Feature #12982

Updated by Marcos M over 1 year ago

It seems when there are too many entries (per user) in the Radreply table (using MySQL) of FreeRadius package, pfsense (or maybe is FreeRadius) will start ignoring the rules.    It seems the max entries per user (for Cisco AVPair Rule) is around 70.    Pfsense will start ignoring any rules (per user) above 70 or so. 

 Just to clarify the issue a bit more, for example, in the radreply table, if I have these entries (total of 100 entries) for the user ATMMSOpenVPN, 

 ATMMSOpenVPN Cisco-AVPair += ip:inacl#1=permit any host host 
 ATMMSOpenVPN Cisco-AVPair += ip:inacl#2=permit any host host 
 ATMMSOpenVPN Cisco-AVPair += ip:inacl#3=permit any host host 
 ATMMSOpenVPN Cisco-AVPair += ip:inacl#100=permit any host host 

 1. In entry @#1@ #1 it is allowing to access 
 2. In entry @#100@ #100 it is allowing host to access 

 Both and are pingable. But when the user ATMMSOpenVPN login to OpenVPN, he will ONLY be able to ping, NOT, because is rule #100 (which is above 70) 

 BUT, if I switch these 2 IP around where now @#1@ #1 is and #100 is (in the MySQL database), now he will be able tto ping BUT NOT anymore. So almost seems like pfsense only loading the first 70 or so rules and render the rest of the entries (beyind 70 rows) to be "useless".