Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Multiple WAN select freature in the Captive Portal

    Scheduled Pinned Locked Moved
    Captive Portal
    2
    4
    2.9k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      JorgeAldoBR
      last edited by

      I was thinking about a way to implement multi-wan trought the captive portal :

      In the login page the user types his username and password and selects a WAN to be routed trought (the page show the link capacity and the current number of users in each link). This way all traffic from this user will be routed trought the selected WAN and if this link goes down (the user will see this) he can disconnect, connect again, and use another WAN.

      I´ve done the captive portal page that shows this info (using an admin created file that contains descriptions about every WAN installed - speed, name, etc) but i am stuck in the part about making the captive portal setup rules to route this user trought an specific WAN.

      Ah, im trying this using the exec.php page but this is not very friendly :P

      when i do something wrong i just get some non-descriptive errors…

      Can somebody help me do this ?

      (Sorry my english isnt very good, my PHP is better :P)

      1 Reply Last reply Reply Quote 0
      • S
        sullrich
        last edited by

        This sounds like a good idea.  You would need to either be able to do multi-wan functions via IPFW2 (haven't looked at this recently) or you will have to add PF rules to control multiple WANs.

        1 Reply Last reply Reply Quote 0
        • J
          JorgeAldoBR
          last edited by

          I´ve found a way to do this (wich is still compatible betwen mono and pfsense) using cascaded NATd´s…

          But i dont think this is a good setup because this will make you run as much NATD daemons as there are WANs in your setup...

          I´m still to find a tutorial on how to do source based routing using only ipfw...

          1 Reply Last reply Reply Quote 0
          • J
            JorgeAldoBR
            last edited by

            I am thinking about using the following :

            table <wan1loggedusers>{ }
table <wan2loggedusers>{ }
... As much as there are wans
table <wannloggedusers>{ }

pass in on <laninterface>from <wan1loggedusers>to any route-to { <wan1interface><wan1gateway>} keep state
pass in on <laninterface>from <wan2loggedusers>to any route-to { <wan2interface><wan2gateway>} keep state
... As much as there are wans
pass in on <laninterface>from <wannloggedusers>to any route-to { <wanninterface><wanngateway>} keep state</wanngateway></wanninterface></wannloggedusers></laninterface></wan2gateway></wan2interface></wan2loggedusers></laninterface></wan1gateway></wan1interface></wan1loggedusers></laninterface></wannloggedusers></wan2loggedusers></wan1loggedusers>
            • does pf accept a table as "from" parameter ?

            The idea is to have a combobox in the captive portal with the following options :
            Choose for me
            Wan1 - <wan service="" provider="" name="" and="" bandwidth="">Wan2 - <wan service="" provider="" name="" and="" bandwidth="">… as much as there are wans
            WanN - <wan service="" provider="" name="" and="" bandwidth="">Then two things can happen :
            if the user selects "Choose for me" the captive portal code selects one based on current number of users and the weight associated to this wan.
            if the user selects a specific wan he his routed to the wan he selected.

            the wan information will be another section in the xml config file and the current wan number of users is stored in a temporary file in the ram disk or the harddisk...

            What you think about this ?

            I had to print and read the whole pf faq and study some other literature to come up with this solution.

            Edit : I have almost ready code (a pascal test-drive code) to check if this can work.
            the code is able to :

            • Add an loggin user to the pf tables of an wan (binding his traffic to a WAN)
            • Give to the user an ammount of bandwidth in this WAN (dinamic) based on a table (If the wan is overloaded, split bandwidth evenly between users) [This uses dummynet, so, i dont know if works on pfsense]

            if this code works (Can be compiled to freebsd) we can do two things : Convert it to PHP or use it as is.

            the code will be released under the same licence as pfSense (Whatever this means).

            Edit2:
            The code compiles and works, the binary uses the following parameters

            routemein <userlogin>-login <wan>to log an user into a wan

            routemein <userlogin>-logout

            to logout an user from a wan

            the following files are needed :

            /tmp/routemein/users.table
            format :
            <id><active><login><ratedown><rateup><currentwan><ip>/tmp/routemein/wans.table
            format :
            <device><alias><ratedown><rateup><weight>in those files any line starting with a # followed by space will be discarded as comment

            theres auxiliary files, /tmp/routemein/lock wich prevents two instances from colliding (needs a more complex lock mechanism, i will pursue it later), and the file /tmp/routemein/current-users.<device>.table (one for each wan) that is used to store info about the users bound to wich wan.

            im trying now to allow the dummynet feature to be disable (leaving only the pf code) or vice-versa (only the dummynet code). I think this will allow this thing to run on both pfsense and monowall. But i dont know if the dev´s really thinks my code is usefull…</device></weight></rateup></ratedown></alias></device></ip></currentwan></rateup></ratedown></login></active></id></userlogin></wan></userlogin></wan></wan></wan>

            1 Reply Last reply Reply Quote 0
            • First post
              Last post