@elspoon Yes! I now have my RT-AC86U running in AP mode, and just have an Ethernet cable running right into its WAN port. In pfsense DHCP settings (https://192.168.50.1/status_dhcp_leases.php) it shows up as 192.168.50.4 (I have it statically mapped) and so going to http://192.168.50.4 gets me to the web interface for the Asus. Hope this answers your questions!

You need two things to access the router in 192.168.4.X from 192.168.2.X: A firewall rule that passes the traffic on LAN in pfSense. That includes not policy routing it out over the VPN for example. The router must be able to reply. It can probably only reply to requests in the 192.168.4.X subnet because for anything else it will try to use it's WAN which probably isn't connected. So either set the default route there to the wifiguest interface IP in router. That may not be possible though. Or add an outbound NAT rule in pfSense on the wifiguest interface to catch the traffic from LAN to the router and translate it to the interface address.

I have just deployed some Grandstream access points. Price was right, they work well, and can be managed several different ways, including their gdms system for free.

What hardware are you using? How is it connected? Steve

@stephenw10 said in Awful Wi-Fi Speeds: Backhauling everything over Ethernet is almost always better than mesh if you can do it. Backhauling everything over Ethernet is almost always better than mesh if you can do it. Fixed that statement for you ;)

@stephenw10 That makes perfect sense, thank you. I realize the tool-tip says exactly that and I should have read more closely.

Yes, put them on OPT1. Enable it with a different subnet. Enable DHCP on OPT1. Add appropriate firewall rules to allow or prevent connections as you want.

Thank you, everyone. The tips on the controller were helpful and got me going in the right direction. @tgl I will look into MoCA because there is indeed a coax running between the rooms that I need coverage the most. Thanks again!

Thank you two. I wasn't able to dig into the iso to try and add the kernel module since neither my Linux or Windows computer wanted to mount it but I had a spare AP I could steal until I can get wiring installed that seems happy to mesh up and act as my WAN port (Unifi U6). They wouldn't do it when I tried to do the same thing a year ago with another computer, but they've either had a firmware update in the meantime or pfsense is smarter than a more normal OS and could work it out. This should be much better than a little m.2 wifi card anyway.

Create a virtual IP and point it to the interface the router resides on.

@BlazeStar hey there, as @johnpoz already mentioned: set up VLANs on switch and pfsense, make sure it is working create new networks with PVID (as set in 1.) on your cloudkey controller software (under networks) create (under wireless networks) your new wlan networks with ssid mapped to network > VLAN1, 2, 3 etc Done. :)

I would certainly do that because it makes accessing the AP much easier. However that shouldn't be require. The AP doesn't need to have an IP address at all. It should still more traffic at layer 2 between WiFi and Ethernet.

@CharlesT If this is a question / you have a doubt : Are all Access Points with WPA3 equally secure ? Connect to the wifi first. Then fire up your favorite VPN, thus rendering the question to oblivion. You'll be using an encryption into an encryption. Even better, when you are visiting https site (any TLS destination) , you'll just added another encryption layer !

@Patch Thank you for the clarification.

@Tantamount said in IWLWIFI(4) Driver Question: That wouldn't preclude it from working as a way to tether to a hotspot though, right? I mean in that case it should act as a client connecting to the hotspot device? Correct it can run in station mode (as a client) at lower speeds. However as I said above it was removed so you'd need to add it back to use it.

@Dobby_ said in Wifi Client m.2: SparkLan WPEA-127N That's a miniPCIe card not m.2 if you need m.2. I would look for a ath compatible card though. There are some m.2 cards that will work. They are mostly short, 30mm, cards so you might need an adapter.

@stephenw10 said in SG-2100-MAX System crashes with Compex use and 1gbps fiber: Compex WLE200NX Done added

Yup, looks that way. So collect some panic strings and backtraces to confirm they are the same, a software problem.

@rikazkhan I think you forgot the guide...