• Known working Wireless cards

    Pinned
    60
    0 Votes
    60 Posts
    46k Views
    provelsP

    Samsung WIS08BG2X LinkStick Wireless LAN Adapter (Ralink)
    (Originally provided with my 2008 Samsung LCD TV)
    Working in hostap mode, B/G only.
    I never throw anything out!

    rum0 on uhub0 rum0: <Abocom 802.11 bg WLAN, class 0/0, rev 2.00/0.01, addr 1> on usbus0 rum0: MAC/BBP RT2573 (rev 0x2573a), RF RT2528

    f131656f-b6dd-4719-9c95-0f8bb5c8680b-image.png

  • Diverstiy (and multipath distortion) explained.

    Pinned Locked
    2
    1 Votes
    2 Posts
    15k Views
    C

    This is brilliant, very useful information. A point that I found particularly useful was about diversity, which others new to the wireless aspects of pfsense might easily be wondering also - A wireless card might have two antennas but each antenna cannot be used at the same time either transmitting or receiving (effectively doubling bandwidth contrary to one antenna) - it doesn't work like that; the two antennas are used separately and purely to create robustness where there is multipath distortion. In single antenna scenarios one should disable diversity and set the tx and rx antennas, available under the wireless configuration pages under the interface. I know I repeat what you posted (thanks again for your help in my previous post, its still working all good!) I repeat it incase others arrive at this page if searching for related issues!

  • Ifconfig $if list CAPS (what do they all mean ?)

    Pinned Locked
    1
    1 Votes
    1 Posts
    10k Views
    No one has replied
  • "Wireless Status" web page?

    Pinned Locked
    4
    0 Votes
    4 Posts
    25k Views
    L

    CAPS = Capabilities

    Depending on the capabilities of the APs, the following flags can be included in the output:

    E - Extended Service Set (ESS). Indicates that the station is part of an infrastructure network (in contrast to an IBSS/ad-hoc network).

    I - IBSS/ad-hoc network. Indicates that the station is part of an ad-hoc network (in contrast to an ESS network).

    P - Privacy. Data confidentiality is required for all data frames exchanged within the BSS. This means that this BSS requires the station to use cryptographic means such as WEP, TKIP or AES-CCMP to encrypt/decrypt data frames being exchanged with others.

    S - Short Preamble. Indicates that the network is using short preambles (defined in 802.11b High Rate/DSSS PHY, short pre- amble utilizes a 56 bit sync field in contrast to a 128 bit field used in long preamble mode).

    s - Short slot time. Indicates that the network is using a short slot time.

    –-------------------------------------------------------------------

    AID = Association ID (describes the ID that the AP has given to a certain mac/client)
    IDLE = idletime
    TXSEQ = Transmit Sequence
    RXSEQ = Receive Sequence
    ERP set to 0 means the device is 802.11 compliant. For more info about ERP read up on the 802.11 standard.
    RSSI = Receive Signal Strength Indicator

    RSSI to dBm can be calculated like this for Atheros cards:

    RSSI_Max = 60
    Convert % to RSSI
    Subtract 95 from RSSI to derive dBm
    Notice that this gives a dBm range of –35dBm at 100% and –95dBm at 0%.

    PS. RSSI is different for most vendors. and can not be campared easily (ex. Cisco has 0 -->100 ). Also it is not a very acurate means to measure signal quality, rather it measures strengt only.

  • Access Point keeps disconnecting / No WiFi

    3
    0 Votes
    3 Posts
    93 Views
    N

    @elvisimprsntr thanks for the chart! Getting rid of the ISP's Bridge Mode router and plugging the ethernet cable from the wall directly in Vault's WAN port has solved it...hopefully permanently.

  • WiFi authentication with FreeRADIUS and Google LDAP

    7
    0 Votes
    7 Posts
    4k Views
    L

    @willb0t Has anyone done this recently. ?

  • Openwrt ONE

    9
    0 Votes
    9 Posts
    300 Views
    w0wW

    If I had to choose between purchasing the OpenWrt One or a Chinese equivalent from AliExpress, I would prefer the OpenWrt One. Although I'm not particularly fond of the manufacturer due to their tendency to frequently release devices and then either barely support or not update the software for them, in this case, it's a good combination of price, hardware, and OpenWrt, with which support is unlikely to be an issue on this device.

    Unfortunately, I had already purchased a similar device from AliExpress and spent a lot of time experimenting with firmware. But... Filogic is very fast; it's probably the fastest OpenWrt router I've had.

