Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    *AIO* All-in-one box

    Scheduled Pinned Locked Moved Wireless
    69 Posts 6 Posters 16.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ?
      Guest
      last edited by

      Maybe a mikrotik card on a 90 degree riser could work with 2 radios.

      http://www.ebay.com/itm/121556421225

      1 Reply Last reply Reply Quote 0
      • J
        jonesr
        last edited by

        @Phishfry:

        Maybe a mikrotik card on a 90 degree riser could work with 2 radios.

        http://www.ebay.com/itm/121556421225

        I considered that but I wasn't sure that even with the bracket taken off it would fit comfortably inside. And then drilling holes for antenna aerials, adding cost for antennas/pigtails to the riser and adaptor card..

        I am very surprised to see Mini PCI (not PCIe) 802.11n cards though, I wouldn't have thought that would be a thing - http://store.netgate.com/miniPCI-Cards-C26.aspx

        pfSense AMD64 VGA - Assume latest version.
        Suricata, pfBlockerNG, SquidGuard, squid3.

        1 Reply Last reply Reply Quote 0
        • ?
          Guest
          last edited by

          Sounds like he already bought the RAlinks so i am wondering how he will make out… I had less than stellar time with them. I would imagine that external directional antennas for the Site to Site link would be best and an omni for the AP...I wonder how an 150M single channel link is going to provide for 5-8 people. Maybe OK for light browsing..

          1 Reply Last reply Reply Quote 0
          • ?
            Guest
            last edited by

            I am using a mini pci card in my riverbed steelhead 100 with good results.

            http://routerboard.com/R52Hn

            1 Reply Last reply Reply Quote 0
            • ?
              Guest
              last edited by

              Looks like the Ralink RT3071 is only 802.11b/g/n as well…..(No 5 ghz)

              He also mentions Ralink RT3072 so who knows..

              1 Reply Last reply Reply Quote 0
              • ?
                Guest
                last edited by

                I wonder if this is the device he is using. I really wonder how the radio could put out 1000mw yet max draw from usb2 is 500ma. If I am correct. Sure seems like a large power draw to me. Mikrotik quotes 2-3 watts for their high output radio -for an example.

                http://www.amazon.com/Etekcity%C2%AE-Wireless-Integrated-Notebooks-Computers/dp/B006JWMOOI
                Here is an example of the generic RA3072

                1 Reply Last reply Reply Quote 0
                • M
                  McCount
                  last edited by

                  I wonder if this is the device he is using.

                  pfsense.jpg
                  pfsense.jpg_thumb

                  1 Reply Last reply Reply Quote 0
                  • K
                    kejianshi
                    last edited by

                    Can we get those any closer to each other?  hehe.

                    Does it work well as an AP (not adhoc)?

                    1 Reply Last reply Reply Quote 0
                    • M
                      McCount
                      last edited by

                      I'm still in testing, but today I have not the time  :-\

                      1 Reply Last reply Reply Quote 0
                      • K
                        kejianshi
                        last edited by

                        Cool - Thanks!

                        1 Reply Last reply Reply Quote 0
                        • ?
                          Guest
                          last edited by

                          I hope i didn't come across as to gruffy. I encourage all experimentation.. I just had problems with the RA3071. I think its less than top notch hardware.
                          The Atheros usb is a no go I have found as well.

                          I really think your USB solution could work but you got problems with a 2.4 ghz network. The channel spread is so small your going to have troubles. It might work but i see collisions ahead.

                          Maybe consider a mimo cantenna arrangement for the backhaul. Since your on a budget..
                          http://en.wikipedia.org/wiki/Cantenna

                          1 Reply Last reply Reply Quote 0
                          • M
                            McCount
                            last edited by

                            Okay, got it up and assigned all interfaces…

                            run0 -> WAN (on USB1)
                            IPv4: DHCP
                            IPv6: none
                            set SSID & WPA
                            connects to the WiFi and gets IP

                            run1 -> OPT1 (on USB2)
                            IPv4: 192.168.1.1 /24
                            IPv6: none
                            set new SSID & WPA
                            enabled DHCP 192.168.1.100 - .199 /24
                            I am able to connet to that AP and get an IP

                            vr0 -> LAN (onboard LAN)
                            IPv4: 192.168.0.1 /24
                            IPv6: none
                            enabled DHCP 192.168.0.100 - .199 /24
                            used for configuration

                            The problem is that I can't get a connection to the internet on OPT1.
                            What rules do I have to set??  :o

                            The CP doesn't show either, but I think this is because there is no connection to the internet.
                            Typing the address manually gets me to the CP.

                            1 Reply Last reply Reply Quote 0
                            • J
                              jonesr
                              last edited by

                              I hadn't thought of that. How would your pfSense box authenticate itself to the upstream captive portal? If you logged it in with your credentials would not the rest of your office be sharing your authenticated session? Can you ask the admin of the upstream AP to create an exception for your WAN MAC address so you are not putting a CP behind a CP?

                              Some of the CPs I have seen can be tricky as they grab the attention of the browser on your device and then have a string of automatic redirects. We are setting one up at work and when it works its works, when it doesn't trying to wrestle control of the browser for even basic toubleshooting is a nightmare, it just flips to wherever it is sent and trying to pause it to so much as show the URL or IP it is going to is impossible.

                              The problem is that I can't get a connection to the internet on OPT1.
                              What rules do I have to set??  :o

                              The CP doesn't show either, but I think this is because there is no connection to the internet.
                              Typing the address manually gets me to the CP.

                              Can you get anything from LAN? If so check your firewall rules to make sure you have HTTP, HTTPS, DNS allowed (and ICMP for PING etc) from the OPT1 interface. Show screenshots from your config if you still have issues.

                              Which CP can you acces by IP, the local one or the upstream one?

