Dreamnet — Pakistan
FreeRADIUS Authentication & ISP Router Management for Dreamnet
- Tens of thousands
- Subscribers managed
- Hundreds
- Routers under control
- FreeRADIUS · Laravel · MikroTik RouterOS
- Tech
- Live in production
- Status
Project details
The Challenge
Dreamnet is a Pakistani internet service provider running a growing subscriber base across a fleet of MikroTik routers distributed over multiple service areas. The way the operation worked before we came in was the way most small-to-mid ISPs in the region work: subscriber records lived in spreadsheets and a billing tool that didn't talk to the network, and every plan change, bandwidth tweak, or service suspension was applied by an engineer logging into the relevant router and editing PPPoE secrets and queues by hand.
The brief was to replace that manual chain with a proper authentication backend and a web-based management platform — one place where the support and operations teams could provision a subscriber, change a plan, throttle bandwidth, or suspend service, and have those changes propagate cleanly to the routers without anyone touching a CLI. The platform had to handle the existing subscriber base without disrupting active sessions, and had to keep working when individual routers were temporarily unreachable.
Our Approach
We treated this as a two-layer build: a FreeRADIUS authentication backend that the routers actually talk to, and a Laravel management platform that the humans actually use. Keeping those two layers cleanly separated was the architectural call that mattered — FreeRADIUS owns the authentication and accounting traffic, the Laravel app owns the operational state, and a thin, idempotent sync layer between them is the only path by which changes flow.
FreeRADIUS sits in front of the router fleet handling PPPoE authentication, per-user attribute assignment (rate limits, IP pools, session caps), and accounting. We modelled subscribers, plans, and per-subscriber overrides in the Laravel database, with FreeRADIUS reading user and group attributes from a SQL backend kept in sync with the operational store. CoA (Change-of-Authorization) packets are used to apply mid-session changes without forcing a reconnect — important for the customer experience when an operator changes a plan or releases a quota.
The web platform is where the operations team spends its day. Capabilities shipped:
- Subscriber CRUD — onboarding, plan assignment, address and CNIC data, contract documents, ticket history.
- Plan & bandwidth shaping — defined plans with upload/download caps, burst rules, and fair-usage policies, applied via MikroTik queues and RADIUS attributes.
- Router orchestration — read and write to the MikroTik fleet over the RouterOS API, with reconciliation jobs that detect drift between intended state and actual router state.
- Billing integration — invoicing tied to the same subscriber records, with automated suspension and reactivation on payment status changes.
- Operations dashboard — active sessions, router health, subscriber lookups, and an audit trail of every operator action.
Stack: FreeRADIUS · Laravel · PHP 8 · MySQL · Redis · MikroTik RouterOS API, with queue workers handling router-side propagation and a reconciliation worker that runs continuously to keep the operational store and the router fleet in agreement.
The Outcome
The platform is live in production and is the day-to-day surface through which Dreamnet's team runs the network. Tens of thousands of subscribers authenticate against the FreeRADIUS backend, and hundreds of routers are under unified management — provisioning a new subscriber or changing a plan is now a form in the web app rather than a CLI session against the relevant router.
The operational gains are the ones any ISP feels when manual provisioning goes away: faster onboarding, cleaner audit trails, fewer "who changed this" incidents, and a support team that can resolve plan and quota issues without escalating to engineering. Our engagement continues as Dreamnet extends the platform to additional service areas and adds new operational workflows on top of the same foundation.
Capabilities used
Services that powered this project
Next project
Bitbuts — Canada