Ok so the APs are on a different subnet to the controller. Whatever discovery protocol they are using does not work between them which is not surprising.
The easiest thing might be to put the APs on LAN temporarily, adopt them to the controller and then mover them back. As long as they remember the controller IP and you have rules to allow the APs to reach the controller IP and port on the wifi interface that should work.
If they don't remember you can pass the IP to them via DHCP option 138:
Or you can just configure the controller IP via the EAP discovery tool:
I know the thread is old, but this is still a relevant issue, so I wanted to suggest Eero for those who might be looking for a good solution. I have found that multiple wired Eeros in Bridge mode work fantastic as a mesh access point. I've never set them up in a building small enough to warrant only two, but using three or four has worked out beautifully for my clients.
IT looks like the EAP330 has two Ethernet ports. Are they bridged? Can you connected a client to that directly and test from there?
It looks like they also support lagg. You could try setting that up and see if that provides more. Though I see not reason why you should need that.
You didn't say it supports vlan.. But to be honest that brands low end stuff is just crap.. Your suggested model doesn't even support AC.. For that same price point he could get a gig AC wifi router and use it as AP..
Vlans aside that is a horrible suggestion to be honest..
Woops, now it's getting interesting again!
I didn't even know of the D-sub naming convention and until today referred to those 9-pin serial connectors (wrongly) as DB-9.
This happens more often than one might think. The audio industry pretty much always uses 3-Pin "XLR" connectors for symmetrical analog audio today. Fun part is that Cannon named them XLR with the trailing "R" for a rubber version. But no-one knows that and if I told a colleague to use the XL connector he would think I'm completely nuts now. ⛑
For WiFi, the best thing is to have separate access points, so that they can be placed where needed. You can buy access points or use "routers" as APs. However, proper access points often support power over Ethernet, so you don't have to worry about having AC nearby.
I'm using Prolink PRN3001 and TP-Link Archer C20 AC750 Wireless Dual Band. One WAN speed is 50Mbps and other is 30Mbps. In pfsense, I've set them up 1:1 Tier passing via LAN as 'superhighway'. In wired connection I get full 80Mbps speed and only 30Mbps in wireless. I do not even want 80Mbps in wireless. I would be happy even if each get at least 20Mbps simultaneously when in use.
I do have a cheap $6 Ethernet card and old computer. Is that it?
Bumping an old thread. Seems like Unify would be a great way to go if you didn't already have a significant investment in equipment that could easily be converted if FreeBSD got it's act together and supported AC. It's gonna be around for a while longer... why not get some official support on the subject?
I've used a mixture of Unift, Fortigate, Cisco, HPE, Zyxel, TrendNET, Netgear, Ruckus, TPLink... at the end of the day, I would like to use pfSense on the WRT1900AC that I have at home. Why? Cause it's pretty badass. Also cause the guys at Belkin/Linksys actually had talks with Netgate about getting a pfSense distribution together for it and many of it's other devices... but you know what? I'm messing around with DD-WRT because it supports the WiFi. The whole point is if you have an already good device, why not make it better? Unify isn't bad but I really don't see the point in wasting more money on equipment unless you're going for enterprise grade protection... which pfSense already does for free...
Does anyone see what's wrong with this picture? I'll make a new thread with a similar name to bring interest back to the subject, I think it's worth an actual solution.
So well, just in short, I write two thing about.
Thankfully your nice layout diagram I understand more better your scenario.
First thing I notice is about firewall rules on WIFI, but and LAN as well, something is wrong.
Step one , if you dont'use IPV6 you may will to blocking/disabling this protocol trought System / Advanced / Networking
Or if you will use IPV6 protocol, please take apart for now and disabing the rules related. Or atleast do the same logic trought interfaces, (ex. if in your lan here ipv4 and ipv6 is detached , why you make ipv4+ipv6 in one at WIFI? this is not consistent according to me)
Step two , You know after restoring pfSense default's rule "Allow LAN to any" under LAN tab, well you need to respect same logic as LAN to WIFI
and set it according, you need to changhe LAn net to WIFI net for this job, and delete your top rule at WIFI "any to any" because this overlaps the right rule below. (right rule if you change it as described above)
for example look my rule below:
Well after this, now hottest topic, your configuration needs ovpn review according to me.
For avoid some kind of your last problem i advice you to forget bridging at all and set interfaces properly with respective subnet address , dhcp server pool and add "other" routing path under ovpn tunnel configuration, this last done by editing your current tunnel or add new one.
After this I'm absolutley sure you can go trought on internet-
At this stage maybe you miss routing instruction, and bridges will fail under some kind of special scenario like yours.
Because is better live within standard configuration if knowdledge isn't enough.
Unfortunatley I "hate" ovpn's at all :D hehe it's more complex and full of mistery for me, and my defaults in mind is ipsec based protocol, allow me all kind of routing I need between interfaces / wan / interfaces and work easy with easy setup, so if you can do, better forgive ovpn and setup ipsec.
If you love ovpn's stuffs so go to learn more about and find your way.
The problem solved using Windows Network Diagnostics. After running this tool/app, I was able to connect to Internet from my smartphone. The tool turned out to be a simplest solution. That's all. All the best to netgaters!
P.S. It's is a very strange autoformating of the post... I haven't marked out by another font and haven't used bold face for some text in the main message, here in the thread.
so if you have problem in wireless in general, deal with it or buy a separate AP.
So, you are saying that FreeBSD, altough is well suited for embeded applications, it is not suited for building a custom AP using pfSense ?
There is no single 802.11n card to make it work ? I didn't even mention 802.11ac ...
Your cert fields not going to be a problem - the type of cert would be..
Here easier to show the freerad server cert and the client (my iphone) cert since they are at the top
Your problem with windows is not going to let you install the cert without a password. Which the gui doesn't allow you to do.. You have to put a password on your cert. I just use openssl.. There are multiple threads about it. But if you want can screenshot my settings, and then run through putting a cert on my windows 10 desktop and authing with it.
I have had good success pushing OpenVPN form 4G Routers running OpenWRT / LuCi.
We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.
Subscribe to our Newsletter
Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.