  • running PFSense on a mobile hotspot

    4
    0 Votes
    4 Posts
    149 Views
    A

    @stephenw10 in that case, will buy one of these, run pfsense plus, and connect the barrel to the router using wire guard. doesn't sound that hard...

  • M.2 Card for WiFi AP

    13
    0 Votes
    13 Posts
    514 Views
    provelsP

    @stephenw10 Still a step up from my 20 year old Buffalos! :)

  • netgate 1100 wireless wan question

    5
    0 Votes
    5 Posts
    161 Views
    stephenw10S

    Yes, so the WiFi connection should behave like a second WAN. You should see a gateway for it, added automatically if it's dhcp. Set that as the default gateway in Sys > Routing > Gateways and it should send all traffic that way.

  • 0 Votes
    3 Posts
    211 Views
    D

    Turns out a factory reset on the access point (actually an EAP610, not AX1800, despite the latter being plastered all over the box) fixed the problem entirely. I shall never know why, because it wasn't working on the factory default settings initially. I vaguely understand why what I changed before broke it further, but that's it.

  • iwlwifi driver - where to get/find it for pfsense 2.7.2

    5
    0 Votes
    5 Posts
    296 Views
    Z

    @stephenw10 I was only testing with the mobile AP of my smartphone because this was planned to be the only use case. I have an identical second tiny pc which I plan to use for HA. Maybe I'll give the wifi setup a new try on this one before building up the cluster.

    As I'm running pfsense in a vm on proxmox (I was passing through the wifi nic) I still could setup a small linux vm for the wifi stuff and do the failover via a virtual network. But as it is only a nice to have feature, there's no need for this to really function. It's more of a fun project trying to get the wifi failover working and getting deeper into freebsd/pfsense ;)

  • Ubiquity Devices showing offline, but they are online.

    9
    0 Votes
    9 Posts
    365 Views
    johnpozJ

    @DenverDesktopsSupport you should see your AP sending traffic to the IP of the controller over 8080

    Here I can see my APs talking to the controller 192.168.2.13, .2 is AP, .3 is AP .6 is a flex mini - sure if I let it run longer would see .4 checking in. Another one of my AP.

