• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

CP + Radius + Bandwidth limits (broken?)

Scheduled Pinned Locked Moved Captive Portal
8 Posts 3 Posters 4.8k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • T
    thermo
    last edited by Nov 4, 2012, 6:38 PM

    Could anyone using the CP with Radius and Upload/Download bandwidth restrictions please confirm the following;
    The CP seems to get confused with its accounting and returns the accounting data which has occurred in the last minute, rather than the total accumulation since the session start. Disabling the CP bandwidth restrictions seems to return it its normal working state, which is to account for the total data since the start of the session.

    Steps to reproduce:

    Captive Portal:

    • Enable Per-User Bandwidth Restriction (Upload and Download limits left blank)

    • Enable & Configure radius server for authentication and accounting.

    • Enable Interim Updates

    • Enable Re-Authentication every minute

    Radius:

    • Create a user with these reply items:

    WISPr-Bandwidth-Max-Down := 128000
        WISPr-Bandwidth-Max-Up := 32000

    Connect the client through the CP, and download some random amount of data (for under 60 secs).

    radiushost: /usr/sbin/radiusd -X

    
*1st Accounting-Request:

      Acct-Input-Packets = 894
**    Acct-Input-Octets = 66224
      Acct-Input-Gigawords = 0
      Acct-Output-Packets = 517
**    Acct-Output-Octets = 397630

-->*Now let the client be idle without any download activity*

 *2nd accounting request:

    Acct-Input-Packets = 59
**  Acct-Input-Octets = 4489
    Acct-Input-Gigawords = 0
    Acct-Output-Packets = 15
**  Acct-Output-Octets = 4252
    Acct-Output-Gigawords = 0
    Acct-Session-Time = 157

*3rd accounting request:

     Acct-Input-Packets = 10
**   Acct-Input-Octets = 1552
     Acct-Input-Gigawords = 0
     Acct-Output-Packets = 8
**   Acct-Output-Octets = 2829
     Acct-Output-Gigawords = 0
     Acct-Session-Time = 217

*and eventual 4th/final:

    Acct-Input-Packets = 0
**  Acct-Input-Octets = 0
    Acct-Input-Gigawords = 0
    Acct-Output-Packets = 0
**  Acct-Output-Octets = 0
    Acct-Output-Gigawords = 0
-->  Acct-Session-Time = 4294834785 (looks odd)
    Acct-Terminate-Cause = Idle-Timeout
    1 Reply Last reply Reply Quote 0
    • N
      Nachtfalke
      last edited by Nov 4, 2012, 7:11 PM

      You mixed up some things.

      Bandwidth and quota.

      Limiting the bandwith is what you did. You limit a user to use a maximum of 128000 Bit per seconds for download and upload.

      Acct_input-Octets (what you posted in the log) is for download/upload quota.
      With pfsense 2.0.1 this is not working because of a bug in CP. It was fixed in pfsense 2.0.2 and 2.1.

      1 Reply Last reply Reply Quote 0
      • T
        thermo
        last edited by Nov 4, 2012, 7:29 PM

        Hi Nachtfalke,
        sorry I should I have mentioned, this is with 2.0.2 - I was aware that 2.0.1 CP had problems with counting data.
        2.0.2 CP  works fine with counting the amount of download/upload, but if the bandwidth limit is enabled via Radius (WISPr-Bandwidth-Max-Down/UP), then the data counting doesn't work as per my previous post.

        To try and make it clearer, assume that a CP user is downloading+uploading 500KB per minute for 3 minutes.

        How it should work in the accounting requests, (and does work OK with CP+Radius bandwidth limit off)

        After 1 minute:
            Download + Upload = 500KB
        After 2 minutes:
            Download + Upload = 1000KB
        After 3 Minutes:
            Download + Upload = 1500KB

        But enable bandwidth limit & Wispr* reply attributes, and the Accounting becomes:
        1 minute: 500KB
        2 minutes: 500KB
        3 minutes: 500KB

        Hope that is clearer.

        1 Reply Last reply Reply Quote 0
        • N
          Nachtfalke
          last edited by Nov 4, 2012, 9:32 PM

          Ah ok,

          which kind of accounting do you use - stop/start or interim ?
          For quota you must use stop/start accounting.

          What is happening if you set the bandwidth limit on CP page instead on RADIUS?

          1 Reply Last reply Reply Quote 0
          • T
            thermo
            last edited by Nov 6, 2012, 4:59 AM

            • Using interim updates.
            • Disabling the Wispr* attributes and putting in a limit on the CP has the same problem (accounting is for the last minute only), so Wispr* isn't directly connected.
            1 Reply Last reply Reply Quote 0
            • P
              periko
              last edited by Nov 7, 2012, 7:43 PM

              Hi thermo.

              I have some issue like yours, but I want to use "Amount of Time", the accounting is not doing his job.

              I'm working on a full install on other machine, doing this manually and see what is causing accounting not working, I need to understand how FR2 works and see if pfsense have issues with or FR2.

              I will let u know, but looks like is the same behavior.

              pfsense 2.0.1.

              Necesitan Soporte de Pfsense en México?/Need Pfsense Support in Mexico?
              www.bajaopensolutions.com
              https://www.facebook.com/BajaOpenSolutions
              Quieres aprender PfSense, visita mi canal de youtube:
              https://www.youtube.com/c/PedroMorenoBOS

              1 Reply Last reply Reply Quote 0
              • T
                thermo
                last edited by Nov 8, 2012, 7:07 AM

                Periko,
                I haven't looked at the time based accounting, but to debug, kill then start freeradius with "radiusd -X", and look at the accounting Request packets which are sent. Do you have any bandwidth limits on the captive portal enabled?

                1 Reply Last reply Reply Quote 0
                • P
                  periko
                  last edited by Nov 8, 2012, 4:04 PM Nov 8, 2012, 4:02 PM

                  No bandwidth limits in CP, I will try your tip and let u know, thanks!!!

                  Necesitan Soporte de Pfsense en México?/Need Pfsense Support in Mexico?
                  www.bajaopensolutions.com
                  https://www.facebook.com/BajaOpenSolutions
                  Quieres aprender PfSense, visita mi canal de youtube:
                  https://www.youtube.com/c/PedroMorenoBOS

                  1 Reply Last reply Reply Quote 0
                  8 out of 8
                  • First post
                    8/8
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                    This community forum collects and processes your personal information.
                    consent.not_received