1

I need to be able to control the amount of bandwidth a specific user account can use on a VPN connection. One account I want to be able to use the VPN with no restrictions and another account I want to limit to a reasonable amount of bandwidth (say 10GB or so a month).

I'm aware that you can traffic shape individual connections but that does not quite solve the problem as the limited account can just disconnect and reconnect to get a new connection. I need to be able to limit bandwidth on a login basis for a given period of time (monthly limit).

I'm really not that familiar with traffic shaping in general so any advice would be appreciated.

Thank you.

Cromulent
  • 306
  • 1
  • 2
  • 17
  • In chap-secrets file set static IPs for clients and use some 3rd party software to control that traffic. – Neolo Dec 31 '12 at 19:49
  • As it stands this doesn't really answer the question. Can you elaborate how to accomplish this with either an example or more specific steps? – slm Dec 31 '12 at 20:07
  • There is nothing to elaborate. File located in /etc/ppp/chap-secrets open it and you will see example right there. Set ip for VPN user. Your future steps are to find desired traffic control software, like this: [link](http://www.funtoo.org/wiki/Traffic_Control) Manipulate with users IP addresses you defined in chap-secrets file, they wont get any other IP after relogin. OR set up abills+radius server+your vpn – Neolo Dec 31 '12 at 21:28
  • You appear to be equating traffic shaping (limiting speeds in various situations) with download/upload limiting (limiting the amount someone can transfer in a given amount of time). To help decide which you need, answer these questions: 1) If I'm a limited account and I have yet to download 10GB this month, how should my connection behave? 2) If I'm a limited account and I have downloaded 10GB this month, how should my connection behave? – hrunting Feb 09 '13 at 20:30
  • @hrunting OK I guess I mean bandwidth limiting rather than traffic shaping. – Cromulent Feb 12 '13 at 07:17
  • What are you using to build the VPN? Is it Cisco hardware, Microsoft software, Linux or BSD? – krugger Feb 12 '13 at 15:30
  • @krugger Linux. Debian 6 or Ubuntu Server 12.04 LTS. – Cromulent Feb 12 '13 at 16:50

1 Answers1

0

I wouldn't call it "traffic shaping" with a time resolution of one month... You do not want to impose any restrictions before this hard limit is reached? I think you need to watch the traffic and disable the account when the limit is reached (or activate traffic shaping then, making the connection quite slow).

You may add rules (without target) for each of the connections (after configuring static addresses as mentioned before) in order to see the amount of traffic from and to this user. Every hour or so you can call a script / program which reads this amount of data, adds it to the user's traffic log, resets the counter (iptables --zero), sum up the traffic log and take the appropriate action if the user's limit turnes out to be reached.

Hauke Laging
  • 5,157
  • 2
  • 23
  • 40