freeradius limit speed per user
-
As far as I know, the pfSense Freeradius package is build to support some option that are made available to the captive portal part of pfSense.
The captive portal makes us of a second firewall, ipfw, in extension to the default pf firewall, the one you can manipulate using the GUI.(Free)Radius can only do one thing : depending on its input parameters, it can say yes or no. Often used as "access" or "no access". Glue code is needed to open a door, or maintain a firewall rule and a rate a limiter.
It's very possible that the rate limiting you look for isn't implemented in the pppoe server when access is granted using the freeradius package.I hope some one can proof me wrong. I'm not using the pppoe server myself.
-
i just want to control the speed of my client based on username so the only way to do that i think its with pppoe
-
this is how i made it to work for now: In captive protal add mac address for that user and speed limit (not sure why it only works with mac adress), in free radius Users the Amount of Download and Upload Traffic works but the speed limit is not working. So the speed limit works with captive protal and the amount of traffic works in freeradius Users
-
If you do not have many users, and every user has it's own access firewall rule, you could add - manually - to each rule a 'pipe' that controls the speed of that user.
-
mpd5 should do the rate limiting here as long as it's passed the correct attributes by radius.
For example: https://forum.netgate.com/topic/141034/rate-limit-on-radius-reply-attributes-for-pppoe-connections-not-workingI was pretty sure I had tested this at some point but looking back I may only have tested radius accounting.
Steve
-
Its interesting because when i add a mac address from freeradius for a user with speed limit here is what is see on the LIMITER INFO: Limiters: No limiters were found on this system. But when i add a mac address on the captive portal with speed limit here is what i see on the LIMITER INFO: Limiters:
02002: 1.700 Mbit/s 0 ms burst 0
q133074 100 sl. 0 flows (1 buckets) sched 67538 weight 0 lmax 0 pri 0 droptail
sched 67538 type FIFO flags 0x0 16 buckets 0 active
02003: 1.700 Mbit/s 0 ms burst 0
q133075 100 sl. 0 flows (1 buckets) sched 67539 weight 0 lmax 0 pri 0 droptail
sched 67539 type FIFO flags 0x0 16 buckets 0 active
I dont know why it works with captive portal and not with freeradius -
@stephenw10 so it looks like it needs some modification to work, now its working with those modifications
-
You have tested that and it's working for you?
Seems like we would only need that dictionary file added to Freeradius.
Steve
-
Yes its working for me
-
Ah good to hear!
-
Opened a feature request: https://redmine.pfsense.org/issues/11102
Add a comments there if more is needed.
Steve
