Skip to content
ProxRad Docs

Subscribers, Services, and NAS

Almost everything in ProxPanel revolves around three entities. Understand these and the rest of the system makes sense.

Subscriber

Section titled “Subscriber”

A subscriber is a PPPoE user — one row in the subscribers table, one login on a customer router, one billable account. Owned by exactly one reseller (or the admin directly).

Key fields:

  • username — usually customer@isp.com, unique system-wide.
  • password_plain — encrypted (AES-256-GCM) with <password-encryption-key>. RADIUS validates against this.
  • service_id — links to their current plan.
  • reseller_id — billing owner.
  • expiry_date — last day the account auth-passes.
  • is_active — soft on/off switch. Inactive accounts authentically fail.
  • is_online — synced every 30s by QuotaSync.
  • daily_quota_used, monthly_quota_used — bytes used since last reset.
  • fup_level, monthly_fup_level — current FUP tier (0 = normal, 1-6 = throttled).

Service

Section titled “Service”

A service is a plan template — speed, quota, FUP tiers, price, expiry rules. Defined once, assigned to many subscribers.

Key fields:

  • name, commercial_name, description
  • download_speed, upload_speed — in kb (kilobits). 2000 = 2 Mbps.
  • daily_quota, monthly_quota — in bytes.
  • 6 daily FUP tiers (FUP1Threshold, FUP1DownloadSpeed, … FUP6*) — each tier kicks in when the threshold is exceeded.
  • 6 monthly FUP tiers (same shape, different field names).
  • cdn_* — CDN-specific FUP and time-based controls.
  • price — per renewal period.
  • expiry_value, expiry_unit30 days, 1 month, etc.
  • pool_name — which MikroTik IP pool to draw from on PPPoE connect.

Services are global — there is no per-reseller ownership. Any reseller can assign any service to their subscribers.

NAS (Network Access Server)

Section titled “NAS (Network Access Server)”

A NAS is your BNG router — the device that talks RADIUS with ProxPanel. Each one is registered in nas_devices.

Key fields:

  • name, ip_address — must match the source IP of RADIUS packets the router sends.
  • secret — shared RADIUS secret.
  • backend_kindmikrotik or generic (for Cisco / Juniper / Huawei).
  • api_username, api_password, api_port — for live actions (Torch, Ping, queue sync).
  • subscriber_pools — comma-separated list of pool names the router exposes.
  • is_online, last_seen, version — auto-updated by health checks.

How they connect

Section titled “How they connect”
                ┌─────────────┐
                │   service   │  (id=4, "4M-50GB", 4000kb, pool=4M-pool)
                └──────┬──────┘
                       │ service_id
                       
                ┌─────────────┐         ┌─────────────┐
                │ subscriber  │────────►│  reseller   │
                │ (online)    │         │ (owns it)   │
                └──────┬──────┘         └─────────────┘
                       │ during auth
                       
                ┌─────────────┐
                │     NAS     │ (router doing the auth)
                └─────────────┘

When a subscriber connects:

  1. NAS sends Access-Request → ProxPanel looks up subscriber by username.
  2. ProxPanel checks service_id → reads speed + pool name from the service.
  3. Returns Mikrotik-Rate-Limit and Framed-Pool to NAS.
  4. NAS creates queue and assigns IP from that pool.