Non-Unlimited ISP



  • Hello,

    I will be travelling to one of the country in South East Asia. The place is pretty remote area where there is no unlimited internet available, unlike in U.S. For the ISP, I will be utilizing the wireless cellular (3G/4G), however, none of them offer unlimited internet. The way their pricing works is paying monthly with amount of GB available. If you exceed their quota, they will charge you overage and it is VERY expensive.

    There are multiple ISP I can use and planning to utilize multi-WAN for reliability. However, the concern is I need to have pfsense to keep in track of quota usage and automatically shut down the connection to specific ISP before they go over the quota. Otherwise, they will charge overage which is ridiculously expensive (that's how they make money on scamming the users).

    Until now, I haven't found any answer yet about this. Please advise as I will be travelling back soon.

    Thank you so much



  • If its offered where you going, get a Pay As You Go (PAYG) sim card for one of the local mobile telcos once you have landed which offers a data allowance.

    You can look online for who does the best deals in the area you plan to visit, you might also find some sites offering special discounts, then just buy the sim from a local shop once you have landed, but you might also be able to buy one in the airport having landed, but prices might vary as airport purchases in my limited experience tend to be more expensive.

    This assumes your mobile phone or modem is not locked or tied to your current provider, and also assumes you dont have any security measures like modem mac id restrictions that prevent you from accessing your pfsense device. The latter is a risk if you decide/are forced to buy a sim and modem bundle which might happen.

    It might also be cheaper to buy multiple PAYG ad-hoc if your data usage is high, although now would be a good time to learn & practice command line stuff if you use the GUI alot as this will drastically reduce your data usage. Other tricks could be to force web browsers into text only mode so pictures are not downloaded and or run a local cache like squid to perhaps on your laptop to mitigate the anticipated GUI network traffic as another alternative.



  • @firewalluser:

    If its offered where you going, get a Pay As You Go (PAYG) sim card for one of the local mobile telcos once you have landed which offers a data allowance.

    You can look online for who does the best deals in the area you plan to visit, you might also find some sites offering special discounts, then just buy the sim from a local shop once you have landed, but you might also be able to buy one in the airport having landed, but prices might vary as airport purchases in my limited experience tend to be more expensive.

    This assumes your mobile phone or modem is not locked or tied to your current provider, and also assumes you dont have any security measures like modem mac id restrictions that prevent you from accessing your pfsense device. The latter is a risk if you decide/are forced to buy a sim and modem bundle which might happen.

    It might also be cheaper to buy multiple PAYG ad-hoc if your data usage is high, although now would be a good time to learn & practice command line stuff if you use the GUI alot as this will drastically reduce your data usage. Other tricks could be to force web browsers into text only mode so pictures are not downloaded and or run a local cache like squid to perhaps on your laptop to mitigate the anticipated GUI network traffic as another alternative.

    Thanks for the response.

    However, the PAYG price is same price with overage so it is a no go. That actually doesn't answer whether I can use the pfsense to track my bandwidth usage and shutdown connection once it hits the caps.

    Thank you



  • My experience of PAYG is it stops working once the data allowance is used up, so you should never get into an overage situation.

    Where it might happen is if you are required to link a credit/debit card to the PAYG account with automatic top ups.

    Theres also this. https://doc.pfsense.org/index.php/How_can_I_monitor_bandwidth_usage

    Might also be useful. https://forum.pfsense.org/index.php?topic=22190.0
    along with this one.
    https://www.reddit.com/r/PFSENSE/comments/1vd6wp/way_to_monitor_total_bandwidth_used_over_period/



  • @firewalluser:

    My experience of PAYG is it stops working once the data allowance is used up, so you should never get into an overage situation.

    Where it might happen is if you are required to link a credit/debit card to the PAYG account with automatic top ups.

    Theres also this. https://doc.pfsense.org/index.php/How_can_I_monitor_bandwidth_usage
    a
    Might also be useful. https://forum.pfsense.org/index.php?topic=22190.0
    along with this one.
    https://www.reddit.com/r/PFSENSE/comments/1vd6wp/way_to_monitor_total_bandwidth_used_over_period/

    Hello,

    I guess, I misunderstood your PAYG term. From what I understand, PAYG means you just top up the balance and use the internet as your balance reach to zero. In this case, I can't do that since the price of PAYG is same price if you go overage of your quota. I think I got what you mean.

    Basically, it is a prepaid plan where you buy let's say $10/5GB per month and overage is 1 cent per MB, whereas PAYG you pay 1 cent per MB which is $10/GB. You can see the difference I am talking about.

    I saw the link you gave me. It only give you graph about the usage but pfsense doesn't take action against that. I need somehow the pfsense limit the usage like shutdown the connection once it hit the caps.

    Thank you


  • LAYER 8 Netgate

    It doesn't do that. Use something else.



  • Could you restrict the bandwidth such that it would be impossible to go over?



