I made it. For other folks experiencing the same issue, please find the steps I had to perform below:
Verify whether you are running QMI or DIP. You need to have DIP.
If it shows /dev/cuau1, then you're in QMI mode; if it's /dec/cuaU1, then you're in DIP mode.
There is a switching Windows utility from Sierra, google for "BZ31018_DIP_QMI_ModeSwitch.zip".
If you prefer to verify on Windows, install Sierra MC drivers, find MC7710 in the device manager and look for the USB PID in details. 68A2 = QMI
68A3 = DIP
Upgrade your device firmware. I did on Windows. Go to Sierra Website and look for the latest firmware in an exe file. Note: Run it as administrator. (I used 18.104.22.168 btw.) https://source.sierrawireless.com/resources/airprime/software/mc7710-swi9200x_03,-d-,05,-d-,29,-d-,03_dip/#sthash.2BUNVsJm.dpbs
You may verify your card with the Sierra Windows Tool to make sure, hardware is all ok https://source.sierrawireless.com/resources/airprime/development_kits/airprime-mc-series-connection-manager-dip-build-3830/#sthash.qUh6avRG.dpbs
The Windows Store App did not work for me.
Put your card back into your APU and connect pigtail.
Add PPP interface using GUI, but use /dev/cuaU3.0. /dev/cuaU1.0 did not work for me.
Reboot. My APU automatically received a WAN IP, no additional config needed. Well, I had to plug my antenna, which I noticed quite well ;-)
By the way, this is a thread duplicate to: https://forum.netgate.com/topic/125081/pc-engines-alix-6f2-mc7710-issue-2-3-5-release-p1-i386/4
While true you can take any old soho wifi router and just use its AP features... soho wifi routers, include a routing function, switch ports and a AP in 1 box..
The switch is dumb, and therefor almost always the AP is dumb.. Or atleast configured that way via the native firmware. Other then allowing "guest" ssid that is not bridged to the switch ports.
While the hardware quite often, but not always does support doing vlans. I have never seen the native firmware leverage them for anything other than maybe the "guest" network most of them allow you to create, which really is just not bridged to the switch ports vlan.
Normally they do actual use vlans, this is how they isolate the wan and the lan. But the interface doesn't allow the user to change or manipulate them really in any way.
So simple way to just use them as a dumb AP is just turn off dhcp on them, and connect them to your network via one of the lan ports. Now anything on wifi (not guest ssid) is bridged to your switch ports = AP..
So if you want to actual do vlans, either put 3rd party firmware on the device to expose way to configure the vlans. Or get an actual AP, then yes normally would support vlans..
Finally got a time window over the weekend to reinstall the pfSense. This time, I went through the process as suggested by DAVe3283 and akuma1x. The details are below.
First, on the pfSense, I setup DHCP static addresses for the AP's and the controller PC using their MAC addresses.
Next, prior to shutting down the Untangle Firewall, I factory defaulted all of the AP's from the Unifi Controller software. Once they were all defaulted, I removed power from the AP's and also removed power from the ethernet switch they were connected to. Not sure if removing power was necessary, but, wanted to make sure the AP's would boot up and get a new IP from the pfSense with no issues.
On the controller PC, In the Unifi Controller software, made sure the gateway setting and network settings reflected the new network information: 192.168.14.1 and 192.168.14.x/23. Powered down the Unifi Controller PC.
Shutdown the Untangle Firewall and connected the pfSense Firewall in its place and powered it and the ethernet switch up. Used my laptop to connect to the webUI of pfSense via the ethernet switch. After the pfSense Firewall powered up and I could see that all interfaces were up from my laptop, I powered up the Unifi Controller PC.
The Unifi Controller PC booted up and got its new IP. In the Unifi Controller software, I adopted all the AP's one by one and verified they received the correct IPs and were "Connected". They were consistently connected for over an hour with no further issues as I'd had in the previous install attempt.
Verified client PCs were connecting the the APs and passing traffic successfully.
