[SOLVED] RADIUS accounting packets seem to be broken.



  • I have been trying to get RADIUS accounting working for the last couple days with little success and after a lot of screwing around i have come to the conclusion that pfSense is sending invalid accounting packets to RADIUS.

    The issue i am having is as soon as a user logs in via CP RADIUS shows that user starts using data at a constant rate regardless of what the user is actually doing. Even if i disconnect the user from the network but leave them logged in they continue using data. The rate at which the user uses data seems to change every time the user logs in but is constant as long as the user stays logged in.

    Today i finally gave up on the RADIUS package and switched to an external RADIUS server (daloRADIUS) but the external server is showing the exact same behavior which would suggest this is an issue with pfSense itself not the radius package.

    Her is a sample of the data being sent to the external radius server.
    http://ss.brandon3055.com/umka2ly.png

    I think what may be happening is pfSense is generating an accounting packet the first minute the user is logged in then just sending the exact same packet every minute instead of generating a new one every minute.

    I still havent completely ruled out the possibility that this is a configuration issue on my end but at this point that seems unlikely. I have so far tried this with my main pfSense router and i have also setup a new clean system with  the latest pfSense release (2.3.3) both systems showed the same issue.

    If this is an issue with pfSesne i really hope it can be fixed as soon as possible because i really want to implement accounting on my network.

    Edit: You will probably want to see my Captive Portal config
    http://ss.brandon3055.com/ap8oh04.png
    http://ss.brandon3055.com/rg9stfd.png



  • It's probably the accounting updates mode, I don't know who created the Stop/Start methods and why (and most of all why one mentions FreeRADIUS, I was using FreeRADIUS with standard interim updates in 2008) but if you don't have a specific reason to use it, try with "Interim."



  • @plumbeo:

    It's probably the accounting updates mode, I don't know who created the Stop/Start methods and why (and most of all why one mentions FreeRADIUS, I was using FreeRADIUS with standard interim updates in 2008) but if you don't have a specific reason to use it, try with "Interim."

    I cant believe i did not try that! I tried pretty much everything else. But that seems to have fixed it so Thankyou! All of the documentation i read said to use Start/Stop so that probably needs to be changed.
    Im guessing this is still a bug with the Start/Stop mode so i will leave my issue open and add a note about this.

    One thing i noticed about using interim updates is the user data isnt saved to "used-octets-<username>" Its saved to "used-octets-<username>-5bd5221a55b3bbd8"  which seems to be a temporary cache file for the specific machine the user has logged in on. Once the user logs out that cache is added to the main used-octets file and deleted. This will make my scripts a little more "interesting" but shouldnt be a problem.</username></username>