  • Yeah PAYG can also be called PrePaid which is what I refer to, ie you pay up front, you might have 100mins of calls, 500 txts and 500GB data, once the data is used up, it stops working (especially if you have not provided any card payment details) but you can still use the calltime and txts if you want. You can pay more for additional data which I guess is what you call overage but at this point I'd probably just get another sim with the same/similar data allowance, although alot of PAYG sims have online auto top facilities in effect making them like on-demand/ad-hoc contracts without the contract.

    Either way getting a local sim is usually cheapest anyway, and some countries spend more time talking, some spend more time texting and others will use more data.

    This might work, havent done it myself but am interested in it, hence why I've been searching around myself.

    https://forum.pfsense.org/index.php?topic=31620.0
    http://freeradius.org/radiusd/man/rlm_counter.html

    The rlm_counter module provides a general framework to allow access based on accumulated usage of a resource, such as total time online in a given period, total data transferred in a given period, etc. This is very useful in a 'Prepaid Service' situation, where a user has paid for a finite amount of usage and should not be allowed to use more than that service. Collection, monitoring, and replenishment of prepaid services are beyond the scope of this module.

    I cant see there being a problem getting this to work on one or more interfaces as computers dont care so much if we call an interface wan or lan.

    I think you might need to do some custom scripts though at least to maybe alert you automatically when you get close to your limit(s), how you want to be disconnected will also need to be decided, like do you disable the interface, add a couple of block all rules or something else.


  • LAYER 8 Netgate

    I don't think a RADIUS module is going to help him unless he sets himself up as an ISP with the RADIUS infrastructure and "logs in" to his own firewall allowing RADIUS rlm_counter to do its thing.

    Watch your usage and don't go over. Do you really need a technical solution to this "problem"?

    Clearing your RRD graphs at the start of a period ought to give you a general idea how much has been transferred out the WAN interface.



  • @firewalluser:

    Yeah PAYG can also be called PrePaid which is what I refer to, ie you pay up front, you might have 100mins of calls, 500 txts and 500GB data, once the data is used up, it stops working (especially if you have not provided any card payment details) but you can still use the calltime and txts if you want. You can pay more for additional data which I guess is what you call overage but at this point I'd probably just get another sim with the same/similar data allowance, although alot of PAYG sims have online auto top facilities in effect making them like on-demand/ad-hoc contracts without the contract.

    Either way getting a local sim is usually cheapest anyway, and some countries spend more time talking, some spend more time texting and others will use more data.

    This might work, havent done it myself but am interested in it, hence why I've been searching around myself.

    https://forum.pfsense.org/index.php?topic=31620.0
    http://freeradius.org/radiusd/man/rlm_counter.html

    The rlm_counter module provides a general framework to allow access based on accumulated usage of a resource, such as total time online in a given period, total data transferred in a given period, etc. This is very useful in a 'Prepaid Service' situation, where a user has paid for a finite amount of usage and should not be allowed to use more than that service. Collection, monitoring, and replenishment of prepaid services are beyond the scope of this module.

    I cant see there being a problem getting this to work on one or more interfaces as computers dont care so much if we call an interface wan or lan.

    I think you might need to do some custom scripts though at least to maybe alert you automatically when you get close to your limit(s), how you want to be disconnected will also need to be decided, like do you disable the interface, add a couple of block all rules or something else.

    Oh, wow. Thanks for the insights. It looks very complicated. I was hoping to be able to implement this easy enough.  I guess, there is no easy way to do it.

    @Derelict:

    I don't think a RADIUS module is going to help him unless he sets himself up as an ISP with the RADIUS infrastructure and "logs in" to his own firewall allowing RADIUS rlm_counter to do its thing.

    Watch your usage and don't go over. Do you really need a technical solution to this "problem"?

    Clearing your RRD graphs at the start of a period ought to give you a general idea how much has been transferred out the WAN interface.

    I was hoping to find more automated way instead of monitoring it manually since I will be putting multiple different 3G/4G ISP.

    I think the manual monitoring is a way to go.

    Thank you



  • Its a pity and a bit surprised some sort of automated data cap doesnt exist as plenty of people are on capped monthly download limits for landlines or mobile and just have no way of knowing if their ISP is being accurate or not.

    The brief time I was on a capped monthly download I disputed the amounts claimed but that was on a mobile data using an app to monitor data in and out, that automatically reset every month at a predetermined date & time, it was nothing more than that.



  • That actually doesn't answer whether I can use the pfsense to track my bandwidth usage and shutdown connection once it hits the caps.

    From where the pfSense should now the overhead what comes on top of each connection?

    I think the manual monitoring is a way to go.

    The easiest way is to go with a pre-payed SIM card as suggested before and then the entire
    Link will be set down by the mobile ISP and not on your side. It would not be a manner if one
    or two Links goes down and the other will be activated as in a fail over configuration.

    Think about, if something occurs inside of your LAN and this will then cause massively traffic
    you pay millions to the ISP, and not often "someone" could find it useful for him self.  ;)



  • One possibility would be to enhance the RRD Summary package to be more real time (you'd have to use the minute by minute data for the past hour) and add a feature to tear down an interface once the limit has been reached.

    There is no 'off the shelf' functionality in pfSense to limit usage of an interface.


Log in to reply