I was looking at USB but would it be too slow?

Actually even the MC7700 is a USB device internally.

The speeds will be around 5-6megabytes/sec.

@ILLCOMM:

When is this getting fixed, or should we assume never? It seems suboptimal to disallow a WAP to choose the best channel…

Ask the FreeBSD guys, perhaps. Or just get a proper access point and stop wasting time.

If you have several external AP seems kind of pointless to run AP on the pfsense box itself..

Nice..  Now if we could get enterprise support on devices like nest, harmony hub, game consoles, etc..  Could completely get rid of wpa2-psk…  Well still might need it for guests, since would be a bit difficult to explain installation of certs to most users..  But guess could just run open with a captive portal for them as well, and not even need a psk ssid.

Sorry for such a late reply - didn't know there was a question about the AR9280. But for completeness and general knowledge sharing the AR9280 has been working great for me with a guest SSID as well.

Only problem (not sure if its related) is that pfsense locks up hard after 30+ days uptime (happened twice). Console and everything unresponsive. Not had time to chase down or diagnose. A reboot fixes for now.

If you notice here

https://wikidevi.com/wiki/Atheros_AR5BXB72

This one is 802.11 AGN so 5ghz.

It does use the older AR5xxx series chip but it is a good card being a extreme(X) version of the reference design used commonly in Mac's

The AR5B91 is newer but only offers 2.4ghz coverage.
https://wikidevi.com/wiki/Atheros_AR5B91

My question for the guru's would be: Is each VAP using a separate instance of hostapd? Or one instance with 3 configs.

I am finding it connects faster, probably due to external antenna. It also has no 802.11a mode either.

http://www.ebay.com/itm/271508002615

Why would you post in a thread from 2013.. Did you read
https://doc.pfsense.org/index.php/Is_802.11n_wireless_supported

pfSense 2.2-RELEASE is based on FreeBSD 10.1, which does have 802.11n support in general, but support may still vary by card and driver.

And my advice still stands - your best option here is use a REAL AP.. There is no way that any device in pfsense would come close to the coverage you would get with an actual AP..  When you can get AC devices for under a $100 not sure why this would not be anyone first choice??  The wifi option in in the sg-2440 which is $75, I would go with the new ac lite at a couple of bucks and does 2x2 AC

Are you asking how to detect downstream NATs that are using multiple clients?  Normally this is done by looking at the TTL of the traffic coming from the hosts..  Since any nat routers, even pfsense normally removes 1 from the TTL value.

So windows for example normally sends packets with TTL of 128, if your seeing packets at pfsense with TTL of 127, then that packet went through a router(hop) that did or did not do nat..  You could do this automatically with switch before pfsense sending sflow to some sort of analyzer that was looking for this and logging/alerting on it.

You could also use some form of OS fingerprinting on the traffic and looking at other details in the traffic look for something that points to different OSes being used from the same IP at the same time.  Since it is possible to configure your router not to decrement the TTL if your trying to hide your NAT…  Have done this back in the day when some ISPs where saying you could only have 1 device connected, etc..

Do a simple google for nat discovery/detection

Channel 1 on 11g is the default and you defiantly want to checkout other channels. Depending on your hardware you could have either 802.11ng network or 802.11na network if your card supports 5ghz frequency.

I would recommend you do a Wifi survey with software like nutstumbler and run it on a laptop and find out what you have that could interfere with your radio signal. So find any channel holes and use them. Less congestion and fighting neighbors radios for optimal signal.

Short and sweet: 802.11NG is crowded with many consumer products using it and 802.11NA is pretty empty where I live. I have no competing signals in 5ghz.

2.4ghz offers more range at lower speeds. 5ghz offers better speed but less distance.

Looking at your output you have 2.4 and 5ghz radio. I would pick an 5ghz channel and try to connect with a client device and checkout connection speed in the Wireless Status page of pfSense. Go through the upper channels and see what works best….

Thanks for the very clear answer!

I'm probably going to run 2.4GHz with WPA2 AES Personal and 5GHz with WPA2 Enterprise.
The devices I have that do not support WPA Enterprise are also devices that do not have 5GHz support (printer, Logitech Squeezebox).

Why are people such cheap bastards??  If what you want is captive portal - then do it the correct way and put your wifi network behind pfsense..

So does your current wifi router/modem/gateway even have the ability to change the gateway it hands out via dhcp?  Many soho devices do not..  The dhcp server on the device is very limited..

Let say you could do that.. So now your going to run pfsense just as lan client so all your packets your going to send through it, since its the gateway your going to hairpin and then just send back to the router as it is the one connected to the internet..

Dude turn off your wifi on your "modem" get an access point or 2 or 3 of them and put them behind pfsense.. There you go all your problems solved for a few bucks.. You do know any wifi router can be just an AP.. So for as little as like $20 you could have AP actually behind pfsense…

That sucks donkey balls.
Thanks for the reply though.

It is just a fun experiment for me. running -ifconfig wlan0 mediaopt ap ssid cornhole mode 11a channel 140- is a blast.
I am surprised how seemless the cross platform stuff is. Same instructions for any architecture.

Hostapd on the NAS4Free/Odroid was an interesting concept…2 birds with one stone. Jail kept wiping my setup. I am unfamiliar with their setup.

@doktornotor:

https://doc.pfsense.org/index.php/What_hardware_is_supported

Thank you, I checked the lists from different sources tons of times, but they seems don't even the same, some list shows WNA1000M is compatible, but in a google sheet I find that Realtek chip may not recognized on USB, and the only working USB dongle chip is RAlink, I'm going to get a EDIMAX EW-7711UAn to try…

haha ya wouldnt that be nice!!!
there isnt much to do in the area anyway! 30 mins to a mini zoo, steam train ride through the dandenong ranges and a small fun park!
ya from vagas is a bit to far for an expert to come from!! :P
external wifi hasnt really taken off here, both 3/4g and satellite are so expensive its a joke! i do assume that remote area satellite will get a government rebate!

That error code is for PPPOE.
How are you trying to connect?

Have you looked into software defined radios? Many free and open implementations that can likely be adapted for your scenario.

You wan connection that enters the router (new), is it PPOE? I mean, you have an username and password configured on the router to get your internet connection up?
If not, there is no point in having a router between the wan cable and Pfsense box. You can plug your cable straight into your pfsense box and setup wan interface as you have your router.