diff --git a/src/opnsense/mvc/app/library/OPNsense/Auth/Radius.php b/src/opnsense/mvc/app/library/OPNsense/Auth/Radius.php
index c5ab9ac3c..f78f8c55e 100644
--- a/src/opnsense/mvc/app/library/OPNsense/Auth/Radius.php
+++ b/src/opnsense/mvc/app/library/OPNsense/Auth/Radius.php
@@ -115,6 +115,194 @@ class Radius implements IAuthConnector
         return $this->lastAuthProperties;
     }
 
+    /**
+     * send start accounting message to radius
+     * @param $username username
+     * @param $sessionid session id to pass through
+     */
+    public function startAccounting($username, $sessionid)
+    {
+        $radius = radius_auth_open();
+
+        $error = null;
+        if (!radius_add_server(
+            $radius,
+            $this->radiusHost,
+            $this->acctPort,
+            $this->sharedSecret,
+            $this->timeout,
+            $this->maxRetries
+        )) {
+            $error = radius_strerror($radius);
+        } elseif (!radius_create_request($radius, RADIUS_ACCOUNTING_REQUEST)) {
+            $error = radius_strerror($radius);
+        } elseif (!radius_put_string($radius, RADIUS_NAS_IDENTIFIER, $this->nasIdentifier)) {
+            $error = radius_strerror($radius);
+        } elseif (!radius_put_int($radius, RADIUS_SERVICE_TYPE, RADIUS_FRAMED)) {
+            $error = radius_strerror($radius);
+        } elseif (!radius_put_int($radius, RADIUS_FRAMED_PROTOCOL, RADIUS_ETHERNET)) {
+            $error = radius_strerror($radius);
+        } elseif (!radius_put_int($radius, RADIUS_NAS_PORT, 0)) {
+            $error = radius_strerror($radius);
+        } elseif (!radius_put_int($radius, RADIUS_NAS_PORT_TYPE, RADIUS_ETHERNET)) {
+            $error = radius_strerror($radius);
+        } elseif (!radius_put_string($radius, RADIUS_USER_NAME, $username)) {
+            $error = radius_strerror($radius);
+        } elseif (!radius_put_int($radius, RADIUS_ACCT_STATUS_TYPE, RADIUS_START)) {
+            $error = radius_strerror($radius);
+        } elseif (!radius_put_string($radius, RADIUS_ACCT_SESSION_ID, $sessionid)) {
+            $error = radius_strerror($radius);
+        } elseif (!radius_put_int($radius, RADIUS_ACCT_AUTHENTIC, RADIUS_AUTH_LOCAL)) {
+            $error = radius_strerror($radius);
+        }
+
+        if ($error != null) {
+            syslog(LOG_ERR, 'RadiusError:' . radius_strerror($error));
+        } else {
+            $req = radius_send_request($radius);
+            if (!$req) {
+                syslog(LOG_ERR, 'RadiusError:' . radius_strerror($error));
+                exit;
+            }
+            switch($req) {
+                case RADIUS_ACCOUNTING_RESPONSE:
+                    break;
+                default:
+                    syslog(LOG_ERR, "Unexpected return value:$radius\n");
+
+            }
+            radius_close($radius);
+        }
+    }
+
+    /**
+     * stop radius accounting
+     * @param $username     user name
+     * @param $sessionid    session id
+     * @param $session_time total time spend on this session
+     */
+    public function stopAccounting($username, $sessionid, $session_time)
+    {
+        $radius = radius_auth_open();
+
+        $error = null;
+        if (!radius_add_server(
+            $radius,
+            $this->radiusHost,
+            $this->acctPort,
+            $this->sharedSecret,
+            $this->timeout,
+            $this->maxRetries
+        )) {
+            $error = radius_strerror($radius);
+        } elseif (!radius_create_request($radius, RADIUS_ACCOUNTING_REQUEST)) {
+            $error = radius_strerror($radius);
+        } elseif (!radius_put_string($radius, RADIUS_NAS_IDENTIFIER, $this->nasIdentifier)) {
+            $error = radius_strerror($radius);
+        } elseif (!radius_put_int($radius, RADIUS_SERVICE_TYPE, RADIUS_FRAMED)) {
+            $error = radius_strerror($radius);
+        } elseif (!radius_put_int($radius, RADIUS_FRAMED_PROTOCOL, RADIUS_ETHERNET)) {
+            $error = radius_strerror($radius);
+        } elseif (!radius_put_int($radius, RADIUS_NAS_PORT, 0)) {
+            $error = radius_strerror($radius);
+        } elseif (!radius_put_int($radius, RADIUS_NAS_PORT_TYPE, RADIUS_ETHERNET)) {
+            $error = radius_strerror($radius);
+        } elseif (!radius_put_string($radius, RADIUS_USER_NAME, $username)) {
+            $error = radius_strerror($radius);
+        } elseif (!radius_put_int($radius, RADIUS_ACCT_STATUS_TYPE, RADIUS_STOP)) {
