Wireless Support in pfSense 2.4 (Intel 8260)

BluBoy

@dotdash:

Wireless in general is discouraged, and station mode is a bit of an edge case.

While I agree that wired should be used over wireless where available, I think it would be silly to ignore wireless altogether.
A greater number of consumer devices are coming in a wireless only option, my use case is in a virtual environment on my laptop (which is also becoming more common).

Not supporting wireless in station mode because it is not the preferred method of connection seems pretty short sighted, especially when alternative gateways provide the option to configure it in the GUI.

chrcoluk

bluboy yeah the modules default shipped in pfsense is a very low amount, I expect its like that because they previously supported nano installs, now people are starting to use more beefy hardware and nano is EOL, hopefully they will include a much wider range of kernel modules to support more networking hardware.

dotdash

@BluBoy:

Not supporting wireless in station mode because it is not the preferred method of connection seems pretty short sighted, especially when alternative gateways provide the option to configure it in the GUI.

Station mode is supported, the issue is someone taking the time to add drivers for hardware with cumbersome licensing that doesn't support the mode 90% of users are going to need. You can get a secondhand Atheros card for around ten bucks, or you could raise a few hundred in bounty money and see if someone takes it.

BluBoy

@dotdash:

Station mode is supported, the issue is someone taking the time to add drivers for hardware with cumbersome licensing that doesn't support the mode 90% of users are going to need. You can get a secondhand Atheros card for around ten bucks, or you could raise a few hundred in bounty money and see if someone takes it.

Interesting. The drivers don't bother me so much as it is possible to just pull them from FreeBSD 11 vanilla.
(Of interest, would it be possible for pfSense to host these drivers seperately, and allow users to just download the ones they needed? Or even just link to the FreeBSD 11 drivers?)

Station mode doesn't seem to be supported? Can you point me to where this is?
When I configured just the GUI, it didn't work and appeared to only cater for WAP mode
(Interfaces -> Wireless and then Interfaces -> WAN)

Would it be possible to clear delimitate the fact that it is a wireless client and not a WAP? I'd gladly support the project by buying gold if this could receive some attention (I know, I'm sure there are more pressing things needing attention)

If this is the intended place to configure a wireless client WAN connection, should I be submitting a ticket because it doesn't work (I haven't as I'm not sure pulling in my own iwm modules will affect the otherwise vanilla pfSense).
After adding the module files and loading them at boot, I still needed to mess with wpa_supplicant to get it to work.

dotdash

When I referred to station mode, I meant operating as an Infrastructure client, connecting to an AP.
I haven't done this for a while, so I threw an old Atheros card in a 2440 I had on my desk. Here are some notes on the process-
Added the card (and wired up the antennas), booted the box. Logged in and went to assign interfaces, set WAN to ath0. (Yours would be iwm0). Interfaces, WAN: Left v4 on DHCP, set v6 to none. Left config at BSS, checked box to enable WPA. Entered the wireless key. Unchecked block private networks. Saved. Interface was showing down, went to status, interfaces, and renewed the DHCP. Interface now shows up and has an IP, can ping out to the Internet.
This was done on a previously vanilla config, card is marked AR5BXB63, YMMV, HTH.

BluBoy

@dotdash:

When I referred to station mode, I meant operating as an Infrastructure client, connecting to an AP.
I haven't done this for a while, so I threw an old Atheros card in a 2440 I had on my desk. Here are some notes on the process-
Added the card (and wired up the antennas), booted the box. Logged in and went to assign interfaces, set WAN to ath0. (Yours would be iwm0). Interfaces, WAN: Left v4 on DHCP, set v6 to none. Left config at BSS, checked box to enable WPA. Entered the wireless key. Unchecked block private networks. Saved. Interface was showing down, went to status, interfaces, and renewed the DHCP. Interface now shows up and has an IP, can ping out to the Internet.
This was done on a previously vanilla config, card is marked AR5BXB63, YMMV, HTH.

Thanks dotdash, I really do appreciate your efforts here.

I undid most of the changes I made, so now I only have the if_iwm.ko and iwm8000Cfw.ko from FreeBSD 11.0 vanilla copied to /boot/modules (and corresponding entries in /boot/loader.conf)
(So basically, no more manual wpa_supplicant happening)

I am still connected to home_WAP.
I followed your guide, went into the WAN INTERFACE, left v4 on DHCP, v6 NONE, Using Infrastrucutre (BSS), WPA enabled.
This time I tried home_WAP-5G, ensured the rest was configured correctly, applied those changes. Then went into STATUS, INTERFACES and attempted to renew the DHCP lease.
For a brief moment, I saw that it connected… Then on the pfSense console window I had opened, I now see "iwm0: iwm_update_edca: called" scrolling by every few seconds.
... I'm guessing there is an issue with the driver, and this is perhaps why it isn't included in pfSense???

BUT! Is it an issue with 5Ghz radios? I decide to reboot and connect to a different 802.11G WAP. I reboot to start again. When pfSense reboots, it is happily connected to the home_WAP-5G access point.

