• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

How do I create bandwidth caps?

Scheduled Pinned Locked Moved Traffic Shaping
9 Posts 4 Posters 4.7k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • F
    fbiryujin
    last edited by Sep 8, 2011, 6:06 PM

    I have an IPSec site-to-site setup, and I'd like to create a monthly hard limit on the amount of GB a single LAN IP can transfer over the IPSec connection in order to prevent transfer abuse.  How can I set this up?

    Thanks

    1 Reply Last reply Reply Quote 0
    • M
      Metu69salemi
      last edited by Sep 8, 2011, 6:08 PM

      if i remember right there is no straight forward mean to do monthly restrictions. but i can remember it wrongly

      1 Reply Last reply Reply Quote 0
      • J
        jimp Rebel Alliance Developer Netgate
        last edited by Sep 12, 2011, 1:28 PM

        There isn't a way to set long-term limits in that way built into the system.

        If you use something like Captive Portal and tie that back to a RADIUS server, you could do such a limit via RADIUS accounting if the RADIUS server software supports limits like that.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • F
          fbiryujin
          last edited by Sep 12, 2011, 7:15 PM

          That could work.  Do you know if Windows Server 2008 R2 RADIUS supports that feature?

          1 Reply Last reply Reply Quote 0
          • J
            jimp Rebel Alliance Developer Netgate
            last edited by Sep 12, 2011, 7:24 PM

            I don't know. I know it does support accounting if you turn that on, but I'm not sure if it can act on the data there. It's probably something you can do in NPS one way or another. I know there are a lot of different policies you can set in there. I haven't done much with it first-hand but I've helped several people get it talking to pfSense for use with things like OpenVPN.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • F
              fbiryujin
              last edited by Sep 12, 2011, 7:42 PM

              Ah ok.  Right now I'm trying to figure that out. Also gotta figure out how to have RADIUS for PPTP and Captive Portal, without users having access to both or neither.  So far I can only get it to authenticate both, or neither :/ (That's probably too off topic, and in need of another thread though)

              1 Reply Last reply Reply Quote 0
              • J
                jimp Rebel Alliance Developer Netgate
                last edited by Sep 12, 2011, 7:44 PM

                Not sure if that is possible the way things are done, but yeah that's probably a topic for another thread. I'm not sure if NPS can distinguish between pfSense requests for those two systems. You might be able to find a radius attribute that is only present in one or the other and limit based on that, make groups that can only get access based on the presence of a certain attribute.

                Probably need to sniff the requests with tcpdump/wireshark and insepct them.

                Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                Need help fast? Netgate Global Support!

                Do not Chat/PM for help!

                1 Reply Last reply Reply Quote 0
                • F
                  fbiryujin
                  last edited by Sep 13, 2011, 3:03 PM

                  That might work.  I think that if RADIUS auth's any of the parameters in the list, it is considered a success though, so I think I'd need to either have 2 separate RADIUS servers, or contact a Windows expert.

                  1 Reply Last reply Reply Quote 0
                  • R
                    rafaelmagu
                    last edited by Oct 16, 2011, 9:56 PM

                    I have that with daloRADIUS. Each user has 1GB free per month (it's a hostel) and they can buy additional data packs. It does require a manual reset of the free plans, though. I suppose a clever cron job could run that every 1st of the month.

                    Bear in mind that traffic accounting seems to be broken in pfSense 2.0-RELEASE. I'm seeing a big increase in traffic usage reports from RADIUS even though the ISP saw no difference on the monthly usage. It seems pfSense is incorrectly multiplying the real traffic used (sometimes by 6 times).

                    Pretty much the same as here: http://forum.pfsense.org/index.php/topic,39555.0.html

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                      [[user:consent.lead]]
                      [[user:consent.not_received]]