Started fail-over testing by disconnecting WAN1. Made sure internet traffic was flowing through WAN2 and then back through WAN1 when I reconnected WAN1. It did, and I was impressed at how fast and seamless the transition was!
After a couple of days, everything is still working great. Thanks to all who submitted suggestions - this one is solved!
Hello, I Prayut
My wireless at home dropped off a lot. I don't know why Open and close several times, it still does not disappear. Thank you for the good answer.
If you're running pfSense 2.4.5-p1 with a wireless card, check freebsd 11.3 hardware compatibility list.
My memory from hanging out in these forums is that wifi cards are generally are not going to work great with pfSense. I don't know the technical reasons but if I had to take a guess, a wireless card plugged into a PC running pfSense (freebsd) is generally going to be a card meant for a client PC to connect to a wireless access point. Whereas with pfSense, you're asking this client card to BE the access point for potentially many clients. This card's typical job is to handle a single connection, not ten different connections.
The most common recommendation is to use a dedicated wireless access point connected to pfsense via ethernet. If you have an old wireless router, disable DHCP on it and use the LAN interface on that to connect to pfSense.
Edit: More information,
I also tried throwing up a guest network, but again there doesn't appear to be a way to pass a tag along to pfsense. It doesn't appear to see it any different than my main SSID.
Pfsense definitely supports VLAN tags. Configure a VLAN interface on pfsense and AP with the same tag. Then, if you have a managed switch between them, you will have to configure it to pass the tagged frames.
Like make it hurt to have to enter that password on new devices... :)
I use 63 random character strings, from www.grc.com, for my passwords. The only exception is for my guest WiFi, which has a simple password. However, anything connected to the guest network is blocked from accessing anything else on my network, including pfSense.
As for only one device connecting, that can be configured in the DHCP server. You can create a rule to allow only certain IP addresses to connect to the management. Also, you should have a password on it and you can use a key for ssh.
You should try to define your needs, before trying to come up with a solution.
@jly2680 Right now I have the AzureWave AW-NU706H USB mpcie Wifi card installed on the mini pc. There is also Foxconn WFUR6 USB wifi card which has supports AC. You can find it on AliExpress too. In the end I have ordered an VONETS AC1200 Mini Wireless Bridge Repeater Wi-Fi Dual Band Bridge Range Extender (VAP11AC) from Aliexpress which also has AP functionality and can be powered on by USB without external power plug.
But it seems that you could install the v3 firmware onto their v2 hardware and correct the vlan issue... But yeah would prob be easier to avoid that brand all together. If your goal is ability to actually do vlans ;)
Mine is V2, but it's not that critical and my next plans would be to update to 802.11ac or ax, though that's not a priority, as my ThinkPad can only do 2.4 GHz n. However, my phone can do ac and tablet n on both bands.
Thanks so much for replying. My initial poor understanding was that the Atheros chip in the Qotom was an AR9382, which information I got from the Aliexpress website, but of course I should have realised that while great on price and shipping and products, technical details from vendors there are very often wrong or missing.
Using dmesg I find that it is actually an Atheros AR9285. From the Atheros datasheet:
Frequency Band 2.4 GHz
Network Standard 802.11b, 802.11g, 802.11n
My solution is to simply run pfSense in a virtualbox under a minimal linux host (I installed ubuntu from the minimal.iso and selected minimal mate desktop). I configured wpa_supplicant on the linux host to associate the wireless adapter to the AP, and then bridged it to pfSense as a WAN gateway. I have a triple-WAN setup with failover (not load balancing) with FiOS, xfinity and cellular broadband as the WAN gateways. All good, it works great.
Ryan, Hi) the pfSense from FreeBSD for use as a firewall and router with an easy-to-use web interface -the only pros, don't even try, just time was spent . I installed the software yourself on my own hardware. Thought it would be great. It works well only in a house. When I go outside for a meter it immediately turns off. Also have been looking for smth that works cool with a dedicated pfSense route.
The only caveat is the modem needs to be in the correct usb-profile otherwise you don't get an AT port. If it's a rebranded device it may be supplied locked to MBIM or QMI only and you have the change the profile first.