Interesting, maybe these parameters could just be integrated into the gui?

Try to change Router's IP addresses. Some ADSL modems uses IP address 192.168.1.1 and probabbly you are trying to connect on modem instead of your system.

Running completely unencrypted is dangerous, even with macadress filtering. macs are easy to fake and to sniff. I would do it in the following way: Connect the AP in bridge mode to an OPT-Interface enable macfiltering at the AP for your photoframe and other wlanclients enable Captive Portal at the OPT1 with no user (upload a nice "you won't get in here!" page with no authentication form) add captive portal mac adress passthrough for the macs you need (your photoframe and your notebook or whatever client you need) enable the dhcp-server at OPT1 and add static MAC/IP assignments. enable deny unknown clients and enable static ARP configure the PPTP-Server and setup a user to be available to tunnel in add a firewallrule at opt1 to only allow the IP of the photoframe to access the ports and servers needed at LAN add a firewallrule to allow your pptp client anywhere This makes it only harder to get through. It doesn't grant absolute security. Now your Photoframe can only go to the photo storage and your notebook is vpned to lan and is part of your lan subnet. This traffic is encrypted (though pptp is not the best encryption one could get).

That error suggests that the EEPROM could not be read, try to disable ACPI perhaps.

Kill radiusd in status > services, start it again via the shell using /usr/local/etc/raddb/radiusd -x, I believe that is how you start radius in debugging mode.  There is no need to sniff when radius will tell you if it gets anything.  you may have to execute it with an X in caps though, I don't remember.  But ocassionally radius will recieve packets but ignore them, most commonly when it doesn't feel that the incoming packet is from a valid client device.  It sounds like you got it fixed, but this is a much easier way of troubleshooting radius for future reference.

Use the captive portal mac filtering option.

Well, you can only solve this for traffic passing through or to the pfsense box - simply enable and require some form of VPN, either IPSEC or OpenVPN.

Will do, thanks Hoba :)

Thanks, I'll give that a shot later this week.

Ok then thank for answering so quick. Look forward to the next few releases then :)

Happy to open that door, if he'll contact me PM'd here. Love to see the card work.

If you want to have both subnets (wireless and lan) in the same broadcastdomain and the same subnet you use bridgeing. If you want different subnets you use routing. As you have different subnets you want to use routing. Did you setup appropriate firewallrules to make traffic pass and all clients use the correct gateway and have an IP from the correct subnet?

By all means MAC filtering is VERY weak, but I have in my list as just another step to crack.  If you want in badly enough and have the time anyone and everyone can get into any wireless network, but why not make it that much more fun for a wireless hacker IMO.

the simpler way is to buy 2 access points that are WDS or bridges capable (like buffalo WHR-HP-G54), once wireless link is configured by wds for example, you just need to connect them to each part of your network Chady

@goofyfoot: can you put on there that billm is a B-E-A-Utiful Man?  ::) No.  If Bill wants it on there he has access to do so.

@lsf: If this is for home use, i'd say, set up encryption on the AP (WPA prefered) then treat the zone as if it WAN. Add pptp to it in order for yourself/kids to use the internal LAN. (if you set up rules for some ip's (you, your kids etc.) you have basically opened up the network anyways. So, WPA or WEP on AP, PPTP to reach lan, and deny any acess from WLAN other then what you would normally allow on WAN. Set it up today and it is working like a charm.  Way cool. pfsense rocks. 8)

Best guess is that it's some sort of captive portal. So some sort of wget/lynx command in a sh script, and timed with corn should most likely do the trick. If you find a command line that will activate/login then adding a cron job should help you ensure it's up.

Problem 1 VIA chipset. Problem 2 PCMCIA card. Known issues, no solutions afaik.

If you do a "sysctl -a |grep rfsilent" and "sysctl -a |grep rfkill" you will find two sysctl strings that can possibly disable your card as well. If you are lucky your card supports this. Try to change the sysctls from 1 to 0 and 0 to 1 to enable/disable the card. If you can get this to work then use that sysctl line in a cron job to enable/disable the radio part of your card.

@MdeWendt: Hello, i'm using an WRAP board with the embedded version of pfsense (at the moment 0.95). Its not possbile for me to set a wlan card to all possible channels (especially in the 5GHz band there are only 4 channels avaliable - ifconfig eth0 channel list). the card supports more channels. who to fix it? thx. Martin There is a solution here: http://forum.pfsense.org/index.php/topic,854.0.html And a Countries Codes List: http://www.unicode.org/onlinedat/countries.html