Hi,

I've configured a pfSense firewall acting as a walled garden for our users on a wireless network with a FreeRADIUS server acting as authenticator. This works well, although I also have a number of Gemtek p560's which also have to use the same FreeRADIUS server to authenticate users. Authentication works fine on both the pfSense and Gemtek systems, but for some reason accounting doesn't seem to be working with the Gemteks. This means I can't get the RADIUS system to limit the number of concurrent logins on the Gemteks - which of course I want to do. I can, however, get the system to limit the number of concurrent logins on the pfSense system.

When I do a 'radlast' I get a list of all the users who have logged into the pfSense sytem but none of the Gemteks. I've searched and found very little information on the matter, except that setting 'reverse accounting' on the Gemtek system might help (it didn't). For the record, I have enabled ports 1812 and 1813 UDP to reach the RADIUS server from the Gemtek and pfSense systems and can see this traffic coming in from both of them.

I suspect that the reason may be because I have to define a specific 'nastype' for the Gemtek hosts in my clients.conf file. Currently the default nastype for all clients are set to 'other'. Does anyone know what nastype a Gemtek p560 should be defined as within the clients.conf file? Or better still, has anyone dealt with this problem themselves and come up with an answer?

Any ideas, anyone?

I searched for information on the product. It appears that there are two related products from Gemtek; the P560 and the P560 Plus. The P560 plus talks about its ability to interact with Radius and perform user accounting for billing.

I am guessing that if you have the plain P560 then Gemtek may have disabled that kind of user accounting in that model to encourage people to purchase the P560 Plus.

It may be possible to upgrade the P560 to the P560 Plus.

I have no direct experience with this hardware. This is just speculation based on a 10 minute search for information on the product.

Thanks for the quick feedback. I'm not altogether convinced that the p560 is unable to deal with accounting, since I'm viewing accounting packets (1813 UDP) coming across the firewall to the RADIUS box. I have noticed that the number of bytes sent in/out to/from the Gemteks is much greater than those of the pfSense system, so I'm guessing that the accounting information may be more 'verbose' and that the clients.conf file on the RADIUS system isn't configured correctly to interpret the incoming information - hence my enquiry about the nastype parameter. I may end up having to just try each of the available nastypes in turn to see if I get anywhere that way. Unless anyone has any other ideas?