I've used the TP-LINK TL-WDN4800 for a few years. It works very well because it uses the ath9k driver, but unfortunately I haven't gotten good reliability from them. Both of mine died after about two years. Sorry I don't have pciconf for it, but I'm using an old dual radio router as an AP while I decide if I want to replace the WDN4800 or find something else.
This is brilliant, very useful information. A point that I found particularly useful was about diversity, which others new to the wireless aspects of pfsense might easily be wondering also - A wireless card might have two antennas but each antenna cannot be used at the same time either transmitting or receiving (effectively doubling bandwidth contrary to one antenna) - it doesn't work like that; the two antennas are used separately and purely to create robustness where there is multipath distortion. In single antenna scenarios one should disable diversity and set the tx and rx antennas, available under the wireless configuration pages under the interface. I know I repeat what you posted (thanks again for your help in my previous post, its still working all good!) I repeat it incase others arrive at this page if searching for related issues!
CAPS = Capabilities
Depending on the capabilities of the APs, the following flags can be included in the output:
E - Extended Service Set (ESS). Indicates that the station is part of an infrastructure network (in contrast to an IBSS/ad-hoc network).
I - IBSS/ad-hoc network. Indicates that the station is part of an ad-hoc network (in contrast to an ESS network).
P - Privacy. Data confidentiality is required for all data frames exchanged within the BSS. This means that this BSS requires the station to use cryptographic means such as WEP, TKIP or AES-CCMP to encrypt/decrypt data frames being exchanged with others.
S - Short Preamble. Indicates that the network is using short preambles (defined in 802.11b High Rate/DSSS PHY, short pre- amble utilizes a 56 bit sync field in contrast to a 128 bit field used in long preamble mode).
s - Short slot time. Indicates that the network is using a short slot time.
AID = Association ID (describes the ID that the AP has given to a certain mac/client)
IDLE = idletime
TXSEQ = Transmit Sequence
RXSEQ = Receive Sequence
ERP set to 0 means the device is 802.11 compliant. For more info about ERP read up on the 802.11 standard.
RSSI = Receive Signal Strength Indicator
RSSI to dBm can be calculated like this for Atheros cards:
RSSI_Max = 60
Convert % to RSSI
Subtract 95 from RSSI to derive dBm
Notice that this gives a dBm range of –35dBm at 100% and –95dBm at 0%.
PS. RSSI is different for most vendors. and can not be campared easily (ex. Cisco has 0 -->100 ). Also it is not a very acurate means to measure signal quality, rather it measures strengt only.
Let us know how it turns out - what exactly is providing the wifi? Is your own? You know those are not going to be very fast right..
data rates up to 300Mbps
That is marketing speak for maybe 150 right.. Oh wait..
Network Interface One 10/100 BaseT with RJ45 port (WAN/LAN)
Wow... Just utter nonsense marketing... They brag that it can do 3000Mbps, twice as fast as their other product
boasts speeds twice that of IOGEAR's Universal Wireless-N Adapter (GWU627).
but then it has a 10/100 wire.. So you might see 95ish ;) top end... So their other listed as 150, its spec's doesn't even list what the wire port is.. Have to assume 10/100 as well. So it could do say 75ish.. 95 vs 75 doesn't seem double to me ;)
Hope it works out for you. If your wan is only 100 you should be fine.
Your cert fields not going to be a problem - the type of cert would be..
Here easier to show the freerad server cert and the client (my iphone) cert since they are at the top
Your problem with windows is not going to let you install the cert without a password. Which the gui doesn't allow you to do.. You have to put a password on your cert. I just use openssl.. There are multiple threads about it. But if you want can screenshot my settings, and then run through putting a cert on my windows 10 desktop and authing with it.
I have had good success pushing OpenVPN form 4G Routers running OpenWRT / LuCi.
A management/orchestration platform is currently only available for tnsr. As far as I know, something like that is planned for pfSense as well.
this very sad that pfSense is terrible with LTE modems. I just received Teltonika RUT950 LTE box with Linux FW. After 5min I had FW/LTE modem configured and Ipsec VPN working to office - 5 min! Their FW is just not as good as pfSense is... I have now worked on these LTE modems in pfSense for over year and not found any really working solution (yes - I know that I'm a idiot who just don't understand over three pages of command line scripts to get Hello World effect with modems. This ppp method is pure "shit", unstable etc.. - I need full speed of 4G LTE, not old school 3G HSDPA+. I know that here in pfSense community are a lot of guru's who can do what they want with pfSense, but I'm just wondering how LTE modem support can be so bad and why there is no one working on it. Mobility where pfSense must be a player. but now it is far from it. I'm sorry that I'm a bit negative but thats only because I love pfSense in general. I use it everywhere, but now I'm having do-or-die situation with mobile devices. I have also seeing some bigger issues with mass management of pfSense units. There is nothing done on that side for pfSense. (ok this is topic for totally other thread)
So I really ask help on modems in pfSense and I need to have everything out of the modem - Ethernet type connection please. Something must work "out of the box" - this is the case in Linux in most of the cases. Why it's not here?
