Just as an update, the chipset that I had was a AR9227.  After lots of research, I found that I had to set the Group Key Rotation to 300 and standard of 802.11g rather than being able to use ng at all.  :'(

@NogBadTheBad:

It could be down to trying it when HomeKit was first introduced, it could have been teething problems.

Yea its working fine now on different subnets.

Have a look at the FreeBSD supported WiFi adaptors, support for 802.11ac doesn't exist :-

https://www.freebsd.org/relnotes/CURRENT/hardware/support.html

You'd be better using an ethernet cable for the moment IMO or buy a wifi to ethernet bridge.

You'll also need to add static routes for the subnets on your pfsense router onto your current router.

Thanks John.  I went ahead and bought the AP Pro.  I got a $150 Amazon gift card for Christmas from my family (they know just what I love).  Thanks to the advice you guys gave me over on my other post, I also picked up a Unifi Switch-8-60W.  I'll be setting everything up over the weekend!

@remlei:

Luckily that router supports OpenWRT and it seems that the switch on that router supports VLAN so good for you. So flash it with OpenWRT unless your router is already locked down due to FCC regulation.

there is no openwrt for VR900 atm

You are correct, upon looking deeper the 500 series uses specific sfp ports, or specific normal ports, etc..

http://www.cisco.com/c/dam/en/us/td/docs/switches/lan/csbms/Sx500/quick_start/en/500_Series_QSG_En.pdf
The default stack ports on the 500X are XG3/S1 and XG4/S2. If the correct module is plugged into XG3/S1 and XG4/S2, the switch should be able to detect the connection and configure the speed according to the module capability without any manual configuration. The 5G/S1 and 5G/S2 interfaces on the 500X need to be configured manually via the CLI or web-based interface in order to utilize these ports as stack ports

But if you ask me this is not a real stack ;)  Isn't the stack bandwidth with like a 3750 and stackwise cables like 64gbps - this seems like nothing more than a fancy daisychain ;)  If your going to be limited to say 10ge or 5 or 1gpbs..

^ trust me, we already done any kind of mix configuration like changing the regulation and country, channels, wireless standards and stuff, all of them lands on this "beacon" issue. Plus I dont agree with noisy environment issue thingy, because even the crappiest wireless router that I bough on alibaba works much better compared to pfsense paired with best miniPCIe wireless card that I had from ubiquity.

As I mentioned above, all issues that I had is fixed by just moving distro. I point all of this issue with FreeBSD crappy wireless driver, I can assume that wireless drivers in FreeBSD works best on Client mode only, but not AP mode.

Dont get me wrong though, pfsense is still a good firewall disto, but its just not up for job regarding witreless, I actually use pfsense as my main router firewall and a AP AC PRO dedicated AP from Ubiquity (which I should have done in the first place /sigh).

You have a WiFi problem not a pfSense problem. Another firewall is not what you need.

You should be able to get an access point like a UAP-AC-Lite, connect it to your LAN, and give it the same SSID and WPA passphrase and be good to go.

If using 2.4GHz, you have three channels to choose from. 1, 6, and 11. If pfSense is on 1, put the AP on 6 or 11.

Make sure they are on separate 5GHz channels taking into account 40MHz (+ or -) or higher channel width.

So does your client work when connected to a lan port like in my picture?  But doesn't work when on wireless?

@jahonix:

Which HP thin client is that? Some have an internal PCI slot you could use to plug in a WLAN card with a supported chipset.
Way better that fiddling around with USB WLAN on FreeBSD…

HP t5720. It has internal PCI but for installing of PCI card I need to make holes in case and leave it without of cover. Also I need to isolate a PCI card from USB connectors (PCI card cannot be installed easy, only with little curve, and it's not good for PCB).

For it I have modified loader.conf.local: debug.acpi.disabled="thermal" , I wrote it on forum here. Without of it I had flood of ACPI errors.

So… Solution is quite easy. :) I have compared what pfSense added to wlan0 interface when I assign it to WAN. Just ... <wireless>. I have added it to config file in rsu0 section - and voila! I have wireless settings for rsu0 and can use it.

<if>rsu0</if> <blockbogons>.... <wireless>....</wireless></blockbogons>

PS: using of new firmware for rsu and adding of```
legal.realtek.license_ack=1
rsu-rtl8712fw_load="YES"

PS2: For this client with high bandwidth you may have APIC errors. In this case disable APIC in device.hints.  </wireless>

So install Avahi and deny all but those two network interfaces. Does it work? There aren't a lot of knobs there. Just leave the defaults.

You also need to be sure whatever side actually makes connections to the other has the firewall rules necessary on the interface the connections are being made from. No idea which way that is with Chromecast.

heheeh ;) Fantastic… Love to see a pic when you get them ;)

And yes quite often I need many a drink to not want to reach through screen and strangle some people...

By the way, when I check on the controller through the menu I can see the firmware version 99. I assume that this is 9.9?

It shows as a "ugen" device meaning there is no driver for it.

Try a 2.4 snapshot.

:-[ What a dick I am. I added the NAT mappings but got the source subnet wrong. All working now  ;D

What are you doing for the static nats?  I sure hope your not just setting his IP to use all ports static?  That sort of config is borked on a device that does napt for other devices.

What if client asks for say port xyz, and that has already been used by another client in a napt connection?

Most Atheros cards should work (pretty much any G, some N, probably not AC), and they're usually cheap and easy to find. I've got a couple AR9280-based cards and they're good.

No specific snapshot, whatever is latest.