Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Captive Portal Per User Restriction not working.

    Scheduled Pinned Locked Moved Captive Portal
    19 Posts 7 Posters 1.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Q
      Qadeer
      last edited by

      when enabling the per user restriction in the captive portal and setting up the limit of bandwidthup and bandwidth down for user only uploading restriction is working and on downloading user is free to use full bandwidth even after its controlled. I am facing this bug after upgrading my firewall to 2.4.5 P1.

      1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan
        last edited by

        Hi,

        I'm just tested with 1000 Kbits / sec download and 500 kbits / sec upload, connected my Phone.
        The two speeds were rather well limited.

        To test : I threw out all connected users first, stopped the portal completely, started it again with this :

        d2890b15-0340-41c3-9b3c-8c011cc3df3f-image.png

        I also tested with the authentication I normally use : FreeRadius, who also permits a limit, on a per user bases.

        77dc8fe2-5756-4b92-a514-701f455fb8a1-image.png

        This also worked as advertised.

        @Qadeer said in Captive Portal Per User Restriction not working.:

        2.4.5 P1.

        Not related, but very usefull : I advise you to install the 2.4.5-p1 patch for the captive portal, that permits you to keep users connected when you edited (re saved) the portal settings.
        See this part of the forum for the details.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 0
        • Q
          Qadeer
          last edited by

          i had done this but in my case download restrict my WAN connection instead of LAN users and on upload both works fine.

          1 Reply Last reply Reply Quote 0
          • GertjanG
            Gertjan
            last edited by

            The restriction doesn't operate on the WAN interface.
            Neither on the LAN interface.
            It will apply on the interface used by the captive portal, typically OPT1.
            If possible, do not use LAN as the captive portal (although, it should work).

            Have a look at the 2 (3 ?) pfSense captive portal videos from Netgate on Youtube.

            Also : if bandwidth restriction didn't work, you would not be "the only" seeing this ... may other would post about it.

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            1 Reply Last reply Reply Quote 0
            • Q
              Qadeer
              last edited by

              Yes on my side i had done everything let's wait for the other to post this same issue

              1 Reply Last reply Reply Quote 0
              • Q
                Qadeer
                last edited by

                In my scenerio,

                we only provide access to users whose mac address are in our captive portal
                and we are restricting users bandwidth from captive portal as well. Suppose when i add 1024 Kbps
                in both fields upload and in download. upload works fine and on download user not get restricted
                but on the other hand when i observe my WAN download it restrict to 1024 Kbps and uploading is open fully. that was starnge for me after upgrading to 2.4.5p1. while on 2.4.4 everything is works fine.

                GertjanG F 2 Replies Last reply Reply Quote 0
                • GertjanG
                  Gertjan @Qadeer
                  last edited by

                  @Qadeer said in Captive Portal Per User Restriction not working.:

                  we only provide access to users whose mac address are in our captive portal

                  You saw https://forum.netgate.com/topic/156928/private-mac-addresses-in-ios14 ?

                  No "help me" PM's please. Use the forum, the community will thank you.
                  Edit : and where are the logs ??

                  1 Reply Last reply Reply Quote 0
                  • F
                    free4 Rebel Alliance @Qadeer
                    last edited by

                    @Qadeer one question (sorry if it feels a bit stupid)

                    Are you using FreeRadius (or similar radius server : NPS etc...)?

                    1 Reply Last reply Reply Quote 0
                    • P
                      pppd
                      last edited by

                      try removing all the MAC addresses first and then adding them back to the list after you had changed the up/down speed limits. My experience has been that if those MAC addresses have been added before you made the changes they will keep the old settings.

                      ? Q 3 Replies Last reply Reply Quote 0
                      • ?
                        A Former User @pppd
                        last edited by

                        This post is deleted!
                        1 Reply Last reply Reply Quote 0
                        • Q
                          Qadeer @pppd
                          last edited by

                          @pppd No Success by this method as well.

                          1 Reply Last reply Reply Quote 0
                          • Q
                            Qadeer @pppd
                            last edited by

                            @pppd We have already try all methods but none of them working. we are currently running 2.5.2 pFSense Version.

                            GertjanG 1 Reply Last reply Reply Quote 0
                            • GertjanG
                              Gertjan @Qadeer
                              last edited by

                              @qadeer said in Captive Portal Per User Restriction not working.:

                              try all methods

                              I've added the MAC of my Phone :

                              ae8b45ca-cb73-463e-bf39-29fa1fb22b75-image.png

                              I checked that the MAC is listed on the DHCP leases page. The IP is an IP from my captive portal network :

                              256480b0-3138-48dc-bf87-82e93d9b2425-image.png

                              I checked that the ipfw [zone]_pipe_mac is loaded with the MAC from the image above :

                              97ef17be-fc1d-49f0-8544-5b28a222fda7-image.png

                              Note the pipe numbers 2016 and 2017.