Be it pfsense sees or not - freebsd and wifi just not a good fit.
if you want to run wifi on your network - get an AP, or use some old soho wifi router you have or pick up for $20 as your wifi. It just not worth the hassle trying to use some wifi card as AP in pfsense.
If your trying to get it to work as some wifi connection for psfense to leverage as a client your going to need to look on the compatibility list.
@netdragon said in Meshed access point - recommendation:
Has anyone tried it for ubiquiti with the pfsense plugin above with an AC adapter?
Huh? I think you misunderstand what that does - it just runs the controller software.. It has zero to do with any sort of adapters in your pfsense box.. It would be used with unifi AP.
… second SSID ... different WPA2 password, however I could not put it on a different frequency ... which is super annoying.
I think this is either a hardware limitation with the PCIe card, an OS limitation in BSD, or a driver limitation of sorts.
Technical suggestion: it's a limitation of the admin to understand how WiFi with multiple SSIDs on the same wireless NIC works.
Multi-SSIDs will always be the same channel. It just broadcasts a different SSID simultaneously, which obviously happens on the same frequency/channel.
You have already been told that FreeBSD's support for WiFi is "minimal" at best. Keep that in mind before posting something about limited wireless config options or less than expected WiFi throughput and such.
Best option is to buy a used Ruckus 7372/7982 on eBay for $40 and forget about all WiFi troubles. Even though you don't wanna hear that.
You have been warned…
Sorry for the late reply, work has been crazy busy and I just had a chance to try this. Set up the NAT in about 5 minutes and it worked perfectly. Also your explanation made perfect sense why it wasnt working and how NAT will make it work. Thanks for your time!
Seems to work fine but the main installation I am using is pretty small and all devices can pretty much see both APs all the time.
The last WiFi work I did was in a large warehouse a few months ago. There were 6 APs throughout the building. There's no way you'd see the APs at one end of the building, from the other. The place was so large we had to use fibre to connect parts of it. They have Cisco APs and switches.
Potentially that may be better. The best option is to use an external 3G/4G modem that provides Ethernet such as the Netgear LBxxxx devices.
pfSense may support USB tethering from the Jetpack, it depends how it appears when connected. However it will have issues if that interface is assigned and then disconnected.
Late reply but…
We can't actually see if it's running in hostap mode from that, it's just off the screenshot on the 'media' line.
The interface settings page would be more useful there. Check the system log for errors.
did you assign only the vlans as interfaces in pfsense or did you assign the re1 itself too?
the unifi-ap uses the settings of the re1-interface for management. means you need to assign an interface to re1 and set up the dhcp for that too. after that you should be able to do a layer3 adoption
This is not necessary in the newest controller. You don't need a native vlan. You can assign management vlan in settings for AP without having to assign a native vlan to it. It takes some planning and basic vlan knowledge to configure.
Hello, I have the same problem. Did you find the answer for this issue? In my case It seems because I am not authenticating, so my phone disconnected every 2 minutes.., But my computer does not have problem If I authenticate or not. Any ideas?
The controller needs to be on an untagged port
The AP's need to to be in a trunk with the native vlan the same as the controller, the vlans for the SSIDS 310, 320 & 330 need to be tagged.
Here is what my Linksys switch looks like, my untagged vlan is 4093.
GE1 Trunk 4093 Admit All Enabled 2T, 3T, 4T, 5T, 6T, 7T, 4093UP
GE2 Trunk 4093 Admit All Enabled 2T, 3T, 4T, 7T, 4093UP
GE3 Access 4093 Admit All Enabled 4093UP
GE8 Trunk 4093 Admit All Enabled 2T, 3T, 4T, 5T, 6T, 7T, 4093UP
GE1 >> pfSense
GE2 >> AP
GE3 >> Controller
GE8 >> interlink to other switch
You need to carry the vlans across all the interlinks if you want them on an edge port.
I'd be tempted to set up an edge port in vlan 310, 320 & 330 as a normal port and check the vlans are being carried correctly, working your way back to the Cisco to check.
You could also check the ports are configured correctly by connecting up a laptop to the trunks and filtering on vlan.id that should display ports that are vlan tagged.
Thanks gjaltemba and Chris!
I swapped the routers and found the AP on OPT1 was not working under LAN too. I checked the AP setting where I had configured for static ip, 192.168.50.2 and the gateway as 192.168.50.1 and primary DNS was 192.168.50.1. I thought this could have caused issue and made it as auto IP. To be safe I reset the router.
The two settings, I guess, would have caused the issue are:
1. Primary DNS was 192.168.50.1
2. Wireless Isolation (checked) in the wireless settings.
However the issue is resolved. I appreciate your help. You made me think and try different options.
No luck with the WRT54GL either so lead me to believe it was the set up.
Had both interfaces bridged between the lan port and the one leading to the Access point.
Ended up removing the bridge, setting the Port for the AP to another subnet with its own DHCP server and now I am able to connect with any wireless device when they access the AP.
Made some firewall rules and now everything on wifi can access the lan, and vice versa. Not sure if this was the most efficient way to do this, but it is working without any issues with the Asus RT-n56u. So far.
Duh ;) Not sure where you got the idea that freebsd was choice for wifi…
If you need wifi connectivity use external AP or if you need to connect to some wisp or something use their device or get a wifi ethernet bridge, etc.