WISP using PPOE server - Update

  • In the thread http://forum.pfsense.org/index.php/topic,9625.0.html, which is now locked, I said:

    I setup a test bed for this.

    Internet - pfSense - AP - CPE

    I setup pfSense to do Captive Portal + PPPoE Auth.  The Captive Portal is just a MOTD and PayPal gateway so when non-customers connect they will know what to do to get access.

    PPPoE is connecting to my FreeRADIUS that's connected to my Postgresql DB.  My RADIUS SQL is fairly customized to fit my CRM.

    My test bed of three users works with Mac, Linux, XP, Vista so far.  No issues with just three users.  I just don't know if it can handle my user base of 150 customers currently.  I'm running on a quad processor box with 2GB ram.  My only question is how stable it is.

    Currently I'm running m0n0wall with Captive Portal.  I have to restart CP at least once a day to fix issues with connecting.  It works well otherwise, except it's a Captive Portal (have to go to a web page before internet works).

    I would have just done WPA + RADIUS, but I wanted the CP to inform new users and have a payment gateway.  I run a Pre-Paid service in a small town.

    I wanted to give a status update to this.

    We have been running the PPPoE in production now for about three months.  I have about 20 of my 150 users switched over to it.  So far it's working great.  Just a slight problem with bandwidth management/shaping, but other then that it's good.

    We have switched our Captive Portal over to pfSense on the same box as well.  So it's doing PPPoE, CP, and NAT all on the same box.  At some point we will have all our customers migrated over to PPPoE and we will then turn off the CP.

    Current setup is: CPE -> AP -> CP|PPPoE/Shaper -> Internet.

  • How do you run encryption such as MPPE for your PPPoE users?

    I'd like to run a PPPoE server aswell, however without MPPE I won't put my clients at risk of being able to packet sniff everyone elses traffic that share the same network key.

    If I don't got with PPPoE I'll have to go with a VPN server to keep each users traffic encrypted from each others.

  • We are not encrypting anything.  It's just regular ol PPPoE.

Log in to reply