                              I checked if the pipes / queues are limited to 1 Mbits / sec :

                              63bebffe-70c1-4304-9973-f5df21139d6e-image.png

                              A test on my Phone (Speedtest app), connected to an AP, connected to my captive portal :

                              8b710357-1123-4adc-9e1f-e7e703f82a03-image.png

                              On the average, both upload and download was limited around 1 Mbit / sec.

                              It works for me. ™

                              No "help me" PM's please. Use the forum, the community will thank you.
                              Edit : and where are the logs ??

                              R 1 Reply Last reply Reply Quote 0
                              • R
                                raheelfida @Gertjan
                                last edited by

                                @Gertjan
                                we are using pFSense 2.5.2 versino. before this, On 2.4.4, it was working fine. Captive portal default Download and Upload was able to restrict Per IP (LAN) but now, on upload rate (pFSense 2.5.2), everyone is restricted to 24 Mb and Download as per the config of Captive portal.

                                GertjanG P 2 Replies Last reply Reply Quote 0
                                • GertjanG
                                  Gertjan @raheelfida
                                  last edited by

                                  @raheelfida said in Captive Portal Per User Restriction not working.:

                                  but now, on upload rate (pFSense 2.5.2), everyone is restricted to 24 Mb and Download as per the config of Captive portal.

                                  Is that what you want ? Or is this what you observe and isn't what you want ?

                                  Using what settings ? Images ?

                                  Btw : I'm using 2.5.2 CE.
                                  2.4.5-p1 was working fine.
                                  And before that - can't recall.

                                  No "help me" PM's please. Use the forum, the community will thank you.
                                  Edit : and where are the logs ??

                                  1 Reply Last reply Reply Quote 0
                                  • R
                                    raheelfida
                                    last edited by

                                    @Gertjan We have observed and tested. pFSense 2.5.2 is not working as per requirement. we want to restrict everyone to 10 Mbps but Upload Rate is not applying.
                                    We are using Mac-Validation , Not RADUS.

                                    GertjanG 1 Reply Last reply Reply Quote 0
                                    • GertjanG
                                      Gertjan @raheelfida
                                      last edited by Gertjan

                                      @raheelfida said in Captive Portal Per User Restriction not working.:

                                      We are using Mac-Validation , Not RADUS.

                                      I'm using plain user + password login.

                                      I' not using the pfSense User manager, but the FreeRadius package.

                                      When I set an account (in Freeradius pfSEnse GUI) up like :

                                      2e68ac71-6bd9-4cba-b22b-b1ee06a7643e-image.png

                                      and the user logs in, the bandwidth in both directions will be limited to 500 Kbit /sec :

                                      f15d7852-ed9a-4793-a95f-992b98be100f-image.png

                                      Here are the related "Limiters" :

                                      c7c7c3c1-548b-4dac-a547-f11f444fe1d1-image.png

                                      Can you shows the limiters ? Are some of them missing ? What the ipfw rules set is ?

                                      Showing things is far more constructive as writing "doesn't work". No one can see how you've set things up.

                                      edit : but maybe, when using MAC auth, things are not done correcly. I'm not using MAC auth as I don't know my clients and their devices, and I'm not going to colect their MAC devices addresses.
                                      I could change my setup so it uses MAC auth and see what happens.
                                      When I have time ©

                                      No "help me" PM's please. Use the forum, the community will thank you.
                                      Edit : and where are the logs ??

                                      1 Reply Last reply Reply Quote 0
                                      • P
                                        papdee @raheelfida
                                        last edited by

                                        @raheelfida I am also on latest 2.5.2 and using captive portal bandwidth restrictions and the settings apply both for upload and download. The problem you are having is yours specifically and not pfsense 2.5.2 in general.

                                        Have you made any configurations in Traffic Shaper? This might be overriding your captive portal settings.

                                        R 1 Reply Last reply Reply Quote 0
                                        • R
                                          raheelfida @papdee
                                          last edited by

                                          @papdee Nope, never used Traffic Shaper. you might be right but how can I verify that which config is overriding ?

                                          1 Reply Last reply Reply Quote 0
                                          • First post
                                            Last post
                                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.