WiFi access point
-
So are you running dhcp on this wifi interface? There is a big difference between association with the wifi and then network access using that wifi.
So your saying your clients can not associate to the wifi network you setup. Or they just can not do anything when they connect, do they get an IP address from pfsense dhcp? Or they using some APIPA address 169.254?
Pfsense and wifi really not good for much of anything.. You would be much better off just using either a real AP for your wifi, or some old wifi router as AP.. I see in your browser tabs that you have dd-wrt running on something. Why not just use that as your wifi AP?
-
I tried all day yesterday to use my ddwrt router as a access point and no success. I used this youtube tutorial for the settings with my ddwrt router. https://www.youtube.com/watch?v=VX4xsjpzKtw I also setup a wlan interface for my wifi and I just added 192.168.3.254 for the wlan since my wifi has 192.168.2.254 and now I have a limited connection. I also set the wlan protocol to any.
-
There is zero need of a video to setup any wifi router as AP.
First thing I would do if you want your wifi on its own network segment, does pfsense have 2nd interface you can use? If not do you have a switch that does vlans?
If you only have the 1 lan interface in pfsense, then you can use your wifi router as AP on your lan..
I am going to assume you only have the 1 lan nic to use. And you have a switch..
So lets make some assumptions. Your pfsense lan is on 192.168.1.0/24 right now, it has an ip of 192.168.1.1.. I am going to assume your dhcp pool starts at some number other than 2, and you have no devices on 192.168.1.2
If you do your going to need an IP that is not in your dhcp pool, that is not being use. I will assume 192.168.1.2 for now.
So connect a laptop or something to your dd-wrt router so that you can get to its admin page. Ok change its IP to 192.168.1.2 mask /24 (255.255.255.0)
Make sure you laptop can now access dd-wrt on this 192.168.1.2 address.. Now turn OFF its dhcp server!!!
Now disconnect your laptop and connect using a LAN port of this dd-wrt to your lan network.. Make sure you can get to its web gui 192.168.1.2 from something else on your LAN!!!
Set up dd-wrt wifi how you want to set it up.. Shazam there you go AP!!!
If you do have another interface to use on pfsense and you want to use that as your wifi segment.. Then just repeat the above steps but use whatever you set this other nic in pfsense network to be, say 192.168.2.0/24 - connect a laptop or something to this nic or switch on this network, or if your using a vlan support switch - on this new network.. Then just do the same thing on dd-wrt as you did for your lan - just use this new segment IP settings..
-
I have a second interface. I will try again using my ddwrt router for an AP.
-
Ok if you have a 2nd interface..
Lets do it with 192.168.2/24 so same scenario.. Setup pfsense so this 192.168.2/24 network works!!!
Make sure you can connect a wired device to pfsense and it gets dhcp, it can use the internet, etc.. Then just setup your dd-wrt with 192.168.2.2/24 and if you want to be able to admin it from you lan. Then it would need a gateway - which would be pfsense IP in this new wifiap network - lets say that is 192.168.2.1, I know dd-wrt allows you to set a gateway on its lan interface.. If everything is on just your 1 lan network, doesn't really matter (unless you were looking to admin it from outside pfsense)
But once you put it on another segment, you prob going to want it to have a gateway pointing to pfsense if you want to admin it from say your lan network.
-
I setup the firewall rules for the ddwrt AP to allow any. and I set my ddwrt gateway to 192.168.1.1 My ddwrt lan is 192.168.1.2 I have a limited connection now to the AP and I am not able to access the AP
 -
dude!!!
You didn't set any network on this dd-wrt interface you created.. So how would anything work???
If your going to use a new pfsense interface.. You have to give it an IP!!! lets make it 192.168.2.1/24
There is NO gateway on this interface.. Its jut another lan interface..
You then need to setup dhcp server on this interface.. Make the pool for example 192.168.2.10 to 250.. This gives you couple of ips to play with on both ends of the range for static or reservations.
Then on dd-wrt give it IP 192.168.2.2, with gateway 192.168.2.1 (pfsense IP in this network)
-
I'm now able to get a limited connection to my ddwrt router and able to access within the network but still no wifi. I attached my config I think I did everything you said to do? I think I might have done something wrong in the ddwrt dhcp server setup though???
 -
I thank you for all the detailed information you gave me. I'm up and running!!! I just had to reboot the pfsense box. Iv'e been working on this for almost two weeks now. Finally!!!!!!!!!!! ;) I once again thank everyone for being patient and helpful.
-
Why are blocking bogon on a lan side interface.. How would bogon traffic ever hit that interface???
-
I just did it really for no reason.
-
That is never a good thing on a firewall ;) heheeh
If you worried about traffic hitting that interface that is NOT from that network, the better thing to do would be for the source to be limited to that network.. ie ddwrt network in your case.
-
Do I really need to download the new update>? I just got this box up and running. I don't want to mess it up like I see some have when updating.
-
What update are you talking about? Current is 2.3.2-p1, what version are you running? Oh I see from your screenshot.. Yeah you should update!!
Should of really updated when you first installed it before doing anything else ;)
I have been running pfsense for years and years.. I do not recall an issue with any update.. Users that have problems did not read the caveats to the upgrade, were jumping multiple versions, etc.
If your worried, take a backup of your config (which is good to do anyway now and then even if not upgrading). This way if something does go funky on your. Its as simple as reinstall and load your backup config. 5 minutes tops ;)
The p1 update to 2.3.2 has been out for quite some time.. Sept 27.. So your not jumping the gun the minute it came out..
It behooves you to be running current code, especially on security software. Not saying you have to jump the second they come out or anything. If your hesitant on such upgrades then sure give it a day or so, week to see if anyone screaming about something broken.. But this update has been out for quite some time!! I would update to it yes!
-
My gf is getting a T shirt with this on it to wear. An intelligent man is sometimes forced to be drunk to spend time with his fools. I'm getting one also. 8) We both find it hilarious.
-
heheeh ;) Fantastic… Love to see a pic when you get them ;)
And yes quite often I need many a drink to not want to reach through screen and strangle some people...