                              pfSense AMD64 VGA - Assume latest version.
                              Suricata, pfBlockerNG, SquidGuard, squid3.

                              1 Reply Last reply Reply Quote 0
                              • M
                                McCount
                                last edited by

                                How would your pfSense box authenticate itself to the upstream captive portal? If you logged it in with your credentials would not the rest of your office be sharing your authenticated session?

                                Yes, the authenticated session would be shared, but that is no problem.

                                Which CP can you acces by IP, the local one or the upstream one?

                                the local one

                                Can you get anything from LAN?

                                no, I have no access to the internet on LAN

                                Firewall rules:
                                WAN has actually no rules
                                LAN has 3 (anti-lockout, 2x default LAN to any)
                                OPT1 has no rules configured

                                1 Reply Last reply Reply Quote 0
                                • J
                                  jonesr
                                  last edited by

                                  Sorry MrCount, I think I started off by looking at this in terms of your pfSense box for you to configure rather than seeing it as a link in the chain. You may have covered all this but rather than me making assumptions lets start from scratch.

                                  Quote

                                  How would your pfSense box authenticate itself to the upstream captive portal? If you logged it in with your credentials would not the rest of your office be sharing your authenticated session?

                                  Yes, the authenticated session would be shared, but that is no problem.

                                  Perhaps not for you, but have you spoken to those responsible for the upstream network? I would strongly recommend you do so if you haven't. If they are aware of your project they may be able to help you (for example letting you bypass their CP) but if they are not and discover what you are doing the hard way they may get quite upset. Think of it this way, from their perspective you can either work with them or around them, and if your position were reversed which would you prefer?

                                  As I say if you already have some agreement for this great, carry on, but if not it should be the very next thing you do.

                                  Quote

                                  Which CP can you acces by IP, the local one or the upstream one?

                                  the local one

                                  Quote

                                  Can you get anything from LAN?

                                  no, I have no access to the internet on LAN

                                  Firewall rules:
                                  WAN has actually no rules
                                  LAN has 3 (anti-lockout, 2x default LAN to any)
                                  OPT1 has no rules configured

                                  You will need to configure the rules for OPT1 but ignore those until you have internet working from LAN.

                                  pfSense AMD64 VGA - Assume latest version.
                                  Suricata, pfBlockerNG, SquidGuard, squid3.

                                  1 Reply Last reply Reply Quote 0
                                  • M
                                    McCount
                                    last edited by

                                    have you spoken to those responsible for the upstream network? I would strongly recommend you do so if you haven't.

                                    There is an agreement.

                                    You will need to configure the rules for OPT1 but ignore those until you have internet working from LAN.

                                    LAN now connects to the internet.
                                    But how can I get the AP on OPT1 to let clients through to the internet??

                                    1 Reply Last reply Reply Quote 0
                                    • J
                                      jonesr
                                      last edited by

                                      @MrCount:

                                      have you spoken to those responsible for the upstream network? I would strongly recommend you do so if you haven't.

                                      There is an agreement.

                                      You will need to configure the rules for OPT1 but ignore those until you have internet working from LAN.

                                      LAN now connects to the internet.

                                      Glad to hear it and good to know LAN can now reach the internet.

                                      But how can I get the AP on OPT1 to let clients through to the internet??

                                      Only LAN is automatically set to allow traffic out. The default rule is to block all traffic unless there is a rule to allow it, so you must create rules for OPTx interfaces to allow the traffic you need. The minimum is often HTTP, HTTPS and DNS, the rest depends on what you need so consider ICMP for PING, FTP etc. If you find anything specific not working you will need to check the firewall logs to see what got blocked, and allow a rule for it.

                                      For example, webmail may work fine but an email client may not be able to send email. This will be because webmail is passing the rule for HTTPS, but the mail client is using SMTP. You would see in the logs that traffic on port 25 (SMTP) was blocked, so allow this and repeat for whatever other services you need.

                                      pfSense AMD64 VGA - Assume latest version.
                                      Suricata, pfBlockerNG, SquidGuard, squid3.

                                      1 Reply Last reply Reply Quote 0
                                      • M
                                        McCount
                                        last edited by

                                        Okay, so for testing it would be okay if I set the following?

                                        proto: IPv4
                                        Source: OPT1 address
                                        port: *
                                        destination: *
                                        port: *
                                        gateway: *

                                        and

                                        proto: IPv4
                                        Source: *
                                        port: *
                                        destination: OPT1 address
                                        port: *
                                        gateway: *

                                        1 Reply Last reply Reply Quote 0
                                        • J
                                          jonesr
                                          last edited by

                                          pfSense rules only apply on traffic arriving on the interface. Your traffic from OPT1 clients would arrive on OPT1 when leaving that network, so you should only need to use the first rule - but you have "OPT1 Address" there (a single IP on the OPT1 range I think - I don't have a pfSense in front of me right now) which should be "OPT1 Network", look at the default rules for LAN and use those as a guide.

                                          Your second rule means "traffic (arriving on the OPT1 interface) with destination OPT1 network will pass" (I'm correcting address to network again there). Traffic destined for for the OPT1 network would arrive on another interface, not OPT1, for example it arrives on WAN and is routed to and leaves OPT1. Any traffic from the OPT1 network to the OPT1 network would go directly from client to client, it would never arrive on the pfSense OPT1 interface. Your second rule shouldn't cause any problems but it won't achieve anything either.

                                          pfSense AMD64 VGA - Assume latest version.
                                          Suricata, pfBlockerNG, SquidGuard, squid3.

                                          1 Reply Last reply Reply Quote 0
                                          • M
                                            McCount
                                            last edited by

                                            Okay, the OPT1 is up and running.
                                            I can now access internet with new clients over the AP…

                                            ;D

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.