+            $error = radius_strerror($radius);
+        } elseif (!radius_put_string($radius, RADIUS_ACCT_SESSION_ID, $sessionid)) {
+            $error = radius_strerror($radius);
+        } elseif (!radius_put_int($radius, RADIUS_ACCT_AUTHENTIC, RADIUS_AUTH_LOCAL)) {
+            $error = radius_strerror($radius);
+        } elseif (!radius_put_int($radius, RADIUS_ACCT_SESSION_TIME, $session_time)) {
+            $error = radius_strerror($radius);
+        } elseif (!radius_put_int($radius, RADIUS_ACCT_TERMINATE_CAUSE, RADIUS_TERM_USER_REQUEST)) {
+            $error = radius_strerror($radius);
+        }
+
+        if ($error != null) {
+            syslog(LOG_ERR, 'RadiusError:' . radius_strerror($error));
+        } else {
+            $req = radius_send_request($radius);
+            if (!$req) {
+                syslog(LOG_ERR, 'RadiusError:' . radius_strerror($error));
+                exit;
+            }
+            switch($req) {
+                case RADIUS_ACCOUNTING_RESPONSE:
+                    break;
+                default:
+                    syslog(LOG_ERR, "Unexpected return value:$radius\n");
+
+            }
+            radius_close($radius);
+        }
+    }
+
+    /**
+     * update radius accounting (interim update)
+     * @param $username     user name
+     * @param $sessionid    session id
+     * @param $session_time total time spend on this session
+     */
+    public function updateAccounting($username, $sessionid, $session_time)
+    {
+        $radius = radius_auth_open();
+
+        $error = null;
+        if (!radius_add_server(
+            $radius,
+            $this->radiusHost,
+            $this->acctPort,
+            $this->sharedSecret,
+            $this->timeout,
+            $this->maxRetries
+        )) {
+            $error = radius_strerror($radius);
+        } elseif (!radius_create_request($radius, RADIUS_ACCOUNTING_REQUEST)) {
+            $error = radius_strerror($radius);
+        } elseif (!radius_put_string($radius, RADIUS_NAS_IDENTIFIER, $this->nasIdentifier)) {
+            $error = radius_strerror($radius);
+        } elseif (!radius_put_int($radius, RADIUS_SERVICE_TYPE, RADIUS_FRAMED)) {
+            $error = radius_strerror($radius);
+        } elseif (!radius_put_int($radius, RADIUS_FRAMED_PROTOCOL, RADIUS_ETHERNET)) {
+            $error = radius_strerror($radius);
+        } elseif (!radius_put_int($radius, RADIUS_NAS_PORT, 0)) {
+            $error = radius_strerror($radius);
+        } elseif (!radius_put_int($radius, RADIUS_NAS_PORT_TYPE, RADIUS_ETHERNET)) {
+            $error = radius_strerror($radius);
+        } elseif (!radius_put_string($radius, RADIUS_USER_NAME, $username)) {
+            $error = radius_strerror($radius);
+        } elseif (!radius_put_int($radius, RADIUS_ACCT_STATUS_TYPE, RADIUS_UPDATE)) {
+            $error = radius_strerror($radius);
+        } elseif (!radius_put_string($radius, RADIUS_ACCT_SESSION_ID, $sessionid)) {
+            $error = radius_strerror($radius);
+        } elseif (!radius_put_int($radius, RADIUS_ACCT_AUTHENTIC, RADIUS_AUTH_LOCAL)) {
+            $error = radius_strerror($radius);
+        } elseif (!radius_put_int($radius, RADIUS_ACCT_SESSION_TIME, $session_time)) {
+            $error = radius_strerror($radius);
+        }
+
+        if ($error != null) {
+            syslog(LOG_ERR, 'RadiusError:' . radius_strerror($error));
+        } else {
+            $req = radius_send_request($radius);
+            if (!$req) {
+                syslog(LOG_ERR, 'RadiusError:' . radius_strerror($error));
+                exit;
+            }
+            switch($req) {
+                case RADIUS_ACCOUNTING_RESPONSE:
+                    break;
+                default:
+                    syslog(LOG_ERR, "Unexpected return value:$radius\n");
+
+            }
+            radius_close($radius);
+        }
+    }
+
     /**
      * authenticate user against radius
      * @param $username username to authenticate
@@ -146,6 +334,8 @@ class Radius implements IAuthConnector
             $error = radius_strerror($radius);
         } elseif (!radius_put_string($radius, RADIUS_NAS_IDENTIFIER, $this->nasIdentifier)) {
             $error = radius_strerror($radius);
+        } elseif (!radius_put_int($radius, RADIUS_NAS_PORT, 0)) {
+            $error = radius_strerror($radius);
         } elseif (!radius_put_int($radius, RADIUS_NAS_PORT_TYPE, RADIUS_ETHERNET)) {
             $error = radius_strerror($radius);
         } else {