CP + Radius + Bandwidth limits (broken?)
Could anyone using the CP with Radius and Upload/Download bandwidth restrictions please confirm the following;
The CP seems to get confused with its accounting and returns the accounting data which has occurred in the last minute, rather than the total accumulation since the session start. Disabling the CP bandwidth restrictions seems to return it its normal working state, which is to account for the total data since the start of the session.
Steps to reproduce:
Enable Per-User Bandwidth Restriction (Upload and Download limits left blank)
Enable & Configure radius server for authentication and accounting.
Enable Interim Updates
Enable Re-Authentication every minute
- Create a user with these reply items:
WISPr-Bandwidth-Max-Down := 128000
WISPr-Bandwidth-Max-Up := 32000
Connect the client through the CP, and download some random amount of data (for under 60 secs).
radiushost: /usr/sbin/radiusd -X
*1st Accounting-Request: Acct-Input-Packets = 894 ** Acct-Input-Octets = 66224 Acct-Input-Gigawords = 0 Acct-Output-Packets = 517 ** Acct-Output-Octets = 397630 -->*Now let the client be idle without any download activity* *2nd accounting request: Acct-Input-Packets = 59 ** Acct-Input-Octets = 4489 Acct-Input-Gigawords = 0 Acct-Output-Packets = 15 ** Acct-Output-Octets = 4252 Acct-Output-Gigawords = 0 Acct-Session-Time = 157 *3rd accounting request: Acct-Input-Packets = 10 ** Acct-Input-Octets = 1552 Acct-Input-Gigawords = 0 Acct-Output-Packets = 8 ** Acct-Output-Octets = 2829 Acct-Output-Gigawords = 0 Acct-Session-Time = 217 *and eventual 4th/final: Acct-Input-Packets = 0 ** Acct-Input-Octets = 0 Acct-Input-Gigawords = 0 Acct-Output-Packets = 0 ** Acct-Output-Octets = 0 Acct-Output-Gigawords = 0 --> Acct-Session-Time = 4294834785 (looks odd) Acct-Terminate-Cause = Idle-Timeout
You mixed up some things.
Bandwidth and quota.
Limiting the bandwith is what you did. You limit a user to use a maximum of 128000 Bit per seconds for download and upload.
Acct_input-Octets (what you posted in the log) is for download/upload quota.
With pfsense 2.0.1 this is not working because of a bug in CP. It was fixed in pfsense 2.0.2 and 2.1.
sorry I should I have mentioned, this is with 2.0.2 - I was aware that 2.0.1 CP had problems with counting data.
2.0.2 CP works fine with counting the amount of download/upload, but if the bandwidth limit is enabled via Radius (WISPr-Bandwidth-Max-Down/UP), then the data counting doesn't work as per my previous post.
To try and make it clearer, assume that a CP user is downloading+uploading 500KB per minute for 3 minutes.
How it should work in the accounting requests, (and does work OK with CP+Radius bandwidth limit off)
After 1 minute:
Download + Upload = 500KB
After 2 minutes:
Download + Upload = 1000KB
After 3 Minutes:
Download + Upload = 1500KB
But enable bandwidth limit & Wispr* reply attributes, and the Accounting becomes:
1 minute: 500KB
2 minutes: 500KB
3 minutes: 500KB
Hope that is clearer.
which kind of accounting do you use - stop/start or interim ?
For quota you must use stop/start accounting.
What is happening if you set the bandwidth limit on CP page instead on RADIUS?
- Using interim updates.
- Disabling the Wispr* attributes and putting in a limit on the CP has the same problem (accounting is for the last minute only), so Wispr* isn't directly connected.
periko last edited by
I have some issue like yours, but I want to use "Amount of Time", the accounting is not doing his job.
I'm working on a full install on other machine, doing this manually and see what is causing accounting not working, I need to understand how FR2 works and see if pfsense have issues with or FR2.
I will let u know, but looks like is the same behavior.
I haven't looked at the time based accounting, but to debug, kill then start freeradius with "radiusd -X", and look at the accounting Request packets which are sent. Do you have any bandwidth limits on the captive portal enabled?
periko last edited by
No bandwidth limits in CP, I will try your tip and let u know, thanks!!!