I'm starting a Wireless ISP and currently have 20 users with a 25 user Wingate Pro license, latest version on XP Pro. At the moment we just use WG for proxy & router between Internet, WirelessNet & LocalLAN (3 NICs) no user authentication or accounting.
We want to:
1) Have authentication (preferably by MAC address)
2) Accounting
3) Enforce user 'caps', e.g. 1GB, 7GB etc. per month. (Either stop service or give low priority/bandwidth (e.g. 32k) when limit is reached, reset at end of month)
4) Method of auto-exporting users current byte count to text file
5) Report of user usage at end of month+reset count/lift restrictions
6) Limit P2P traffic bandwidth
7) Maybe support for Syslog server
Well that's a mouth full, but apparently a RADIUS server can give this functionality. (Our WiFi routers/stations all support Radius & SysLog Servers).
Would it be best to get a Linux Radius/SysLog server or can WG give similar functions? I'd really like to use WG as I love the feauters like Activity tab, Ban server, and cool service/policy setups to name but a few...
Honest opinions please, we plan to expand to +-200 users within next year and cannot afford trouble.
Thanks.
User Accounting question
Moderator: Qbik Staff
3 posts
• Page 1 of 1
by adrien » Sep 13 05 12:16 am
HI
Short answer is that WinGate will do some of the things you mention, but probably not the ones you really want.
It will do things like bandwidth control for P2P etc, but the user accounting is not really designed for such applications.
It can set quotas, and these can be reset on a regular basis by scheduler action.
But there are normally accuracy issues with anything except the more basic proxy access, due to the way we currently collect stats (i.e. we do this at the socket level, which does not give information about retransmissions, and transport overheads). If you are happy to allow say a margin of 10% for this, you can get pretty close.
We also do support policy by MAC address although note this is only for a locally connected network (not through a router, since for traffic from a client behind a router, all you get is the MAC address of the router interface), and is based on policies in the engine using the ARP cache to look up the MAC from the client IP, rather than using them directly from our packet-level driver.
We are working on overhauling the accounting to take advantage of all the information that the WinGate ENS driver has access to, and MAC filtering is definitely on the list. We see a good market in hotels and net cafes for this sort of functionality.
we are also working on opening up access to certain components in winGate (such as the user database) so that things like PHP scripts (which will run under WinGate's web server) can access accounts. This lends itself to integrated access control by payment.
These features are at least 6-9 months away however.
Adrien
Short answer is that WinGate will do some of the things you mention, but probably not the ones you really want.
It will do things like bandwidth control for P2P etc, but the user accounting is not really designed for such applications.
It can set quotas, and these can be reset on a regular basis by scheduler action.
But there are normally accuracy issues with anything except the more basic proxy access, due to the way we currently collect stats (i.e. we do this at the socket level, which does not give information about retransmissions, and transport overheads). If you are happy to allow say a margin of 10% for this, you can get pretty close.
We also do support policy by MAC address although note this is only for a locally connected network (not through a router, since for traffic from a client behind a router, all you get is the MAC address of the router interface), and is based on policies in the engine using the ARP cache to look up the MAC from the client IP, rather than using them directly from our packet-level driver.
We are working on overhauling the accounting to take advantage of all the information that the WinGate ENS driver has access to, and MAC filtering is definitely on the list. We see a good market in hotels and net cafes for this sort of functionality.
we are also working on opening up access to certain components in winGate (such as the user database) so that things like PHP scripts (which will run under WinGate's web server) can access accounts. This lends itself to integrated access control by payment.
These features are at least 6-9 months away however.
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
3 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 4 guests