I need to be able to control the amount of bandwidth a specific user account can use on a VPN connection. One account I want to be able to use the VPN with no restrictions and another account I want to limit to a reasonable amount of bandwidth (say 10GB or so a month).
I'm aware that you can traffic shape individual connections but that does not quite solve the problem as the limited account can just disconnect and reconnect to get a new connection. I need to be able to limit bandwidth on a login basis for a given period of time (monthly limit).
I'm really not that familiar with traffic shaping in general so any advice would be appreciated.
Thank you.
Best Answer
I wouldn't call it "traffic shaping" with a time resolution of one month... You do not want to impose any restrictions before this hard limit is reached? I think you need to watch the traffic and disable the account when the limit is reached (or activate traffic shaping then, making the connection quite slow).
You may add rules (without target) for each of the connections (after configuring static addresses as mentioned before) in order to see the amount of traffic from and to this user. Every hour or so you can call a script / program which reads this amount of data, adds it to the user's traffic log, resets the counter (iptables --zero), sum up the traffic log and take the appropriate action if the user's limit turnes out to be reached.