As well, you can use staros for the same thing! but it is a lot less flexible and ugly!
radius doesnt do any bandwidth limiting, but it can tell to mikrotik that mikrotik should do :) I am using mikrotik with freeradius but any radius would do, freeradius is able to do mysql lookups. Perhaps you can figure out some things to do with that :)
About the encryption. I dont use encryption because I decided that it should be the user's responsibility. You should just test it and see. I would guess that you will have a problem with MTU :) It is a common problem, you cant browse but you can ping perfectly. Funny thing.
Centralizing everything is one thing, but do you really want all your email users to connect wirelessly? then again one user might have 2 emails etc. Then you should change the database structure in your mail server blah blah. :)
Well its your system. good luck
Evren
Martin Jessa wrote:
Hi !
Thanks a bunch for your quick answer. So basically what you can do with the mikrotic stuff is authorizing users, allow them to connect to your network based on info from a radius server and let the radius to the bandwith limiting? What Radius servers does it support? How is encryption done and would it be possible to make the radius server talk to a database? You see, I want the radius server to use the same database as my email and web users. I want to centralize everything. I dont mind if it does not support wireless interfaces. I can just connect an AP to a nic with a cross over cable. Thanks cool.
Thanks a lot again. You are saving my skin (literally).
On Sun, 14 Sep 2003 02:29:24 -0700 Evren Yurtesen <[EMAIL PROTECTED]> wrote:
Hi :) I see you are a BSD guy like me :)
I had similar problem for my wireless clients, I came up with an excellent PPPoE solution. It is called www.Mikrotik.com
Its a shame that the pppoe implementation in FreeBSD cant do bandwidth limiting, but the mikrotik(linux yack) implementation does! I am almost sure it can do bandwidth limiting on pptp interfaces too.
You can download a trial version of mikrotik, although you cant use the trial version with wireless, you can try with ethernet, these pppoe and pptp connections.
I am sure you will be little alien to the interfaces of mikrotik for a while but it is similar to cisco ios and they have a quite nice graphical administration tool.
I wonder if your tunnels fail because of some MTU constraints.
If you use pppoe, you can give bandwidth from radius! upload/download different bandwidths are possible. The sky is the limit.
Evren
Martin Jessa wrote:
Hi guys.
I have a setup for wireless clients where I use pptp vpn tunnels for my users to be able to auth and connect. The vpn daemon (poptop) talks to freeradius server which against gets user info from MySQL database.
I use dialup_admin to be able to easly add new users.
Everything works great except for one thing.
The users (companies) are unable to create their own VPN tunnels (i.e IPsec) to other places.
It's impossible to tunnel IPsec inside of pptp vpn tunnels.
So maybe running plain PPPoE could solve that problem.
Then I could use WPA for traffic encryption.
Does that sound logical?
I also need some kind of system that will make it possible to give different bandwith to different users.
I though I could set up DUMMYNET with bw restrictions for different subnets with a subnet mask like /16 or similar.
Then give static IP's to my users depending on what bw they are allowed to use. But this approach does not seem to be very flexible.
Is there a way to make radius do bandwith restrictions or run commands against an external application?
I am not "locked" to use BSD, if this works better on Linux then I will use it too.
Thanks YazzY
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
