checking authorization in the duration of connection

Ivan Kalik tnt at
Sat May 9 16:29:29 CEST 2009

> I mean if there is a windows vpn server as a NAS for radius server, could
> I
> set the session limit at the start of the session (at authentication)
> and use methods explained in netexpertise article ?

No. Microsoft has no traffic limiting VSAs. And it doesn't support
CoA/PoD. In Windows speak CoA stands for Certificate of Authenticity
(that's where their priorities are - in licencing). It supports only time
limited sessions (Session-Timeout).

Mikrotik can do this. I think that they have also implemented CoA in the
latest RouterOS release.

Ivan Kalik
Kalik Informatika ISP

>> How about vpn windows as NAS?
> Is that a joke? Windows server would be useless. It can't terminate adsl,
> at least not much more than one line. So, someone else is going to
> terminate adsl and send you what via VPN? Accounting? You don't need
> Windows at all then - just a freeradius server. Or traffic via L2TP
> tunnels? Your Windows server is going to die with any significant ammount
> of traffic. Using Windows server as a router is insane. It can work like
> that - but very, very badly. Even a cheap dumb $50-$100 router like
> Mikrotik will outperform it by miles.
> Ivan Kalik
> Kalik Informatika ISP
> -
> List info/subscribe/unsubscribe? See

More information about the Freeradius-Users mailing list