 Reply Last reply Reply Quote 0
                • GertjanG Offline
                  Gertjan
                  last edited by

                  As far as I know, the pfSense Freeradius package is build to support some option that are made available to the captive portal part of pfSense.
                  The captive portal makes us of a second firewall, ipfw, in extension to the default pf firewall, the one you can manipulate using the GUI.

                  (Free)Radius can only do one thing : depending on its input parameters, it can say yes or no. Often used as "access" or "no access". Glue code is needed to open a door, or maintain a firewall rule and a rate a limiter.
                  It's very possible that the rate limiting you look for isn't implemented in the pppoe server when access is granted using the freeradius package.

                  I hope some one can proof me wrong. I'm not using the pppoe server myself.

                  No "help me" PM's please. Use the forum, the community will thank you.
                  Edit : and where are the logs ??

                  1 Reply Last reply Reply Quote 0
                  • E Offline
                    ed-tech
                    last edited by

                    i just want to control the speed of my client based on username so the only way to do that i think its with pppoe

                    1 Reply Last reply Reply Quote 0
                    • E Offline
                      ed-tech
                      last edited by

                      this is how i made it to work for now: In captive protal add mac address for that user and speed limit (not sure why it only works with mac adress), in free radius Users the Amount of Download and Upload Traffic works but the speed limit is not working. So the speed limit works with captive protal and the amount of traffic works in freeradius Users

                      1 Reply Last reply Reply Quote 0
                      • GertjanG Offline
                        Gertjan
                        last edited by

                        If you do not have many users, and every user has it's own access firewall rule, you could add - manually - to each rule a 'pipe' that controls the speed of that user.

                        No "help me" PM's please. Use the forum, the community will thank you.
                        Edit : and where are the logs ??

                        1 Reply Last reply Reply Quote 0
                        • stephenw10S Offline
                          stephenw10 Netgate Administrator
                          last edited by

                          mpd5 should do the rate limiting here as long as it's passed the correct attributes by radius.
                          For example: https://forum.netgate.com/topic/141034/rate-limit-on-radius-reply-attributes-for-pppoe-connections-not-working

                          I was pretty sure I had tested this at some point but looking back I may only have tested radius accounting.

                          Steve

                          E 1 Reply Last reply Reply Quote 0
                          • E Offline
                            ed-tech
                            last edited by

                            Its interesting because when i add a mac address from freeradius for a user with speed limit here is what is see on the LIMITER INFO: Limiters: No limiters were found on this system. But when i add a mac address on the captive portal with speed limit here is what i see on the LIMITER INFO: Limiters:
                            02002: 1.700 Mbit/s 0 ms burst 0
                            q133074 100 sl. 0 flows (1 buckets) sched 67538 weight 0 lmax 0 pri 0 droptail
                            sched 67538 type FIFO flags 0x0 16 buckets 0 active
                            02003: 1.700 Mbit/s 0 ms burst 0
                            q133075 100 sl. 0 flows (1 buckets) sched 67539 weight 0 lmax 0 pri 0 droptail
                            sched 67539 type FIFO flags 0x0 16 buckets 0 active

                            I dont know why it works with captive portal and not with freeradius

                            1 Reply Last reply Reply Quote 0
                            • E Offline
                              ed-tech @stephenw10
                              last edited by

                              @stephenw10 so it looks like it needs some modification to work, now its working with those modifications

                              1 Reply Last reply Reply Quote 0
                              • stephenw10S Offline
                                stephenw10 Netgate Administrator
                                last edited by stephenw10

                                You have tested that and it's working for you?

                                Seems like we would only need that dictionary file added to Freeradius.

                                Steve

                                1 Reply Last reply Reply Quote 0
                                • E Offline
                                  ed-tech
                                  last edited by

                                  Yes its working for me

                                  1 Reply Last reply Reply Quote 0
                                  • stephenw10S Offline
                                    stephenw10 Netgate Administrator
                                    last edited by

                                    Ah good to hear!

                                    1 Reply Last reply Reply Quote 0
                                    • stephenw10S Offline
                                      stephenw10 Netgate Administrator
                                      last edited by

                                      Opened a feature request: https://redmine.pfsense.org/issues/11102

                                      Add a comments there if more is needed.

                                      Steve

                                      1 Reply Last reply Reply Quote 0
                                      • First post
                                        Last post
                                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.