*AIO* All-in-one box
-
Maybe a mikrotik card on a 90 degree riser could work with 2 radios.
http://www.ebay.com/itm/121556421225
-
@Phishfry:
Maybe a mikrotik card on a 90 degree riser could work with 2 radios.
http://www.ebay.com/itm/121556421225
I considered that but I wasn't sure that even with the bracket taken off it would fit comfortably inside. And then drilling holes for antenna aerials, adding cost for antennas/pigtails to the riser and adaptor card..
I am very surprised to see Mini PCI (not PCIe) 802.11n cards though, I wouldn't have thought that would be a thing - http://store.netgate.com/miniPCI-Cards-C26.aspx
-
Sounds like he already bought the RAlinks so i am wondering how he will make out… I had less than stellar time with them. I would imagine that external directional antennas for the Site to Site link would be best and an omni for the AP...I wonder how an 150M single channel link is going to provide for 5-8 people. Maybe OK for light browsing..
-
I am using a mini pci card in my riverbed steelhead 100 with good results.
-
Looks like the Ralink RT3071 is only 802.11b/g/n as well…..(No 5 ghz)
He also mentions Ralink RT3072 so who knows..
-
I wonder if this is the device he is using. I really wonder how the radio could put out 1000mw yet max draw from usb2 is 500ma. If I am correct. Sure seems like a large power draw to me. Mikrotik quotes 2-3 watts for their high output radio -for an example.
http://www.amazon.com/Etekcity%C2%AE-Wireless-Integrated-Notebooks-Computers/dp/B006JWMOOI
Here is an example of the generic RA3072 -
I wonder if this is the device he is using.
-
Can we get those any closer to each other? hehe.
Does it work well as an AP (not adhoc)?
-
I'm still in testing, but today I have not the time :-\
-
Cool - Thanks!
-
I hope i didn't come across as to gruffy. I encourage all experimentation.. I just had problems with the RA3071. I think its less than top notch hardware.
The Atheros usb is a no go I have found as well.I really think your USB solution could work but you got problems with a 2.4 ghz network. The channel spread is so small your going to have troubles. It might work but i see collisions ahead.
Maybe consider a mimo cantenna arrangement for the backhaul. Since your on a budget..
http://en.wikipedia.org/wiki/Cantenna -
Okay, got it up and assigned all interfaces…
run0 -> WAN (on USB1)
IPv4: DHCP
IPv6: none
set SSID & WPA
connects to the WiFi and gets IPrun1 -> OPT1 (on USB2)
IPv4: 192.168.1.1 /24
IPv6: none
set new SSID & WPA
enabled DHCP 192.168.1.100 - .199 /24
I am able to connet to that AP and get an IPvr0 -> LAN (onboard LAN)
IPv4: 192.168.0.1 /24
IPv6: none
enabled DHCP 192.168.0.100 - .199 /24
used for configurationThe problem is that I can't get a connection to the internet on OPT1.
What rules do I have to set?? :oThe CP doesn't show either, but I think this is because there is no connection to the internet.
Typing the address manually gets me to the CP. -
I hadn't thought of that. How would your pfSense box authenticate itself to the upstream captive portal? If you logged it in with your credentials would not the rest of your office be sharing your authenticated session? Can you ask the admin of the upstream AP to create an exception for your WAN MAC address so you are not putting a CP behind a CP?
Some of the CPs I have seen can be tricky as they grab the attention of the browser on your device and then have a string of automatic redirects. We are setting one up at work and when it works its works, when it doesn't trying to wrestle control of the browser for even basic toubleshooting is a nightmare, it just flips to wherever it is sent and trying to pause it to so much as show the URL or IP it is going to is impossible.
The problem is that I can't get a connection to the internet on OPT1.
What rules do I have to set?? :oThe CP doesn't show either, but I think this is because there is no connection to the internet.
Typing the address manually gets me to the CP.Can you get anything from LAN? If so check your firewall rules to make sure you have HTTP, HTTPS, DNS allowed (and ICMP for PING etc) from the OPT1 interface. Show screenshots from your config if you still have issues.
Which CP can you acces by IP, the local one or the upstream one?
