PfSense Wireless Access Point Use Setup
-
Your WLAN interface may be "enabled," but since it doesn't have an IP address, it doesn't exist yet. :P
IPv4 Configuration Type: None <– change this to Static IPv4
Down below where it says "Static IPv4 Configuration":
IPv4 Address: 192.168.whatever.1 <-- give it any new IP address you want. Any subnet you want like /24So if your LAN interface is 192.168.1.1 /24, you can make your WLAN inteface 192.168.2.1 /24 or whatever you desire.
In other words, 192.168.2.1 is the IP address for pfSense on the WLAN interface. You can give your Access Point a static IP address of 192.168.2.2 for example and tell it the gateway is 192.168.2.1, DNS is 192.168.2.1, etc.
Edit: After doing this, probably want to go to Services --> DHCP Server --> WLAN tab and "Enable DHCP server on WLAN interface" and give it a range, so your wireless devices can get an IP address when they connect.
-
Before I posted, I actually tried what you mentioned. I checked the default Firewall | Rules | LAN rule settings and created a rule for the wireless interface I created and changed the Source to my wireless interface; everything else was the same. It didn’t work.
Are these new rules on the Firewall | Rules | WLAN page? They shouldn't be on the LAN Rules page. It helps to think of the direction of traffic, so you'll then know where the rule should belong.
Wi-Fi Device –> Wireless Access point --> pfSense WLAN interface --> anywhere
So you want the rules to be on Firewall | Rules | WLAN since that's where it's coming into.
Here's an example rule that allows everything to go through WLAN interface to anywhere:
Source: WLAN net
Source Port: *
Destination: *
Destination Port: *
Description: Default allow WLAN to any rule -
Finger79 - Yes, the new rule was entered in the WLAN page; my rule matched yours.
I followed your instructions on the WLAN interface. The configuration of the WLAN interface was actually the missing piece. I now have wireless.
Thank you very much for taking time to guide me in the setup! Awesome!
-
Hi,
I’m new to pfsense and was following your walkthrough on here with a bit of success but at the end I get no internet access. When I go to DHCP leases the router/WAP either doesn’t show up or it shows the IP address of 192.168.2.10. I tried to then connect my phone to the router/WAP and it connected but no internet.Hardware/Configuration as follows
TP-Link Archer C5 (will be replacing, not sure what with yet)
4xIntel NIC
Em3 – WAN
Em2 – LAN – IP: 192.168.1.1/24
Em1 – WLAN – IP: 192.168.2.1/24
Em0 – not configured
WAP – 192.168.2.2I’ve setup the WLAN as described above, copied the firewall rules over from the LAN interface, disabled DHCP on the router/WAP, and assigned the router/WAP an ip address of 192.168.2.2 (this router/WAP only allowed me to input the subnet mask and not a gateway). Physical connection was ethernet from WLAN interface to LAN port on router/WAP.
I have enabled DHCP on the WLAN interface and given it a port range from 192.168.2.10 > 192.168.2.254.
At the end of all this, I can see the SSID for both 2.4Ghz & 5Ghz but get no internet when connected. Am I missing something really obvious here or have I configured something wrong?
Any help would be much appreciated. -
Can you ping the device acting as an AP from pfSense ?
Does its show anything IP wise on the clients ?
Have you allowed traffic out the Em1 interface ?
I'd be tempted to use the pfSense router as the DHCP server, you'll be able to do much more with the DHCP server.
I've just purchased a Ubiquity AC Pro and I'm impressed with the results.
-
Hi,
Yip, i can ping 192.168.2.2 with no packet loss.
When I do a dhcp lease the WAP doesn't show up at all (192.168.2.2) but I can see the SSID on my phone and when I connect to that I can see my mobile phone connecting and it gets an IP address of 192.168.2.10 (but still no internet access)
I added the same firewall rules to the WLAN as the LAN interface has "Default allow WLAN to any rule" & "Default allow WLAN IPv6 to any rule" only one i couldnt copy over was the "Anti-lockout rule"
I have set the pfsense to be my dhcp server and switched dhcp off on the WAP.
I've just bought an ASUS RT-n66u (very good price lol) and put that into AP mode. Changed to static IP
IP: 192.168.2.2
SUB MASK: 255.255.255.0
GATEWAY: 192.168.2.1
DNS: 192.168.2.1Im stumped!!! Help please…..
-
When I do a dhcp lease the WAP doesn't show up at all (192.168.2.2)
1. What do you mean by this? Your Access Point has a static IP of 192.168.2.2 so it shouldn't even need its own DHCP lease. Just your wireless clients (like your phone) should get an IP between 192.168.2.10-192.168.2.254 in your case.
Em1 – WLAN – IP: 192.168.2.1/24
2. Also, em1 interface is correctly set up, right? Static IP?
3. Are your firewall rules for WLAN interface correct? Pass rules, not block/reject?
-
Hi,
Yip, i can ping 192.168.2.2 with no packet loss.
When I do a dhcp lease the WAP doesn't show up at all (192.168.2.2) but I can see the SSID on my phone and when I connect to that I can see my mobile phone connecting and it gets an IP address of 192.168.2.10 (but still no internet access)
I added the same firewall rules to the WLAN as the LAN interface has "Default allow WLAN to any rule" & "Default allow WLAN IPv6 to any rule" only one i couldnt copy over was the "Anti-lockout rule"
I have set the pfsense to be my dhcp server and switched dhcp off on the WAP.
