@RyanM said in Adding a mesh wifi network:

plays nice with a dedicated pfSense route

Ryan, Hi) the pfSense from FreeBSD for use as a firewall and router with an easy-to-use web interface -the only pros, don't even try, just time was spent . I installed the software yourself on my own hardware. Thought it would be great. It works well only in a house. When I go outside for a meter it immediately turns off. Also have been looking for smth that works cool with a dedicated pfSense route.

@jimp thank you! I will try few devices and see what gives me the best coverage with AP only.

What did you actually try to get this working?

I have that modem. It works.

The only caveat is the modem needs to be in the correct usb-profile otherwise you don't get an AT port. If it's a rebranded device it may be supplied locked to MBIM or QMI only and you have the change the profile first.

Steve

Thanka for the help. I'll try it tonight

Thank you stephenw10

Some stuff seems to be reversed here. What exactly do you ant to achieve?

It seems like you want to setup the laptop running pfSense as an additional access point. Perhaps so that when you connect to it all you traffic goes via a VPN?

You have the wifi interface assigned as WAN and it's logically the LAN. Those are just names in pfSense, you can do it like that, but it's very confusing.

Steve

Just for clarity loader.conf doesn't get overwritten at boot. It may get overwritten when making changes to settings or at upgrade. But any custom values should be in loader.conf.local as said.

What version of pfSense are you running? What hardware are you running it on?

iwm or it's firmware are not loaded by default. They also don't appear to be available as modules in 2.4.5 so you would need to copy them across from a compatible FreeBSD version.

Steve

Nice. I had read a lot of that but not all. Some great info on that github page. 👍

Yes you can. You can have a look at this list provided by netgate of known 3g/4g modem devices. https://docs.netgate.com/pfsense/en/latest/cellular/known-working-3g-4g-modems.html

@stephenw10
I just got mine up and running. I cancelled with the controller and just did the android app configuration. Super Ez.
At least for my case with just one AP

Everything is perfectly setup right now

corrected code:

$cat /usr/local/bin/e3372.sh #/bin/sh echo 'AT^NDISDUP=1,1,"your APN here"' > /dev/cuaU0.1 $chmod +x /usr/local/bin/e3372.sh $cat /usr/local/etc/devd/e3372h.conf #12d1:1506 attach 20 { match "vendor" "0x12d1"; match "product" "0x1506"; action "/usr/local/bin/e3372.sh"; };

Modem should be running 21.x stick firmware, switching to a proper composition prior to use should not harm:

AT^SETPORT="FF;10,12,16"

Depending on the firmware version used the command above could be not available. If switching to PID:1506 is required that could be achieved by using usb_modeswitch, not tested with the above mentioned scripts though.

😁 Yeah, it's definitely not been disabled on some fundamental level!

That's a TP-Link TL-WN7200ND but there is no significant difference between an external USB device like that and one connected via USB on a mPCIe port.
Hard to imagine what might have changed since 2.4.4p1 that could effect this really. I assume the USB device itself doesn't show as disconnecting/reconnecting?

Your show up any different?

[2.4.4-RELEASE][admin@7100.stevew.lan]/root: sysctl dev.run dev.run.0.%parent: uhub0 dev.run.0.%pnpinfo: vendor=0x148f product=0x3070 devclass=0x00 devsubclass=0x00 devproto=0x00 sernum="1.0" release=0x0101 mode=host intclass=0xff intsubclass=0xff intprotocol=0xff dev.run.0.%location: bus=0 hubaddr=1 port=2 devaddr=2 interface=0 ugen=ugen0.2 dev.run.0.%driver: run dev.run.0.%desc: 1.0 dev.run.%parent:

Steve

An actual access point will generally work much better and can use current wifi tech etc.

I have had some success with a TP-Link tl-wn7200nd. It's a Ralink rt2800 based device. It's only 1x1 though so 150Mbps theoretical max. I've not tested anything newer myself.

Steve

Possibly not and if it does should that really be the target? 😉

You can use internal mPCIe/m.2 modems and they work well enough, I use one here. Whether you would count it as '4G LTE' though..... I get ~40Mbps on good days.

Steve

check this, it's useful if you need a wifi card
https://docs.netgate.com/pfsense/en/latest/book/wireless/wireless-hardware.html
https://docs.google.com/spreadsheets/d/11cF4UoNL68Me5ZC6qhjFPmzdW7mib56dBIAKz30Qpug/edit?hl=en&hl=en#gid=0

thanx wil try this

@stephenw10 Openwrt has inadequate support on Broadcom chip. Partly support 2.4ghz wifi and do not support 5ghz band at all, etc....

Use an Atheros based card for best support out of the box.

