Set vpn rate limit via external radius server



  • Hi there,

    we are using PFsense 2.0 as vpn server with external radius authentification. Everything is working fine, but we want to limit the speed per "dialed-in" user.

    we tried the mpd-limit option via radius with no success so far

    we added

    mpd-limit += "out#1=all shape 6400"
      mpd-limit += "in#1=all shape 6400"

    to our radius configuration. Nothing seems to be shaped there.

    We also tried the "other" way with mpd-pipe

    after loading the modules ipfw and dummynet we added
      mpd-pipe += "1=bw 8Kbyte/s",
      mpd-pipe += "5=bw 8Kbyte/s",
      mpd-rule += "1=pipe %p1 all from any to any in",
      mpd-rule += "2=pipe %p5 all from any to any out",

    the rules are added (you can see it with ipfw show and ipfw pipw show) but there are no packets assigned to.

    does anyone has an Idea how to manage the rate limit per user?

    in all other points Pfsense is matches perfect our needs. Good work Guys ;D

    Many thanks

    Matze



  • I will suggest to integrate ng_car into the mpd config



  • Many Thanks for this Ermal.

    Is there also an easy way to integrate the ng_car module into an existing pfsense installation? (maybe a precompiled package or so, without rebuilding The PFSense Image) I am using the "normal" hdd-installed Version.



  • EDIT:

    2.0 has already ng_car/ng_bpf in kernel so you just need to teach mpd through config lines.



  • Thanks again for checking this.

    my next question is: What I have to add in the mpd config for using ng_car. I already searched the mpd documentation on sourceforge, but I didnt found anything related to this.

    As I said in my first post I addes the mp-limit lines to my radius configuration, but it is still not working.
    If I add some mpd-pipe rules, they are added on the system, so I assume the radius configuration is working for giving this parameters.

    many thanks again.



  • Look here
    http://mpd.sourceforge.net/doc/mpd62.html#62

    it has all you need.



  • this is the documentation I already had: it is describing what to do in the radius conf.

    I added the lines
      mpd-limit += "out#1=all shape 6400"
      mpd-limit += "in#1=all shape 6400"
    to my radius conf, but it doesn't  work for me.

    do i have to change someting in the mpd conf(s) as well?

    any ideas?

    thanks again



  • Ok thanks to all especially Ermal. It is working now for me perfectly.

    I made a mistake in my radiusconf it must be

    mpd-limit := "out#1=all shape 64000"
    mpd-limit := "in#1=all shape 64000"

    not
      mpd-limit += "out#1=all shape 64000"
      mpd-limit += "in#1=all shape 64000"


Log in to reply