I am finding it connects faster, probably due to external antenna. It also has no 802.11a mode either. http://www.ebay.com/itm/271508002615

Why would you post in a thread from 2013.. Did you read https://doc.pfsense.org/index.php/Is_802.11n_wireless_supported pfSense 2.2-RELEASE is based on FreeBSD 10.1, which does have 802.11n support in general, but support may still vary by card and driver. And my advice still stands - your best option here is use a REAL AP.. There is no way that any device in pfsense would come close to the coverage you would get with an actual AP..  When you can get AC devices for under a $100 not sure why this would not be anyone first choice??  The wifi option in in the sg-2440 which is $75, I would go with the new ac lite at a couple of bucks and does 2x2 AC

Are you asking how to detect downstream NATs that are using multiple clients?  Normally this is done by looking at the TTL of the traffic coming from the hosts..  Since any nat routers, even pfsense normally removes 1 from the TTL value. So windows for example normally sends packets with TTL of 128, if your seeing packets at pfsense with TTL of 127, then that packet went through a router(hop) that did or did not do nat..  You could do this automatically with switch before pfsense sending sflow to some sort of analyzer that was looking for this and logging/alerting on it. You could also use some form of OS fingerprinting on the traffic and looking at other details in the traffic look for something that points to different OSes being used from the same IP at the same time.  Since it is possible to configure your router not to decrement the TTL if your trying to hide your NAT…  Have done this back in the day when some ISPs where saying you could only have 1 device connected, etc.. Do a simple google for nat discovery/detection

Channel 1 on 11g is the default and you defiantly want to checkout other channels. Depending on your hardware you could have either 802.11ng network or 802.11na network if your card supports 5ghz frequency. I would recommend you do a Wifi survey with software like nutstumbler and run it on a laptop and find out what you have that could interfere with your radio signal. So find any channel holes and use them. Less congestion and fighting neighbors radios for optimal signal. Short and sweet: 802.11NG is crowded with many consumer products using it and 802.11NA is pretty empty where I live. I have no competing signals in 5ghz. 2.4ghz offers more range at lower speeds. 5ghz offers better speed but less distance. Looking at your output you have 2.4 and 5ghz radio. I would pick an 5ghz channel and try to connect with a client device and checkout connection speed in the Wireless Status page of pfSense. Go through the upper channels and see what works best….

Thanks for the very clear answer! I'm probably going to run 2.4GHz with WPA2 AES Personal and 5GHz with WPA2 Enterprise. The devices I have that do not support WPA Enterprise are also devices that do not have 5GHz support (printer, Logitech Squeezebox).

Why are people such cheap bastards??  If what you want is captive portal - then do it the correct way and put your wifi network behind pfsense.. So does your current wifi router/modem/gateway even have the ability to change the gateway it hands out via dhcp?  Many soho devices do not..  The dhcp server on the device is very limited.. Let say you could do that.. So now your going to run pfsense just as lan client so all your packets your going to send through it, since its the gateway your going to hairpin and then just send back to the router as it is the one connected to the internet.. Dude turn off your wifi on your "modem" get an access point or 2 or 3 of them and put them behind pfsense.. There you go all your problems solved for a few bucks.. You do know any wifi router can be just an AP.. So for as little as like $20 you could have AP actually behind pfsense…

That sucks donkey balls. Thanks for the reply though.

It is just a fun experiment for me. running -ifconfig wlan0 mediaopt ap ssid cornhole mode 11a channel 140- is a blast. I am surprised how seemless the cross platform stuff is. Same instructions for any architecture. Hostapd on the NAS4Free/Odroid was an interesting concept…2 birds with one stone. Jail kept wiping my setup. I am unfamiliar with their setup.

@doktornotor: https://doc.pfsense.org/index.php/What_hardware_is_supported Thank you, I checked the lists from different sources tons of times, but they seems don't even the same, some list shows WNA1000M is compatible, but in a google sheet I find that Realtek chip may not recognized on USB, and the only working USB dongle chip is RAlink, I'm going to get a EDIMAX EW-7711UAn to try…

haha ya wouldnt that be nice!!! there isnt much to do in the area anyway! 30 mins to a mini zoo, steam train ride through the dandenong ranges and a small fun park! ya from vagas is a bit to far for an expert to come from!! :P external wifi hasnt really taken off here, both 3/4g and satellite are so expensive its a joke! i do assume that remote area satellite will get a government rebate!

That error code is for PPPOE. How are you trying to connect?

Have you looked into software defined radios? Many free and open implementations that can likely be adapted for your scenario.

You wan connection that enters the router (new), is it PPOE? I mean, you have an username and password configured on the router to get your internet connection up? If not, there is no point in having a router between the wan cable and Pfsense box. You can plug your cable straight into your pfsense box and setup wan interface as you have your router.

Thanks Derelict! I was a little confused about tagged and untagged VLANs so thanks for clearifying that for me. (And also pointing out my mistake with the WAN IP address). I appreciate your help.

Sometimes you adjust AP´s transmit power to max and it doesn´t change anything… Remember that the wireless communication is bi-directional, and when you maximize power transmit on AP´s your wifi device (mobile, laptop, tablet) is listening harder, lets call "on download", for didactical purposes, but maybe you have a bottleneck on "upload" because the device doesnt have the enough power to the AP listen "clearly", this is common because AP´s antennas are better than antennas encapsulated on cellphones, for example... In less words, with more power your device will  listen your AP far, but it doesnt mean that your AP will listen your device. I prefer to upgrade AP´s antenna if its possible, the gain is both transmission and reception, instead of maximize power that the gain its just in transmission.

@Panja: I have changed my guest network firewall rules according to your (iso70x) rule set and it's working great! :D Made an alias for port 80, 443 and 22 and named it pfSense_admin. Great, glad you got it working.  :)

My wireless has gone down for 30-60 seconds once or maybe twice a day. It's a fairly new setup so I'm hoping It's something I've missed with install or firewall settings.. I'm running 2.2.4 release, 3 seperate NIC's, wireless is managed on it's own NIC with 1 rule to allow "any" traffic as I've just got it setup.. Wireless ap is an Xclaim Xi3.. (little brother to Ruckus equipment). Has anyone got any ideas.. really don't want to fork out more cash for a router or AP if it keeps dropping out.

"I thought I read about a restrictive license for the software, tied to hardware, not-transferable" What??  That sure an that hell has nothing to do with unfi.. The AP could care less what you use for your router, or even if there is a router.. It bridges wifi to the wired network its connected too.  I would suggest you fire up the controller software and setup your AP for your network and ssid you want to broadcast, any sort of vlans on specific ssids, etc. So do you have the controller software running?  Can you see your AP?

I got it figured out.  The bridge was one of the issues - deleted it and used a switch (connected to opt1) for the APs. Switched to WPA-PSK AES.  Got FreeRadius and Captive Portal configured with usernames and passwords so now the users connect with a shared passkey and then they have to log in via a captive portal page.

if your AP does not have a gateway option for its lan, all that means is you would not be able to manage it from a different network.  AP bridge wifi to wired, they are layer 2 devices - this is what an AP is ;) I would guess this is not mentioned in many guides in using a wifi router as AP since its pretty much basic understanding of what an AP is ;) If you did not have a dhcp server running on this network segment, how would you think a client would get an IP on that segment?