On Apr 25, 2012, at 6:00 PM, <list-requ...@lists.pfsense.org> <list-requ...@lists.pfsense.org> wrote: > > On 4/25/12 4:29 AM, Christian Neumann wrote: >> Hi everybody, >> >> I just wanted to share how glad we are that pfSense exists. Usually people >> mostly share problems, but this time I just wanted to highlight what we have >> been able to achieve with a little bit of customization. Please let me know >> if this isn't the right forum for this and point to other place where I can >> share my appreciation. >> >> I'm working for a NGO in rural Africa (Malawi) and with pfSense we might >> probably run the biggest free WiFi hotspot throughout whole Malawi. Nothing >> special for modern installations, but in places with poor power and high >> communication costs the dimensions are pretty unique. >> >> So far we have around 25 access points that are used by approx. 100 unique >> systems/users during a typical business day. All this squeezes through a >> slow, high latency satellite link (~500 kBits/s downstream) and thanks to >> the Captive Portal components provides free access for all (through our >> public computers, other laptops as well as smartphones) while it is still >> manageable. >> >> In a nutshell we have/can: >> - Open access points without passwords (mainly running on dd-wrt) >> - A custom portal page where users need to register for the first time they >> connect to the network >> - RADIUS MAC authentication (yes, yes, it might be possible to fool, but in >> our context without hard billing requirements good enough) >> - Default (low) speed group for unknown users through Captive portal >> bandwidth restriction >> - Increase (promote) systems/users to higher bandwidth limits by admins >> - Blocking websites based on domain/URL and time of day >> - Mail notifications for important events (new user signed up, weekly RRD >> stats, reboots, ...) >> - 'Jail' for misbehaving systems and a HTTP redirecting to let them know >> - Optional Voucher support >> - Support for internal Voice over IP >> - (so far only imperfect) RADIUS accounting >> - Reports with last time systems were connected (usefull for cleanup RADIUS >> users) >> - Support for external monitoring solutions of internal network devices >> >> All this with ordinary pfSense customizations and a few custom extensions. I >> feel all this is pretty 'out of the box' pfSense, but I'm also happy to >> elaborate a bit more on this if someone finds this interesting. >> >> Thanks a lot for making our life a bit easier! >> christian >> > Hi Christian, > > We have pfSense running in a rural Kenyan district hospital: > http://linuxmednews.com/1328842067/index_html > > How are you doing UPS and VOIP?
Hi Yudhvir, For VoIP we have started to use the SIP proxy package (sipproxyd), but realized that after scaling up the VoIP service to multiple subnets (and network interfaces on pfSense) the package wasn't able to handle this. The way I understand sipproxyd, it needs to be bound to one interface. I *think* you could run multiple instances listening to different ports, but you need to configure the SIP clients in the different subnets to these different ports. But this way laptops and smartphones with SIP clients need to be reconfigured whenever they are in another subnet with the new port settings. So we ended up switching to IAX and a dedicated Asterix box. As IAX tunnels more or less nicely through firewalls, for our internal system it works good enough. For UPS (or backup power in general) we have multiple stages. We are connected to the grid (with on average 24 hours a week unpredictable downtime - sometimes much more). So the whole hospital is powered through an automatic generator that *should* kick in after a minute or two (if there is enough fuel in Malawi). Then we have UPSes at the main server room and power most network devices via Power over Ethernet (PoE). This way we can centralize the power supply. On top of this the servers, the sat link and other mission-critical IT devices are run through a series of deep-cycle batteries that provide DC straight to the systems. (Note: A low-power server which takes DC power last much longer than 'ordinary' server hardware powered through UPSes). I hope this answers your questions, christian _______________________________________________ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
