Captive Portal Per User Restriction not working.
when enabling the per user restriction in the captive portal and setting up the limit of bandwidthup and bandwidth down for user only uploading restriction is working and on downloading user is free to use full bandwidth even after its controlled. I am facing this bug after upgrading my firewall to 2.4.5 P1.
I'm just tested with 1000 Kbits / sec download and 500 kbits / sec upload, connected my Phone.
The two speeds were rather well limited.
To test : I threw out all connected users first, stopped the portal completely, started it again with this :
I also tested with the authentication I normally use : FreeRadius, who also permits a limit, on a per user bases.
This also worked as advertised.
Not related, but very usefull : I advise you to install the 2.4.5-p1 patch for the captive portal, that permits you to keep users connected when you edited (re saved) the portal settings.
See this part of the forum for the details.
i had done this but in my case download restrict my WAN connection instead of LAN users and on upload both works fine.
The restriction doesn't operate on the WAN interface.
Neither on the LAN interface.
It will apply on the interface used by the captive portal, typically OPT1.
If possible, do not use LAN as the captive portal (although, it should work).
Have a look at the 2 (3 ?) pfSense captive portal videos from Netgate on Youtube.
Also : if bandwidth restriction didn't work, you would not be "the only" seeing this ... may other would post about it.
Yes on my side i had done everything let's wait for the other to post this same issue
In my scenerio,
we only provide access to users whose mac address are in our captive portal
and we are restricting users bandwidth from captive portal as well. Suppose when i add 1024 Kbps
in both fields upload and in download. upload works fine and on download user not get restricted
but on the other hand when i observe my WAN download it restrict to 1024 Kbps and uploading is open fully. that was starnge for me after upgrading to 2.4.5p1. while on 2.4.4 everything is works fine.
@Qadeer one question (sorry if it feels a bit stupid)
Are you using FreeRadius (or similar radius server : NPS etc...)?
try removing all the MAC addresses first and then adding them back to the list after you had changed the up/down speed limits. My experience has been that if those MAC addresses have been added before you made the changes they will keep the old settings.
This post is deleted!
@pppd No Success by this method as well.
@pppd We have already try all methods but none of them working. we are currently running 2.5.2 pFSense Version.
try all methods
I've added the MAC of my Phone :
I checked that the MAC is listed on the DHCP leases page. The IP is an IP from my captive portal network :
I checked that the ipfw [zone]_pipe_mac is loaded with the MAC from the image above :
Note the pipe numbers 2016 and 2017.
I checked if the pipes / queues are limited to 1 Mbits / sec :
A test on my Phone (Speedtest app), connected to an AP, connected to my captive portal :
On the average, both upload and download was limited around 1 Mbit / sec.
It works for me.
we are using pFSense 2.5.2 versino. before this, On 2.4.4, it was working fine. Captive portal default Download and Upload was able to restrict Per IP (LAN) but now, on upload rate (pFSense 2.5.2), everyone is restricted to 24 Mb and Download as per the config of Captive portal.
but now, on upload rate (pFSense 2.5.2), everyone is restricted to 24 Mb and Download as per the config of Captive portal.
Is that what you want ? Or is this what you observe and isn't what you want ?
Using what settings ? Images ?
Btw : I'm using 2.5.2 CE.
2.4.5-p1 was working fine.
And before that - can't recall.
@Gertjan We have observed and tested. pFSense 2.5.2 is not working as per requirement. we want to restrict everyone to 10 Mbps but Upload Rate is not applying.
We are using Mac-Validation , Not RADUS.
Gertjan last edited by Gertjan
We are using Mac-Validation , Not RADUS.
I'm using plain user + password login.
I' not using the pfSense User manager, but the FreeRadius package.
When I set an account (in Freeradius pfSEnse GUI) up like :
and the user logs in, the bandwidth in both directions will be limited to 500 Kbit /sec :
Here are the related "Limiters" :
Can you shows the limiters ? Are some of them missing ? What the ipfw rules set is ?
Showing things is far more constructive as writing "doesn't work". No one can see how you've set things up.
edit : but maybe, when using MAC auth, things are not done correcly. I'm not using MAC auth as I don't know my clients and their devices, and I'm not going to colect their MAC devices addresses.
I could change my setup so it uses MAC auth and see what happens.
When I have time
@raheelfida I am also on latest 2.5.2 and using captive portal bandwidth restrictions and the settings apply both for upload and download. The problem you are having is yours specifically and not pfsense 2.5.2 in general.
Have you made any configurations in Traffic Shaper? This might be overriding your captive portal settings.
@papdee Nope, never used Traffic Shaper. you might be right but how can I verify that which config is overriding ?