-
How would your pfSense box authenticate itself to the upstream captive portal? If you logged it in with your credentials would not the rest of your office be sharing your authenticated session?
Yes, the authenticated session would be shared, but that is no problem.
Which CP can you acces by IP, the local one or the upstream one?
the local one
Can you get anything from LAN?
no, I have no access to the internet on LAN
Firewall rules:
WAN has actually no rules
LAN has 3 (anti-lockout, 2x default LAN to any)
OPT1 has no rules configured -
Sorry MrCount, I think I started off by looking at this in terms of your pfSense box for you to configure rather than seeing it as a link in the chain. You may have covered all this but rather than me making assumptions lets start from scratch.
Quote
How would your pfSense box authenticate itself to the upstream captive portal? If you logged it in with your credentials would not the rest of your office be sharing your authenticated session?
Yes, the authenticated session would be shared, but that is no problem.
Perhaps not for you, but have you spoken to those responsible for the upstream network? I would strongly recommend you do so if you haven't. If they are aware of your project they may be able to help you (for example letting you bypass their CP) but if they are not and discover what you are doing the hard way they may get quite upset. Think of it this way, from their perspective you can either work with them or around them, and if your position were reversed which would you prefer?
As I say if you already have some agreement for this great, carry on, but if not it should be the very next thing you do.
Quote
Which CP can you acces by IP, the local one or the upstream one?
the local one
Quote
Can you get anything from LAN?
no, I have no access to the internet on LAN
Firewall rules:
WAN has actually no rules
LAN has 3 (anti-lockout, 2x default LAN to any)
OPT1 has no rules configuredYou will need to configure the rules for OPT1 but ignore those until you have internet working from LAN.
-
have you spoken to those responsible for the upstream network? I would strongly recommend you do so if you haven't.
There is an agreement.
You will need to configure the rules for OPT1 but ignore those until you have internet working from LAN.
LAN now connects to the internet.
But how can I get the AP on OPT1 to let clients through to the internet?? -
@MrCount:
have you spoken to those responsible for the upstream network? I would strongly recommend you do so if you haven't.
There is an agreement.
You will need to configure the rules for OPT1 but ignore those until you have internet working from LAN.
LAN now connects to the internet.
Glad to hear it and good to know LAN can now reach the internet.
But how can I get the AP on OPT1 to let clients through to the internet??
Only LAN is automatically set to allow traffic out. The default rule is to block all traffic unless there is a rule to allow it, so you must create rules for OPTx interfaces to allow the traffic you need. The minimum is often HTTP, HTTPS and DNS, the rest depends on what you need so consider ICMP for PING, FTP etc. If you find anything specific not working you will need to check the firewall logs to see what got blocked, and allow a rule for it.
For example, webmail may work fine but an email client may not be able to send email. This will be because webmail is passing the rule for HTTPS, but the mail client is using SMTP. You would see in the logs that traffic on port 25 (SMTP) was blocked, so allow this and repeat for whatever other services you need.
-
Okay, so for testing it would be okay if I set the following?
proto: IPv4
Source: OPT1 address
port: *
destination: *
port: *
gateway: *and
proto: IPv4
Source: *
port: *
destination: OPT1 address
port: *
gateway: * -
pfSense rules only apply on traffic arriving on the interface. Your traffic from OPT1 clients would arrive on OPT1 when leaving that network, so you should only need to use the first rule - but you have "OPT1 Address" there (a single IP on the OPT1 range I think - I don't have a pfSense in front of me right now) which should be "OPT1 Network", look at the default rules for LAN and use those as a guide.
Your second rule means "traffic (arriving on the OPT1 interface) with destination OPT1 network will pass" (I'm correcting address to network again there). Traffic destined for for the OPT1 network would arrive on another interface, not OPT1, for example it arrives on WAN and is routed to and leaves OPT1. Any traffic from the OPT1 network to the OPT1 network would go directly from client to client, it would never arrive on the pfSense OPT1 interface. Your second rule shouldn't cause any problems but it won't achieve anything either.
-
Okay, the OPT1 is up and running.
I can now access internet with new clients over the AP…;D