Kill radiusd in status > services, start it again via the shell using /usr/local/etc/raddb/radiusd -x, I believe that is how you start radius in debugging mode.  There is no need to sniff when radius will tell you if it gets anything.  you may have to execute it with an X in caps though, I don't remember.  But ocassionally radius will recieve packets but ignore them, most commonly when it doesn't feel that the incoming packet is from a valid client device.  It sounds like you got it fixed, but this is a much easier way of troubleshooting radius for future reference.

Use the captive portal mac filtering option.

Well, you can only solve this for traffic passing through or to the pfsense box - simply enable and require some form of VPN, either IPSEC or OpenVPN.

Will do, thanks Hoba :)

Thanks, I'll give that a shot later this week.

Ok then thank for answering so quick. Look forward to the next few releases then :)

Happy to open that door, if he'll contact me PM'd here.

Love to see the card work.

If you want to have both subnets (wireless and lan) in the same broadcastdomain and the same subnet you use bridgeing. If you want different subnets you use routing. As you have different subnets you want to use routing. Did you setup appropriate firewallrules to make traffic pass and all clients use the correct gateway and have an IP from the correct subnet?

By all means MAC filtering is VERY weak, but I have in my list as just another step to crack.  If you want in badly enough and have the time anyone and everyone can get into any wireless network, but why not make it that much more fun for a wireless hacker IMO.

the simpler way is to buy 2 access points that are WDS or bridges capable (like buffalo WHR-HP-G54), once wireless link is configured by wds for example, you just need to connect them to each part of your network

Chady

@goofyfoot:

can you put on there that billm is a B-E-A-Utiful Man?  ::)

No.  If Bill wants it on there he has access to do so.

@lsf:

If this is for home use, i'd say, set up encryption on the AP (WPA prefered) then treat the zone as if it WAN. Add pptp to it in order for yourself/kids to use the internal LAN. (if you set up rules for some ip's (you, your kids etc.) you have basically opened up the network anyways. So, WPA or WEP on AP, PPTP to reach lan, and deny any acess from WLAN other then what you would normally allow on WAN.

Set it up today and it is working like a charm.  Way cool. pfsense rocks. 8)

Best guess is that it's some sort of captive portal. So some sort of wget/lynx command in a sh script, and timed with corn should most likely do the trick. If you find a command line that will activate/login then adding a cron job should help you ensure it's up.

Problem 1 VIA chipset.
Problem 2 PCMCIA card.

Known issues, no solutions afaik.

If you do a "sysctl -a |grep rfsilent" and "sysctl -a |grep rfkill" you will find two sysctl strings that can possibly disable your card as well. If you are lucky your card supports this. Try to change the sysctls from 1 to 0 and 0 to 1 to enable/disable the card. If you can get this to work then use that sysctl line in a cron job to enable/disable the radio part of your card.

@MdeWendt:

Hello,

i'm using an WRAP board with the embedded version of pfsense (at the moment 0.95). Its not possbile for me to set a wlan card to all possible channels (especially in the 5GHz band there are only 4 channels avaliable - ifconfig eth0 channel list). the card supports more channels. who to fix it?
thx.

Martin

There is a solution here:
http://forum.pfsense.org/index.php/topic,854.0.html

And a Countries Codes List:
http://www.unicode.org/onlinedat/countries.html

Thank you very much for that additional information.  My biggest problem is right now that even from Shell I can not force the rate down and am confused if this is a glitch in FreeBSD or an issue because the driver is using an NDIS wrapped driver so we can have CCX support in the drivers as there are no open sourced drivers with CCX support.  As mentioned the "ifconfig -m" shows it as an optional media and mode and if I set the AP down to that media/mode only then it connects like that but otherwise it will only try to connect at the max the AP is offering.
Does anyone else have any suggestions on why I can't even force the media/mode down from Shell directly?  If I could get this to work I could write it into the .xml file and load it.

Not sure about this driver as the command that you reference only applies to atheros chipsets. Maybe someone else knows something about urals.

Feel free to add this if it's bsd licensed. the popup code is still existent i think. Just eneble it again and add the new keygen code if you like.

The atheros chipset has a max ack/cts timer setting that will allow about 230km.
The setting util in pfsense will allow for about 40km max. But that calc is not accurate.