I've just bought an ASUS RT-n66u (very good price lol) and put that into AP mode. Changed to static IP
IP: 192.168.2.2
SUB MASK: 255.255.255.0
GATEWAY: 192.168.2.1
DNS: 192.168.2.1Im stumped!!! Help please…..
Try connecting the AP to the LAN port switch, do you get an IP from the LAN range and have internet connectivity ?
Disconnect the AP and plug in a laptop to the Em1 interface, does that work ?
It should, if it doesn't it most likley to be firewall rules, mine looks like this, ignore the middle rule, it trying to figure out where some of my IOT stuff goes before I move it into the IOT LAN :-
If anyone thinks my traffic on the middle rule is a bit high, its 4K Netflix :)
-
1. What do you mean by this? Your Access Point has a static IP of 192.168.2.2 so it shouldn't even need its own DHCP lease. Just your wireless clients (like your phone) should get an IP between 192.168.2.10-192.168.2.254 in your case.
So i shouldnt see a dhcp lease? ok, thats good to know.
2. Also, em1 interface is correctly set up, right? Static IP?
em1 setup with static IP. Pretty much a copy of my LAN interface.
3. Are your firewall rules for WLAN interface correct? Pass rules, not block/reject?
All rules are set as "Pass"
-
Try connecting the AP to the LAN port switch, do you get an IP from the LAN range and have internet connectivity ?
Connected the AP to my switch (which is connected to em2/LAN) tried my phone and it connected and I have internet access. Designated IP: 192.168.1.140
Disconnect the AP and plug in a laptop to the Em1 interface, does that work ?
Disconnected the AP from the switch, connected my laptop straight into my em1/WLAN port and i get no connection at all.
It should, if it doesn't it most likely to be firewall rules, mine looks like this, ignore the middle rule, it trying to figure out where some of my IOT stuff goes before I move it into the IOT LAN :-
I can't connect at all now. Think it could be my firewall rules. I'll add a screenshot.
-
your firewall rules are ANY ANY.. I see no hits on them, that 0/0 number.. When you connected your laptop to em1 port did get a 192.168.2.x did its gateway point to 192.168.2.1 - what was it using for dns? Could it ping 192.168.2.1?
-
When you connected your laptop to em1 port did get a 192.168.2.x
connected to em1 and it dhcp lease my laptop got IP: 192.168.2.10
did its gateway point to 192.168.2.1
Yes, gateway shows IP: 192.168.2.1
what was it using for dns?
local.domain??? Not sure how to find this out, I'm far from technical I'm afraid :-(
Could it ping 192.168.2.1?
Yes, i can ping IP: 192.168.2.1 with no packet loss but still no access to the internet????
-
Well are you outbound nats natting this 192.168.2 network.. Do you have them set for auto or did you set them to manual or something.
When you say no internet.. Does that mean you can not resolve stuff or just can not get to www.pfsense.org?
From your laptop try to ping say 8.8.8.8
try and ping say www.pfsense.org, does it come back with an address or give something about could not find host.
-
OMG its sorted.
Thanks johnpoz and everyone else for your help. It was to do with my natting. I had it set to manual as I was having issues with a "strict" nat on the xbox, playstation & PC networks. I created some outbound rules to sort out my strict NAT. I switched them back to automatic and hay presto i got connected.
Solving this issue though im guessing will now put me back onto a strict NAT when my son connects to his online gaming!
Solved one issue, may now have created another but that's another problem for another forum post.
Thanks again. really appreciate all your help.
-
And it has. Straight back to strict NAT…...bugger. Took me ages to fix that issue.
-
dude post up your outbound nat rules
-
Managed to sort it out pretty easy. There's a Hybrid option in the outbound NAT rules. I clicked that and still got wifi and now an "open" NAT and not moderate as before. Hopefully that's me sorted for now. Boys happy he has wifi and gaming I'm happy I've got it sorted with you guys help.
Cheers
-
I have been checking the web whether pfsense supports wireless NICs and wireless usb devices. And I found even a supported device list. Most of them are ralink chips, so I got an old one that supports wireless n standard and is listed.
Inserting the usb went well, even dmesg shows me that pfsense detected the device and gave it a device node run0 which is a good sign.
Going to the web interface and in the interfaces section of pfsense run0 is being listed. Only when I start setting up a wpa2 hotspot with the usb device and hit the apply button, the terminal dumps lots of output for like 10 seconds the restarts. When booting again it reaches to the point where it detects the usb device and wants to create the device node, then… the same thing over! Lots of dumping then it restarts. This cycle keeps on repeating till I take out the usb stick.
When pluging out the usb stick pfsense boots normaly. When logging into the webinterface, pfsense tells me that it has to report a critical error.
Now, it is easy to start to setup a wifi hotspot with another dumb router but I would like to keep everything central, isn't there a safe way how to setup a usb wlan device?? -
What are you doing for the static nats? I sure hope your not just setting his IP to use all ports static? That sort of config is borked on a device that does napt for other devices.
What if client asks for say port xyz, and that has already been used by another client in a napt connection?