Okay 👍 but at first i must change the config permanantly of my Modem

thats the output of usbconf

if i change the config manual from default (config 0) to config 1 i get an ethernet device but no usb ports for ppp etc

In the packet capture do you see fragmented packets?

Do you see larger packets on the wireless intrerface that from wired clients?

Or just any difference there?

Steve

WPA2 is encrypted... I think you need to do some research into the difference between wpa2 psk, and wpa2 enterprise.. All that changes is the auth method... The encryption doesn't change depending on eap you use.

I am not familiar with eap-tls

Then I would not suggest you use it... Its not going to get you anything but a complex setup you do not understand.... You understand that consumer devices normally do not understand methods of wpa2 enterprise..

I suggest you create a secure PSK, and be done with it... Your wireless is now secure.

@JKnott said in Wireless AP with Repeaters and More Wireless APs:

However, according to the OP, several IPs have been assigned to the same MAC, which might not be true

Yeah my mistake. In fact that is what I've seen before, the same MAC used for all IPs coming via the repeater.
Which is what the wikipedia page shows as expected: https://en.wikipedia.org/wiki/Wireless_repeater

As I said it's all voodoo! Avoid if possible. 😉

@DelvinGomes said in Default gateway ping high - Please help!:

192.168.0.1

What is that gateway in this context? The pfSense interface IP or something upstream?

What does Status > Gateways show for the ping time.

If you're interesting in minimising latency though you should not be using wifi.

Steve

You might be able to configure the wifi card in the hypervisor and then pass it through to pfSense as Ethernet. I've never tried that but I've seen people do it with other connection types.

Steve

@json-paul said in Selective client traffic filtering over Bridged Access Point:

My aim is to setup a bridged wireless access point and to be able to control which clients in the bridge network can access other client machine under the same network.

PfSense does not affect connections between devices on the same network.

It's probably in the wrong usb composition mode. Some modes only present MBIM or QMI interfaces which pfSense has no driver for. Since there is no way for pfSense so connect to it you would have to change the mode under Windows or maybe Linux.
I used a script to do that on the 7455 I have, linked as option 3 here:
https://github.com/danielewood/sierra-wireless-modems#create-accessible-com-port

Steve

You must explicitly trust a CA for 802.1X.

It is not a web browser.

This is generally done by pushing a policy to the device with a group policy object or similar.

I would not trust a public CA for this purpose or the devices will trust any authentication server with a certificate signed by that CA.

Are you forwarding all DNS requests to Unbound in pfSense or just handing the pfSense interface IP to clients via DHCP?

Steve

For small deployments I like ruckus unleashed. the controller is in the APs. Ubiquiti cloud keys work too with minimal infrastructure needed. What bugs me about ubnt is you have to have a controller for just one AP.

The wireless tab is for wifi hardware in the pfSense box, yes.

It depends what the Fritzbox can do. If you can set that up to use a VLAN directly that traffic will probably pass your unmanaged switch and you can then connect to it using a VLAN interface in pfSense.

You could do something even more unconventional like setup a tunnel of some sort between the Fritzbox and pfSence to separate the traffic that way. A VPN if it can do that or even PPPoE can work.

A managed switch is a better way to do it but it depends how much you want to save money or like playing with network config. 😉

Steve

Mmm, some maybe. A lot are using exactly same drivers OpenWRT uses. Some are just using OpenWRT directly!

The problem I was facing was really about the firewall rule.
I created a new firewall rule for WLAN. I selected "WLAN net" for Source. Of course, I also selected "WLAN" for the interface. I also selected "any" as the protocol.

I made the settings for Captive Portal. From the DHCP Leases page, I have defined an IP address outside the DHCP range to my mobile phone. I added the static IP of my mobile phone on the Allowed IP Addresses tab from the Captive Portal Zone page.

I can connect to wireless internet automatically through Captive Portal.

Thanks for everything!

Definitely use a separate box for server like services such as that.

The best you can manage for wifi in pfSense directly is 3x3 802.11n which will give you a theoretical link speed of 450Mbps.

I have a Sparklan card that works but any similar Atheros chipset based card will likely work.
https://wikidevi.com/wiki/SparkLAN_WPEA-127N

Steve

OpenWRT looks like a decent workaround if the factory firmware is not sufficient. Thank you both for the updates on this.

So the R7500 directly connected to pfSense is in Access Point mode? And the other one is in wifi client mode?

There is just one layer 2 network here, neither R7500 is routing or NATing?

If the second R7500 has a statically mapped dhcp lease is it pulling that from pfSense? Or is it just using a static IP?

Steve

Status > Wireless will show all the connected clients.

Steve