How can i shape/un-shape a user's bandwidth via a bash script? (FreeRADIUS)



  • Im currently working on a little project to help me manage data usage on my network.

    I am on a very limited data allowance that is split into a peak and off peak period so i deeded a way to give each user on the network their own peak/off peak allowance. But of course i could not find anything that could do this so i decided to build something.

    What i have so far is a script that allows me to seat a monthly peak and off peak data limit for each user on the network. That data is split up into even portions for each day of the month. When a user exceeds their peak or off peak allowance for the day they will be automatically shaped.

    The entire thing is built on the FreeRADIUS accounting data. So i just set the accounting period to monthly and set each users data limit to some very high number that they should not reach then the script simply reads the accounting data. At some point i plan to add a php interface so that users can login and check their usage but im not sure if thats possible yet.

    At this point the script is pretty much done but there is one thing i cant figure out and thats how to actually handle shaping/un-shaping the users. Does anyone know how i can manipulate FreeRADIUS user settings from a bash script? Specifically i need to be able to set the "Maximum Bandwidth Down" and "Maximum Bandwidth Up" fields.

    If anyone can help me with this it would be greatly appreciated! I am so close to a solution i have been seeking for meany years now.

    Edit: I think i found a way to do it by editing the radius users file then restarting the radius service so the changes take effect. But it would be a lot easier if there was a command i could simply run to edit a user. If radius has a command for that i have not found it yet.



  • Is there really no proper way to do this? I managed to get it working by editing the users file and restarting the radius service but thats causing some issues because it stops radius merging the temp accounting files. Thats not the end of the world because my script reads those files but it creates a bit of a mess and its far from ideal. It also seems like radius is showing inaccurate usage for some users which may or may not be related. Its showing that they are using more then they actually are.



  • You can fairly distribute bandwidth between all IP devices (accessing the Internet) evenly, in PfSense, using LIMITERS @Firewall/Traffic Shaper

    (Keep in mind that limiters wont work on machine where NAT and/or Squid is used.
    Errata claims that Limiters/NAT combination was fixed in pfSense 2.4, though.
    Not sure about Limiters/Squid combo)

    How does it work?
    For instance, you got 100 Mbps Internet bandwidth and 100 simultaneous users: that will be equally distributed between between them, giving each @1 Mbps download. If some of them disconnected or just stopped using the Internet or require less incoming pipe, then, the rest of bandwidth will get evenly distributed between leftover "hungry lads."

    There are plenty of guides how to do it (including this forum). Reach me out if you need assistance.

    If Windows machines are under your control, you can also set up WSUS to cache Win updates. I am doing it with Squid Proxy with highly modified configuration (not supported through standard web GUI of pfSense)

    If you have Apple devices, you can leverage Macos Server to cache iTunes, Software updates, IOS updates, iCloud, etc.  (requires Mac OS X) - transparent, and does not require any setup on clients. Just plug it somewhere in LAN port, do basic setup and it works like a charm! 20$ in App Store.

    In my setup, it was decided to drop Radius implementation since it required lots of administrative overhead.



  • @brandon3055:

    Im currently working on a little project to help me manage data usage on my network.

    I am on a very limited data allowance that is split into a peak and off peak period so i deeded a way to give each user on the network their own peak/off peak allowance. But of course i could not find anything that could do this so i decided to build something.

    What i have so far is a script that allows me to seat a monthly peak and off peak data limit for each user on the network. That data is split up into even portions for each day of the month. When a user exceeds their peak or off peak allowance for the day they will be automatically shaped.

    Its amazing how many people cant tell the difference between data and bandwidth these days.

    Im talking about limiting users data usage as in total bytes uploaded and downloaded over a period of time. NOT Bandwidth which is maximum data i/o speed.

    Bandwidth shaping is simply the method i am using to restrict a users data usage once they have exceeded their data cap.

    Sorry it just annoys me how often people get these two fundamentally different concepts mixed up.



  • You have full right to be annoyed, mate. Though I would suggest you to be a little bit more polite in this forum and try to understand what the other person suggest instead of spending your time here while whining/explaining to us your emotional state. Nobody is interested to hear that :))

    I have not answered your question directly, just outlined possibilities that would, from my point of view, help you to achieve your goal/allow you to better manage your bandwidth, because it seemed to be it is what you wanted, right?

    • What about services in your network? Some of them are more critical than others. Maybe better to setup priorities based on firewall rules / traffic shaping for different types of traffic (also you can fine tune it based on source/destination IP addresses too)

    Suggestions:

    In current days users might not be even aware (of course you might have different situation) that their device has used so much bandwidth (silent windows updates, for instance, might consume your data cap) and then you are running into IT support/administration hell. I would better suggest some of the points that might be useful or not depending on nature of business of your shop/network:

    • filter most of the services/sites that are unnecessary or shape them to lower priorities
      good candidates: video streaming, video calls, cloud storage

    • filter advertisements

    • filter proxies/vpn/torrents/tor/other p2p

    • filter windows/apple/android updates
      Or tune-up caching for them and then allow them to run normal
      If your network is Windows based and under your control - run WSUS
      If its mostly Mac - Run MacOS Cache server
      Android - well, no solution to cache that.

    • It is possible to  apply schedule to filters based on your requirements.

    • If you use some b/w reporting software and able to see how much is consumed per user/device, than you can punish repeated offenders by putting them in throttled limiter queue or assigning them lower priority queue (depending on your requirements and skills)

    -  implement Limiters (that I mentioned in my previous message), that would not allow
    all of your people to utilize bandwidth a full, while dynamically distributing it FAIRLY between all of the simultaneous users.

    • Last, but not the least, Don't be a douche! :)


  • It will also be interesting to know how your adventure goes, please keep us posted what you have found/implemented and if it worked in your scenario.

    Cheers!


Log in to reply