Limit Simultaneous Connections using freeRADIUS3 and captive portal



  • Hello,

    I'm quite new to pfSense so please be easy on me….

    What I want to do is use freeRADIUS to limit the number of simultaneous connections per user.

    I was able to achieve this while using a test machine before but now on my actual pfSense box I can't get it to work.

    Even though I have simultaneous connection set to 2 or 3, the client is still able to add as many devices as they want.

    I'm running:

    2.3.4-RELEASE (amd64)
    built on Wed May 03 15:13:29 CDT 2017
    FreeBSD 10.3-RELEASE-p19

    NanoBSD

    Can someone tell me what I'm doing wrong?

    Thank you,

    Gadjetguy

    PS: what is the difference between freeRADIUS2 and freeRADIUS3 package?


  • Rebel Alliance Developer Netgate

    If you are using certain Captive Portal RADIUS modes, such as "Reauthenticate", then you can't effectively use simultaneous user limits.

    Also, you do have to have accounting enabled for Simultaneous use to kick in.

    So you'll have to provide more detail about the exact Captive Portal and RADIUS config to get any meaningful feedback.

    @gadgetguy:

    PS: what is the difference between freeRADIUS2 and freeRADIUS3 package?

    FreeRADIUS 2.x is dead and will be removed in the near future. It's EOL upstream and has security problems, use FreeRADIUS 3.x which is current and supported.
    The 2.x package is still there for the moment until we can effectively find a way to force the transition in an automated manner. The configurations are compatible, if you have 2.x installed, uninstall it and install 3.x and you'll be fine.



  • Thank you for replying jimp,

    I'll start by explaining my goal for the Captive portal.

    1. I want to allow certain users onto my LAN network automatically by registering their MAC addresses in Captive portal. This works without a problem so far.

    2. For some users, I want to give them a user ID and password and limit their number of concurrent connections, let's say some clients 2 devices and some 3.

    For now, I don't want to limit bandwidth or daily usage, just concurrent connections.

    I downloaded and installed freeRADIUS3 and set it up.

    Here's my settings configuration:

    Services>FreeRADIUS> interfaces

    192.168.20.254 as LAN interface/Port 1812/authentication
    192.168.20.254 as LAN interface/Port 1813/accounting
    192.168.20.254 as LAN interface/Port 1816/status

    For NAS/Clients, I entered my LAN IP for the client IP and a shared secret.

    I then created a new entry in captive portal and enabled it.

    Interfaces: LAN

    Authentication method: RADIUS Authentication
    RADIUS protocol: PAP
    Primary RADIUS server: 192.168.20.254 / Port 1812 / shared secret

    I enabled "Send RADIUS accounting packets to the primary RADIUS server"
    Accounting port: 1813
    Accounting updates: no updates

    RADIUS NAS IP attribute: LAN-192.168.20.254

    Should I attach my radius.conf file?

    Thank you very much… I really appreciate your time and I hope you'll be able to help me figure out what I'm doing wrong....


  • Rebel Alliance Developer Netgate

    In the captive portal settings, change Accounting Updates to "Start/Stop (FreeRADIUS)"



  • Ok, I'll try that. Thank you!



  • @jimp:

    In the captive portal settings, change Accounting Updates to "Start/Stop (FreeRADIUS)"

    I tried this and I still can connect unlimited devices per user name. Any more suggestions?

    Thank you for helping with my problem….



  • I have squid running on my pfSense box but is there any chance that it is interfering?



  • One more thing, when installing FreeRADIUS3 it says an EAP certificate is needed. I haven't configured any certificates. Is that necessary?

    Thanks again…


  • Rebel Alliance Developer Netgate

    @gadgetguy:

    I have squid running on my pfSense box but is there any chance that it is interfering?

    If they still get prompted for a portal login, then maybe not, but it's squid so it usually does find ways of interfering.

    @gadgetguy:

    One more thing, when installing FreeRADIUS3 it says an EAP certificate is needed. I haven't configured any certificates. Is that necessary?

    Where is it saying that? The FreeRADIUS 3.x package automatically makes EAP certs if you don't configure any, it doesn't print an error like that. The old 2.x package will print an error like that, though. If you aren't using EAP it's not much to worry about but you could make a CA and Server cert, set them on the EAP tab, and that would stop any errors.



  • Where is it saying that? The FreeRADIUS 3.x package automatically makes EAP certs if you don't configure any, it doesn't print an error like that. The old 2.x package will print an error like that, though. If you aren't using EAP it's not much to worry about but you could make a CA and Server cert, set them on the EAP tab, and that would stop any errors

    When installing the FreeRADIUS package, at the end when it says 'Success' when the package finishes installing is where I saw that message. It wasn't an error message.

    I got my test machine running again and did a clean install of pfSense and tried Captive Portal with FreeRADIUS and didn't install or setup anything else but it still doesn't limit simultaneous connections so I'm guessing that it isn't Squid causing the problems.

    I know I'm asking a lot, but would it be possible for you to post the instructions for configuring FreeRADIUS and Captive Portal to limit a user to 3 concurrent connections? I've been trying for a week now spending every afternoon trying to find what the problem is and doing a lot of researching and reading on the internet but haven't been successful.

    I appreciate your advice and want to thank you for helping me out this far.



  • Is there anybody out there that is successfully using Captive Portal with FreeRADIUS3 and able to successfully allow a user to use a limited amount of devices concurrently?

    Thank you in advance!



  • try to edit the Number of Simultaneous Connections of the acct in freeRadius



  • @jmguerrero:

    try to edit the Number of Simultaneous Connections of the acct in freeRadius

    I have this set to 2 or 3 depending on each user. Any other suggestions?



  • Hello I'm new on this forum.
    I have been reading some captive portal threads and I have the same issue with limiting the users by freeRadius 3.
    Any suggestion?

    Thx



  • Hi Guys,

    has anyone found a solution to this problem yet?



  • I can't make it and would love to find out how to do user limitation. I was working great in ver 2


Log in to reply