    root@UC:/home/user# tcpdump tcp port 8080 -n tcpdump: verbose output suppressed, use -v[v]... for full protocol decode listening on ens3, link-type EN10MB (Ethernet), snapshot length 262144 bytes 18:06:51.984496 IP 192.168.2.2.33366 > 192.168.2.13.8080: Flags [S], seq 1295904412, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 4], length 0 18:06:51.984574 IP 192.168.2.13.8080 > 192.168.2.2.33366: Flags [S.], seq 1349332694, ack 1295904413, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0 18:06:51.985319 IP 192.168.2.2.33366 > 192.168.2.13.8080: Flags [.], ack 1, win 1825, length 0 18:06:51.985819 IP 192.168.2.2.33366 > 192.168.2.13.8080: Flags [.], seq 1:2921, ack 1, win 1825, length 2920: HTTP: POST /inform HTTP/1.1 18:06:51.985872 IP 192.168.2.13.8080 > 192.168.2.2.33366: Flags [.], ack 2921, win 497, length 0 18:06:51.985903 IP 192.168.2.2.33366 > 192.168.2.13.8080: Flags [.], seq 2921:5841, ack 1, win 1825, length 2920: HTTP 18:06:51.985917 IP 192.168.2.13.8080 > 192.168.2.2.33366: Flags [.], ack 5841, win 485, length 0 18:06:51.985953 IP 192.168.2.2.33366 > 192.168.2.13.8080: Flags [.], seq 5841:7301, ack 1, win 1825, length 1460: HTTP 18:06:51.985966 IP 192.168.2.13.8080 > 192.168.2.2.33366: Flags [.], ack 7301, win 479, length 0 18:06:51.985986 IP 192.168.2.2.33366 > 192.168.2.13.8080: Flags [.], seq 7301:8761, ack 1, win 1825, length 1460: HTTP 18:06:51.985996 IP 192.168.2.13.8080 > 192.168.2.2.33366: Flags [.], ack 8761, win 473, length 0 18:06:51.986032 IP 192.168.2.2.33366 > 192.168.2.13.8080: Flags [P.], seq 8761:9995, ack 1, win 1825, length 1234: HTTP 18:06:51.986042 IP 192.168.2.13.8080 > 192.168.2.2.33366: Flags [.], ack 9995, win 467, length 0 18:06:51.992519 IP 192.168.2.13.8080 > 192.168.2.2.33366: Flags [P.], seq 1:739, ack 9995, win 501, length 738: HTTP: HTTP/1.1 200 18:06:51.992926 IP 192.168.2.2.33366 > 192.168.2.13.8080: Flags [.], ack 739, win 1918, length 0 18:06:51.993288 IP 192.168.2.2.33366 > 192.168.2.13.8080: Flags [F.], seq 9995, ack 739, win 1918, length 0 18:06:51.999471 IP 192.168.2.13.8080 > 192.168.2.2.33366: Flags [F.], seq 739, ack 9996, win 501, length 0 18:06:51.999900 IP 192.168.2.2.33366 > 192.168.2.13.8080: Flags [.], ack 740, win 1918, length 0 18:06:53.722261 IP 192.168.2.3.43278 > 192.168.2.13.8080: Flags [S], seq 783712136, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 4], length 0 18:06:53.722342 IP 192.168.2.13.8080 > 192.168.2.3.43278: Flags [S.], seq 4229788064, ack 783712137, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0 18:06:53.723115 IP 192.168.2.3.43278 > 192.168.2.13.8080: Flags [.], ack 1, win 1825, length 0 18:06:53.723890 IP 192.168.2.3.43278 > 192.168.2.13.8080: Flags [P.], seq 1:8071, ack 1, win 1825, length 8070: HTTP: POST /inform HTTP/1.1 18:06:53.723948 IP 192.168.2.13.8080 > 192.168.2.3.43278: Flags [.], ack 8071, win 473, length 0 18:06:53.735694 IP 192.168.2.13.8080 > 192.168.2.3.43278: Flags [P.], seq 1:571, ack 8071, win 501, length 570: HTTP: HTTP/1.1 200 18:06:53.736341 IP 192.168.2.3.43278 > 192.168.2.13.8080: Flags [.], ack 571, win 1897, length 0 18:06:53.736530 IP 192.168.2.3.43278 > 192.168.2.13.8080: Flags [F.], seq 8071, ack 571, win 1897, length 0 18:06:53.739507 IP 192.168.2.13.8080 > 192.168.2.3.43278: Flags [F.], seq 571, ack 8072, win 501, length 0 18:06:53.739953 IP 192.168.2.3.43278 > 192.168.2.13.8080: Flags [.], ack 572, win 1897, length 0 18:06:54.183099 IP 192.168.2.2.33368 > 192.168.2.13.8080: Flags [S], seq 572379967, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 4], length 0 18:06:54.183179 IP 192.168.2.13.8080 > 192.168.2.2.33368: Flags [S.], seq 2259487007, ack 572379968, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0 18:06:54.183523 IP 192.168.2.2.33368 > 192.168.2.13.8080: Flags [.], ack 