This is brilliant, very useful information. A point that I found particularly useful was about diversity, which others new to the wireless aspects of pfsense might easily be wondering also - A wireless card might have two antennas but each antenna cannot be used at the same time either transmitting or receiving (effectively doubling bandwidth contrary to one antenna) - it doesn't work like that; the two antennas are used separately and purely to create robustness where there is multipath distortion. In single antenna scenarios one should disable diversity and set the tx and rx antennas, available under the wireless configuration pages under the interface. I know I repeat what you posted (thanks again for your help in my previous post, its still working all good!) I repeat it incase others arrive at this page if searching for related issues!
Depending on the capabilities of the APs, the following flags can be included in the output:
E - Extended Service Set (ESS). Indicates that the station is part of an infrastructure network (in contrast to an IBSS/ad-hoc network).
I - IBSS/ad-hoc network. Indicates that the station is part of an ad-hoc network (in contrast to an ESS network).
P - Privacy. Data confidentiality is required for all data frames exchanged within the BSS. This means that this BSS requires the station to use cryptographic means such as WEP, TKIP or AES-CCMP to encrypt/decrypt data frames being exchanged with others.
S - Short Preamble. Indicates that the network is using short preambles (defined in 802.11b High Rate/DSSS PHY, short pre- amble utilizes a 56 bit sync field in contrast to a 128 bit field used in long preamble mode).
s - Short slot time. Indicates that the network is using a short slot time.
AID = Association ID (describes the ID that the AP has given to a certain mac/client)
IDLE = idletime
TXSEQ = Transmit Sequence
RXSEQ = Receive Sequence
ERP set to 0 means the device is 802.11 compliant. For more info about ERP read up on the 802.11 standard.
RSSI = Receive Signal Strength Indicator
RSSI to dBm can be calculated like this for Atheros cards:
RSSI_Max = 60
Convert % to RSSI
Subtract 95 from RSSI to derive dBm
Notice that this gives a dBm range of –35dBm at 100% and –95dBm at 0%.
PS. RSSI is different for most vendors. and can not be campared easily (ex. Cisco has 0 -->100 ). Also it is not a very acurate means to measure signal quality, rather it measures strengt only.
I've never used them so it's hard to comment. There are not a mesh system though as far as I know. So if you require a mesh to get full coverage now you may need to run more Ethernet lines to position APs in different places.
They can be meshed if that's really what you want, but it's best to avoid meshing if you can hardwire.
There's no difference, in connection terms, between using LAN or and OPT interface in pfSense. Neither require a VLAN unless you don't have an OPT NIC. Using OPT gives you more fine grained control over wireless vs wired connections of course.
But, yes, it is better in almost every way to remove the double NAT and use the wifi router as a pure access point: https://docs.netgate.com/pfsense/en/latest/recipes/external-wireless-router.html
I have two here, both are internal m.2 cards but still USB connected. Neither are current though so it's hard to recommend for a new deployment.
The only thing that will always work is an external Ethernet connected LTE modem.
Mmm, the settings should be common so should change for all when you set them. Or at least that's what I expect to happen. The number of people running wifi with multiple VAPs in pfSense is... small!
I tried to replicate this using a WLE200NX card in an SG-2100 but could not make it panic. It allowed me to set dual standards/frequencies and even appeared to be broadcasting both but of course only one is actually functional.
I did find a couple of other bugs but neither would cause a panic.
The date I've found for Norway is that 2G dies in 2025. But they've said that before, and the amount of alarm installations, oil plattform applications and other stuff has stopped the deadline for 2G before, so I'm guessing around 2030. 😂 And 4G I'm expecting to have longer than my car. I like to keep new cars that I buy for at least five, preferably ten years, and with this Mercedes EQC I can't see myself needing anything else as long as the battery lasts. The warranty is 8 years/160 000 km (100 000 miles), so that's probably when I start looking for something else. By then I'm sure the cars are flying drones! 🤘
Yes you could use pools in one subnet and filter them differently using aliases but you can't filter traffic between the clients on one subnet that way. Traffic would just go between them directly without passing through pfSense. Only one interface.
Really you need to use VLANs in there to separate the traffic at layer 2.
@stephenw10 after many hours digging the internet and various tryes, found that the modem card was correctlly installed for an older firmware of the apu4d4. With the one i have the modem was detected by the pfsense but the sim card was not internally linked to that slot. After moving it to the correct pci-slot. it worked like plug&play, with the &F init string and cuau0.0.
one of the good sources of info to debug the modem is https://teklager.se/en/knowledge-base/pfsense-lte-troubleshooting/
Mmm, well the best device you can get is something based on one of the older 3x3 chipsets.
I have a Sparklan WPEA-127N which works well. Any equivalent AR9380 based card should also work. Still pretty bad compared to any current AP. 😉
It depends what you are putting it in but a later Atheros based 3x3 card is about the best you can do. So for example I have here a Sparklan WPEA-127N. It works pretty good but I still mostly use it just to test the wifi components in pfSense.
I have installed pfSence successfully with 2 network interface vmbr0 and vmbr1
vmbr1 has no network adapter connected yet.
If you install pfSense with to interfaces, it uses the first one for WAN, the second for LAN. However, it allows only access on LAN, but that might be connected to vmbr1 which is not connected to any network.
If you only enable one interface, the GUI should be accessible on this.
Or if you're running other VMs on Proxmox, you can connect to vmbr1 as well as pfSense and access the GUI from there.
However, basically if your router provides DHCP, pfSense should pull an IP from it on WAN if it's connected to vmbr0.
My next plan is to see if I can update the bios, if that fails I might have a dead slot on the board.
As Steve say: try that card in a other MoBo (if available). If you have an other mini PCIe-Card, that you know she is working, put her in and see if the system recognize it. So you can see if the slot has a problem. The BIOS is of course a possible culprit (I dont think so).
I was not able to spot any relevant difference between the successful and unsuccessful attempt, even the assigned IP is the same. To me it seems that the issue seems to be located somewhere else than in WAN connectivity.