Family keeps blowing data cap, need guideance on captive portal idea

Bonesaw

My family of eight are data hogs. We blow through the Comcast data cap every month and I want to end it. My solution is to limit each family member Data Usage to 4GB a day. However from what I can see pfSense doesn't have much to offer on that front other then using a Captive Portal. Now I want to limit the user and not the machine since each family member has a TV, Phone, Gaming console and PC. I don't want to split up the cap between each machine.
Now I was thinking. Can I give each user their own cheap router and then setup a captive portal on my pfSense router on and have the captive portal handle it via MAC address to those routers. Have a captive portal for each user basically.

provels

@Bonesaw
If you're talking about the 1229GB cap I have (the 10 buck penalty), I think you're out of luck. Too many users, too many devices. JMO
I'm a single user with a TV and a few other devices and use about a TB myself.
You could try traffic shaping and make it so slow they might give up and read a book!

ronv42

I had used the bandwidth feature in Untangle years ago to manage the kids devices for bandwidth since AT&T only allowed 1 TB of service per month. The issue I ran into was random mac addresses. Coming over to pfSense I also lost that feature. I do isolate cell phones to the IoT network and found using limiters helps. This is a pretty good article on how to set it up:

https://geekistheway.com/2020/12/23/limiting-bandwidth-per-network-interface/

Gertjan

@Bonesaw said in Family keeps blowing data cap, need guideance on captive portal idea:

Now I was thinking. Can I give each user their own cheap router and then setup a captive portal on my pfSense router on and have the captive portal handle it via MAC address to those routers. Have a captive portal for each user basically.

Normally, I would come out of my corner and say : don't place "routers" on a captive portal network as it will complicate live.
But in your case, and I'm thinking with you : this might actually be a good idea.

Create a captive portal network, for example 192.168.10.1/24.
Wire (wire up) the X routers (router + AP build in, this is the most common type), one for every family member. Use a strong wifi WPA2+password every router, members won't share thee as they won't share their bandwidth ^^

Connect every routers WAN port to a common portal switch, so all are hookud up pfSense.
Every router sgould have its own DHCP range, like
Member 1 on router 1 : 192.168.100.1/24
Member 2 on router 2 : 192.168.101.1/24
etc
Evey member 1's devices will get connected to router 1 Wifi and routers 1 LAN ports.
The user should use one device initially to login against the captive portal. All other devices connected to router 1 from that point will have internet access, as pfSense (the portal) will only see an IP traffic like 192.168.10.x/24 coming from router 1 (all traffic will use the same router's WAN MAC).

With some classic pfSense FreeRadius bandwidth limiting and/or quota limiting for each user, you'll can enforce control.