1, win 1825, length 0 18:06:54.186178 IP 192.168.2.2.33368 > 192.168.2.13.8080: Flags [P.], seq 1:1048, ack 1, win 1825, length 1047: HTTP: POST /inform HTTP/1.1 18:06:54.186237 IP 192.168.2.13.8080 > 192.168.2.2.33368: Flags [.], ack 1048, win 501, length 0 18:06:54.189203 IP 192.168.2.13.8080 > 192.168.2.2.33368: Flags [P.], seq 1:221, ack 1048, win 501, length 220: HTTP: HTTP/1.1 200 18:06:54.201339 IP 192.168.2.2.33368 > 192.168.2.13.8080: Flags [.], ack 221, win 1892, length 0 18:06:54.201339 IP 192.168.2.2.33368 > 192.168.2.13.8080: Flags [F.], seq 1048, ack 221, win 1892, length 0 18:06:54.201816 IP 192.168.2.13.8080 > 192.168.2.2.33368: Flags [F.], seq 221, ack 1049, win 501, length 0 18:06:54.202194 IP 192.168.2.2.33368 > 192.168.2.13.8080: Flags [.], ack 222, win 1892, length 0 18:06:55.250457 IP 192.168.2.6.61641 > 192.168.2.13.8080: Flags [S], seq 2944371139, win 2144, options [mss 536], length 0 18:06:55.250533 IP 192.168.2.13.8080 > 192.168.2.6.61641: Flags [S.], seq 3678065154, ack 2944371140, win 64240, options [mss 1460], length 0 18:06:55.251135 IP 192.168.2.6.61641 > 192.168.2.13.8080: Flags [.], ack 1, win 2144, length 0 18:06:55.251869 IP 192.168.2.6.61641 > 192.168.2.13.8080: Flags [.], seq 1:537, ack 1, win 2144, length 536: HTTP: POST /inform HTTP/1.1 18:06:55.251919 IP 192.168.2.13.8080 > 192.168.2.6.61641: Flags [.], ack 537, win 63784, length 0 18:06:55.251968 IP 192.168.2.6.61641 > 192.168.2.13.8080: Flags [P.], seq 537:1073, ack 1, win 2144, length 536: HTTP 18:06:55.251978 IP 192.168.2.13.8080 > 192.168.2.6.61641: Flags [.], ack 1073, win 63784, length 0 18:06:55.252691 IP 192.168.2.6.61641 > 192.168.2.13.8080: Flags [.], seq 1073:1609, ack 1, win 2144, length 536: HTTP 18:06:55.252732 IP 192.168.2.13.8080 > 192.168.2.6.61641: Flags [.], ack 1609, win 63784, length 0 18:06:55.252769 IP 192.168.2.6.61641 > 192.168.2.13.8080: Flags [P.], seq 1609:2145, ack 1, win 2144, length 536: HTTP 18:06:55.252778 IP 192.168.2.13.8080 > 192.168.2.6.61641: Flags [.], ack 2145, win 63784, length 0 18:06:55.253495 IP 192.168.2.6.61641 > 192.168.2.13.8080: Flags [.], seq 2145:2681, ack 1, win 2144, length 536: HTTP 18:06:55.253531 IP 192.168.2.13.8080 > 192.168.2.6.61641: Flags [.], ack 2681, win 63784, length 0 18:06:55.253575 IP 192.168.2.6.61641 > 192.168.2.13.8080: Flags [P.], seq 2681:3217, ack 1, win 2144, length 536: HTTP 18:06:55.253585 IP 192.168.2.13.8080 > 192.168.2.6.61641: Flags [.], ack 3217, win 63784, length 0 18:06:55.254271 IP 192.168.2.6.61641 > 192.168.2.13.8080: Flags [.], seq 3217:3753, ack 1, win 2144, length 536: HTTP 18:06:55.254292 IP 192.168.2.13.8080 > 192.168.2.6.61641: Flags [.], ack 3753, win 63784, length 0 18:06:55.254334 IP 192.168.2.6.61641 > 192.168.2.13.8080: Flags [P.], seq 3753:4289, ack 1, win 2144, length 536: HTTP 18:06:55.254345 IP 192.168.2.13.8080 > 192.168.2.6.61641: Flags [.], ack 4289, win 63784, length 0 18:06:55.255010 IP 192.168.2.6.61641 > 192.168.2.13.8080: Flags [.], seq 4289:4825, ack 1, win 2144, length 536: HTTP 18:06:55.255087 IP 192.168.2.13.8080 > 192.168.2.6.61641: Flags [.], ack 4825, win 63784, length 0 18:06:55.255465 IP 192.168.2.6.61641 > 192.168.2.13.8080: Flags [P.], seq 4825:4887, ack 1, win 2144, length 62: HTTP 18:06:55.255489 IP 192.168.2.13.8080 > 192.168.2.6.61641: Flags [.], ack 4887, win 63784, length 0 18:06:55.257519 IP 192.168.2.13.8080 > 192.168.2.6.61641: Flags [P.], seq 1:275, ack 4887, win 63784, length 274: HTTP: HTTP/1.1 200 18:06:55.258734 IP 192.168.2.6.61641 > 192.168.2.13.8080: Flags [F.], seq 4887, ack 275, win 1870, length 0 18:06:55.260294 IP 192.168.2.13.8080 > 192.168.2.6.61641: Flags [F.], seq 275, ack 4888, win 63784, length 0 18:06:55.260772 IP 192.168.2.6.61641 > 192.168.2.13.8080: Flags [.], ack 276, win 1869, length 0

