Hello Hans, I get your use case and it’s very interesting but unfortunately PacketFence does have all internal to do that but it’s not doable per user right now. You will need to agregate data per user merging all devices usage and it’s not that easy.
If you have the pieces that do that, you could trigger a security event that isolate the device to inform him. Thanks, Ludovic Zammit Product Support Engineer Principal Lead Cell: +1.613.670.8432 Akamai Technologies - Inverse 145 Broadway Cambridge, MA 02142 Connect with Us: <https://community.akamai.com/> <http://blogs.akamai.com/> <https://twitter.com/akamai> <http://www.facebook.com/AkamaiTechnologies> <http://www.linkedin.com/company/akamai-technologies> <http://www.youtube.com/user/akamaitechnologies?feature=results_main> > On Nov 10, 2022, at 9:26 PM, Hans Johnson <hans.john...@gmail.com> wrote: > > Hi Ludovic, > > Thanks for the response. We’re actually running enterprise gear, so we have a > fair bit of flexibility. I’m working on getting pfacct working with netflow > from our head and router. This is largely because we have a lot of local > services that run on site, and shouldn’t be counted against usage. The Radius > accounting wouldn’t be all that useful (other than for online/offline > detection) as it doesn’t differentiate between local and internet traffic. > > We’ll soon be transitioning to a fortigate firewall, and I’ll do the > integration to feed usernames etc back to the fortigate. But it will also be > setup to feed netflow data back to PF. > > Ideally, what we’re looking at is a system where we could give our staff > members an allotment each month of, say, 5GB. If they exceed that (or decide > they want to watch a movie or download a game or some such) they can buy > additional bandwidth. > > The other challenge is that I’d want this to be per user rather than per > device. Every staff member at our site has their own login on our domain. I > already have per user authentication working authenticating against AD via > LDAP, so that’s solid. > > We’re also thinking about selling access to our guests (we operate a remote > wilderness camp) but that’s another can of worms. > > I am reasonably familiar with carrots bits of programming (perl, python, SQL, > etc…) so can write glue code if needed. I’m just way rusty on that. > > Thanks for your time, > > Hans > > Sent from my iPhone > >> On Nov 10, 2022, at 05:24, Zammit, Ludovic <luza...@akamai.com> wrote: >> >> Hello Hans, >> >> It depends on the equipment that you are using and which authentication mode >> you have (Web auth, inline, VLAN enforcement) >> >> PF has two way to monitor bandwidth, in Inline mode where PF is the router >> and see all the traffic or where you send radius accounting to PF. >> >> What are you trying to achieve here? Do you want to block the users after >> 5gb per month or send them a warning ? >> >> You can use PacketFence Security events based on quota usage as long you >> send radiusd accounting with a fairly timed interim updated so PF is aware >> of the device data consumption. >> >> Let me know if that help. >> >> Thanks, >> >> >> Ludovic Zammit >> Product Support Engineer Principal Lead >> >> Cell: +1.613.670.8432 >> Akamai Technologies - Inverse >> 145 Broadway >> Cambridge, MA 02142 >> Connect with Us: <https://community.akamai.com/> >> <http://blogs.akamai.com/> >> <https://urldefense.com/v3/__https://twitter.com/akamai__;!!GjvTz_vk!U1Fe4n_nEq3pID4rx06h3tE9-YiyNdzjNcsBiVg9Y3lh0eBXm5Bp0rOzrJswM7USv2u3Sivqx0jF7cb3binO$> >> >> <https://urldefense.com/v3/__http://www.facebook.com/AkamaiTechnologies__;!!GjvTz_vk!U1Fe4n_nEq3pID4rx06h3tE9-YiyNdzjNcsBiVg9Y3lh0eBXm5Bp0rOzrJswM7USv2u3Sivqx0jF7dBi5JxI$> >> >> <https://urldefense.com/v3/__http://www.linkedin.com/company/akamai-technologies__;!!GjvTz_vk!U1Fe4n_nEq3pID4rx06h3tE9-YiyNdzjNcsBiVg9Y3lh0eBXm5Bp0rOzrJswM7USv2u3Sivqx0jF7d0SC-Qf$> >> >> <https://urldefense.com/v3/__http://www.youtube.com/user/akamaitechnologies?feature=results_main__;!!GjvTz_vk!U1Fe4n_nEq3pID4rx06h3tE9-YiyNdzjNcsBiVg9Y3lh0eBXm5Bp0rOzrJswM7USv2u3Sivqx0jF7b0jLk3t$> >> >>> On Nov 8, 2022, at 10:23 PM, Hans Johnson via PacketFence-users >>> <packetfence-users@lists.sourceforge.net >>> <mailto:packetfence-users@lists.sourceforge.net>> wrote: >>> >>> Hi Everyone, >>> >>> Another question here. We operate an organization that’s at a remote site, >>> and provide internet access to our staff and volunteers. Due to the remote >>> site, we’re pretty much stuck with StarLink for our connectivity. They just >>> recently announced a change to their TOS which means we’ll soon be paying >>> $1/GB for our bandwidth (effectively). We have about 60 users and have >>> often been pushing some 200GB/day. We’re on the business package, which >>> means that unless we pay, we get throttled down to 1Mbps after the first >>> 1TB. >>> >>> What we’re thinking is that rationing data, akin to mobile phone plans, is >>> the only way we’re still going to be able to give our staff internet access >>> while not going bankrupt. (There is no mobile service at our remote site, >>> and no other options short of going back to VSAT or building a couple >>> microwave relay towers). >>> >>> What we’d like to do is provide each user, say, 5GB/mo (So spend $5 each, >>> basically). If they go over that, they can buy additional capacity at cost; >>> we’re not looking to make a profit here, just not go bankrupt. >>> >>> I seem to have most of the pieces in place to make this work; I’ve got a >>> firewall that will export traffic data via netflow, I’ve got PF >>> authenticating my users backing against AD via LDAP for >>> username/password/metadata and it’s all run through a captive portal to >>> make it work. >>> >>> Is this the kind of thing that I could pull off with PacketFence? I know it >>> has billing functionality, but that seems to be based on time, rather than >>> data usage. >>> >>> Thanks! >>> >>> Hans >>> >>> _______________________________________________ >>> PacketFence-users mailing list >>> PacketFence-users@lists.sourceforge.net >>> <mailto:PacketFence-users@lists.sourceforge.net> >>> https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!TGn-5Rj8asCf4nD0vnX4nkNrO-YBLlEggR4D5OpKJRkLsv85p5Ryspnw4YTQi-DHU-HGRS1dQGnPrcD_o8LQEFByBRq5Az-HNUPaow$ >>> >>
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
