CP + Radius + Bandwidth limits (broken?)

  • Could anyone using the CP with Radius and Upload/Download bandwidth restrictions please confirm the following;
    The CP seems to get confused with its accounting and returns the accounting data which has occurred in the last minute, rather than the total accumulation since the session start. Disabling the CP bandwidth restrictions seems to return it its normal working state, which is to account for the total data since the start of the session.

    Steps to reproduce:

    Captive Portal:

    • Enable Per-User Bandwidth Restriction (Upload and Download limits left blank)

    • Enable & Configure radius server for authentication and accounting.

    • Enable Interim Updates

    • Enable Re-Authentication every minute


    • Create a user with these reply items:

    WISPr-Bandwidth-Max-Down := 128000
        WISPr-Bandwidth-Max-Up := 32000

    Connect the client through the CP, and download some random amount of data (for under 60 secs).

    radiushost: /usr/sbin/radiusd -X

    *1st Accounting-Request:
          Acct-Input-Packets = 894
    **    Acct-Input-Octets = 66224
          Acct-Input-Gigawords = 0
          Acct-Output-Packets = 517
    **    Acct-Output-Octets = 397630
    -->*Now let the client be idle without any download activity*
     *2nd accounting request:
        Acct-Input-Packets = 59
    **  Acct-Input-Octets = 4489
        Acct-Input-Gigawords = 0
        Acct-Output-Packets = 15
    **  Acct-Output-Octets = 4252
        Acct-Output-Gigawords = 0
        Acct-Session-Time = 157
    *3rd accounting request:
         Acct-Input-Packets = 10
    **   Acct-Input-Octets = 1552
         Acct-Input-Gigawords = 0
         Acct-Output-Packets = 8
    **   Acct-Output-Octets = 2829
         Acct-Output-Gigawords = 0
         Acct-Session-Time = 217
    *and eventual 4th/final:
        Acct-Input-Packets = 0
    **  Acct-Input-Octets = 0
        Acct-Input-Gigawords = 0
        Acct-Output-Packets = 0
    **  Acct-Output-Octets = 0
        Acct-Output-Gigawords = 0
    -->  Acct-Session-Time = 4294834785 (looks odd)
        Acct-Terminate-Cause = Idle-Timeout

  • You mixed up some things.

    Bandwidth and quota.

    Limiting the bandwith is what you did. You limit a user to use a maximum of 128000 Bit per seconds for download and upload.

    Acct_input-Octets (what you posted in the log) is for download/upload quota.
    With pfsense 2.0.1 this is not working because of a bug in CP. It was fixed in pfsense 2.0.2 and 2.1.

  • Hi Nachtfalke,
    sorry I should I have mentioned, this is with 2.0.2 - I was aware that 2.0.1 CP had problems with counting data.
    2.0.2 CP  works fine with counting the amount of download/upload, but if the bandwidth limit is enabled via Radius (WISPr-Bandwidth-Max-Down/UP), then the data counting doesn't work as per my previous post.

    To try and make it clearer, assume that a CP user is downloading+uploading 500KB per minute for 3 minutes.

    How it should work in the accounting requests, (and does work OK with CP+Radius bandwidth limit off)

    After 1 minute:
        Download + Upload = 500KB
    After 2 minutes:
        Download + Upload = 1000KB
    After 3 Minutes:
        Download + Upload = 1500KB

    But enable bandwidth limit & Wispr* reply attributes, and the Accounting becomes:
    1 minute: 500KB
    2 minutes: 500KB
    3 minutes: 500KB

    Hope that is clearer.

  • Ah ok,

    which kind of accounting do you use - stop/start or interim ?
    For quota you must use stop/start accounting.

    What is happening if you set the bandwidth limit on CP page instead on RADIUS?

    • Using interim updates.
    • Disabling the Wispr* attributes and putting in a limit on the CP has the same problem (accounting is for the last minute only), so Wispr* isn't directly connected.

  • Hi thermo.

    I have some issue like yours, but I want to use "Amount of Time", the accounting is not doing his job.

    I'm working on a full install on other machine, doing this manually and see what is causing accounting not working, I need to understand how FR2 works and see if pfsense have issues with or FR2.

    I will let u know, but looks like is the same behavior.

    pfsense 2.0.1.

  • Periko,
    I haven't looked at the time based accounting, but to debug, kill then start freeradius with "radiusd -X", and look at the accounting Request packets which are sent. Do you have any bandwidth limits on the captive portal enabled?

  • No bandwidth limits in CP, I will try your tip and let u know, thanks!!!

Log in to reply