    No need for wireshark - you can do the packet capture right on pfsense, or right on the AP even - here is running tcpdump right on the AP and you can see the traffic to the controller from this AP

    Hallway-BZ.6.7.10# tcpdump tcp port 8080 -n tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes 18:13:02.035317 IP 192.168.2.2.33482 > 192.168.2.13.8080: Flags [S], seq 1380051285, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 4], length 0 18:13:02.035816 IP 192.168.2.13.8080 > 192.168.2.2.33482: Flags [S.], seq 3050138923, ack 1380051286, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0 18:13:02.035995 IP 192.168.2.2.33482 > 192.168.2.13.8080: Flags [.], ack 1, win 1825, length 0 18:13:02.037520 IP 192.168.2.2.33482 > 192.168.2.13.8080: Flags [.], seq 1:1461, ack 1, win 1825, length 1460: HTTP: POST /inform HTTP/1.1 18:13:02.037621 IP 192.168.2.2.33482 > 192.168.2.13.8080: Flags [.], seq 1461:2921, ack 1, win 1825, length 1460: HTTP 18:13:02.037697 IP 192.168.2.2.33482 > 192.168.2.13.8080: Flags [.], seq 2921:4381, ack 1, win 1825, length 1460: HTTP 18:13:02.037771 IP 192.168.2.2.33482 > 192.168.2.13.8080: Flags [.], seq 4381:5841, ack 1, win 1825, length 1460: HTTP 18:13:02.037815 IP 192.168.2.13.8080 > 192.168.2.2.33482: Flags [.], ack 1461, win 501, length 0 18:13:02.037879 IP 192.168.2.13.8080 > 192.168.2.2.33482: Flags [.], ack 4381, win 491, length 0 18:13:02.038025 IP 192.168.2.2.33482 > 192.168.2.13.8080: Flags [.], seq 5841:7301, ack 1, win 1825, length 1460: HTTP 18:13:02.038565 IP 192.168.2.13.8080 > 192.168.2.2.33482: Flags [.], ack 9960, win 497, length 0 18:13:02.043170 IP 192.168.2.13.8080 > 192.168.2.2.33482: Flags [P.], seq 1:739, ack 9960, win 501, length 738: HTTP: HTTP/1.1 200
  • WIRELESS WAN opptions Jan. 2025

    3
    0 Votes
    3 Posts
    220 Views
    M

    @elvisimprsntr I haven't experienced any issues.
    I'm aware about travel routers etc. My particular case hotspot from phone, directly to pfsense. that's for emergency only which is rare but happens few times per year. for that I can't afford to purchase travel router for hundreds of dollars and dedicated sim with internet package. that makes no sense. and about standards and speeds, again for emergency 30-50mbps is more than enough for browsing communications... that's exactly my case and solution is 20 bucks, ya?

    I wrote that post to clarify for others as it took me quite some time to figure out particular models which works out of a box

  • Snapshot of if_iwlwifi.ko for arm64

    4
    0 Votes
    4 Posts
    271 Views
    R

    Got it, thanks for the confirmation! The restriction of =< 802.11n and no AP mode works OK for my situation: we have one 3d printer which, for some reason, doesn't work well with the office wifi, and it's located right next to our pfSense gateway. It also doesn't have an Ethernet port (incredibly unfortunate). (So if it doesn't support station, but does support adhoc mode, I'm good here.)

    This hardly something that I'd want to call "production ready" and more "a useful hack" until we get a better 3D printer with real functionality.

    I'll do a cross-compile and report back with the results.

  • ASUS GT-AX11000 Access Point?

    2
    0 Votes
    2 Posts
    316 Views
    stephenw10S

    @elspoon said in ASUS GT-AX11000 Access Point?:

    FWIW not sure if relevant but my ASUS is running the Merlin-WRT setup.

    That seems very relevant! Far more likely to have a true access point mode with a 3rd party firmware. There should be some docs for it on their site I would think.
    It looks like it does put the single interface as a dhcp client in AP mode from some breif reading so you should be able to just check the pfSense DHCP lease tables to find it's IP address.
    Once you do find it I would add it as a static mapping in pfSense so it always gets the same IP address.

    Steve

  • Use Asus RT-AC86U as WAP

    4
    0 Votes
    4 Posts
    566 Views
    N

    @elspoon Yes!
    I now have my RT-AC86U running in AP mode, and just have an Ethernet cable running right into its WAN port.
    In pfsense DHCP settings (https://192.168.50.1/status_dhcp_leases.php) it shows up as 192.168.50.4 (I have it statically mapped) and so going to http://192.168.50.4 gets me to the web interface for the Asus.
    Hope this answers your questions!

  • wifi vlan guest network

    32
    0 Votes
    32 Posts
    2k Views
    stephenw10S

    You need two things to access the router in 192.168.4.X from 192.168.2.X:

    A firewall rule that passes the traffic on LAN in pfSense. That includes not policy routing it out over the VPN for example.

    The router must be able to reply. It can probably only reply to requests in the 192.168.4.X subnet because for anything else it will try to use it's WAN which probably isn't connected.
    So either set the default route there to the wifiguest interface IP in router. That may not be possible though.
    Or add an outbound NAT rule in pfSense on the wifiguest interface to catch the traffic from LAN to the router and translate it to the interface address.

  • Recommendation for Access Point

    7
    0 Votes
    7 Posts
    612 Views
    C

    I have just deployed some Grandstream access points. Price was right, they work well, and can be managed several different ways, including their gdms system for free.

  • 0 Votes
    2 Posts
    239 Views
    stephenw10S

    What hardware are you using? How is it connected?

    Steve

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.