So yes. I can now see you can change WAN WAPs through the GUI, although, I still think it isn't the best user experience (as it appears to be the configuration settings for setting up a pfSense WAP).
Is it possible to present different configuration options to the user depending on if they want to be a client or a AP? Maybe have the scan wireless option on the page as well (it is available under status though)

Finally, I would love to hear if any 'normal' iwm users have this issue when changing settings. I'm not sure if it is my setup (Using QEMU/KVM with PCI passthrough to pfSense with .ko files stolen from vanilla FreeBSD), or just the drivers at fault here. I have seen similar iwm errors when the laptop loses connection for a bit...

BearTM

@BluBoy:

Finally, I would love to hear if any 'normal' iwm users have this issue when changing settings.

Just adding my $0.02 to the iwm support in pfSense …

Thank you for detailing your experience

I started with a 2.3.x install, performed the 2.4.1 upgrade, and following these instructions was 100% successful!

Grabbed copy of FreeBSD Release ISO
ftp://ftp.freebsd.org/pub/FreeBSD/releases/ISO-IMAGES/11.1/FreeBSD-11.1-RELEASE-amd64-bootonly.iso

mount ISO image

copy from ISO
  /boot/kernel/if_iwm.ko
  /boot/kernel/iwm8000Cfw.ko
  [or other iwmXXXXfw.ko firmwares as needed]

SFTP [as root] the files to pfSense (assume copied to /root directory)

SSH: [as root]
  chmod 555 if_iwm.ko
  chmod 555 iwm8000Cfw.ko
  cp if_iwm.ko /boot/kernel
  cp iwm8000Cfw.ko /boot/kernel

Either:
  vi /boot/loader.conf
  [add lines]
  if_iwm_load="YES"
  iwm8000Cfw_load="YES"
  [save file]

Or through GUI:
  Diagnostics / Edit File
    /boot/loader.conf [Load]
  [add lines]
  if_iwm_load="YES"
  iwm8000Cfw_load="YES"
  [Save]

Interfaces / Wireless / Add
  Wireless Interface Configuration
  Parent Interface: iwm0
  Mode: Infrastructure (BSS)
  Description: Intel WiFi

Interfaces / Interface Assignments / Add
  Enable Interface: [checked]
  Description: WIFI
  IPv4: DHCP
  Persist Common Settings: [checked]
  Mode: Infrastructure (BSS)
  SSID: [your SSID to connect to]
  WPA Enable: [checked]
  WPA Pre-Shared Key: [your PSK passphrase]

Status / Interfaces
  [check that everything is working]

–-

I have no issues connecting/disconnecting/reconnecting to the hotspot (or android phone) at 5GHz.
The "iwm0: iwm_update_edca: called" message only appeared once on connection

The continual update messages you experienced must have been due to a connection failure/reset/mismatch with the particular 5G access point you were using. All connections I attempt to various access points work perfectly.

NOTE: I am also using QEMU/KVM PCI passthrough running on a Ubuntu host, dedicated server - Gigabyte GA-H170N-WIFI motherboard
[P.S> I'm using the Intel 8260 as a backup WAN to a mobile hotspot, useful as emergency connection for when the (home) WAN gateway connection goes down]

gaijinboy

@BearTM:

@BluBoy:

Finally, I would love to hear if any 'normal' iwm users have this issue when changing settings.

Just adding my $0.02 to the iwm support in pfSense …

Thank you for detailing your experience

I started with a 2.3.x install, performed the 2.4.1 upgrade, and following these instructions was 100% successful!

Grabbed copy of FreeBSD Release ISO
ftp://ftp.freebsd.org/pub/FreeBSD/releases/ISO-IMAGES/11.1/FreeBSD-11.1-RELEASE-amd64-bootonly.iso

mount ISO image

copy from ISO
  /boot/kernel/if_iwm.ko
  /boot/kernel/iwm8000Cfw.ko
  [or other iwmXXXXfw.ko firmwares as needed]

SFTP [as root] the files to pfSense (assume copied to /root directory)

SSH: [as root]
  chmod 555 if_iwm.ko
  chmod 555 iwm8000Cfw.ko
  cp if_iwm.ko /boot/kernel
  cp iwm8000Cfw.ko /boot/kernel

Either:
  vi /boot/loader.conf
  [add lines]
  if_iwm_load="YES"
  iwm8000Cfw_load="YES"
  [save file]

Or through GUI:
  Diagnostics / Edit File
    /boot/loader.conf [Load]
  [add lines]
  if_iwm_load="YES"
  iwm8000Cfw_load="YES"
  [Save]
 
Interfaces / Wireless / Add
  Wireless Interface Configuration
  Parent Interface: iwm0
  Mode: Infrastructure (BSS)
  Description: Intel WiFi

Interfaces / Interface Assignments / Add
  Enable Interface: [checked]
  Description: WIFI
  IPv4: DHCP
  Persist Common Settings: [checked]
  Mode: Infrastructure (BSS)
  SSID: [your SSID to connect to]
  WPA Enable: [checked]
  WPA Pre-Shared Key: [your PSK passphrase]

Status / Interfaces
  [check that everything is working]

–-

I have no issues connecting/disconnecting/reconnecting to the hotspot (or android phone) at 5GHz.
The "iwm0: iwm_update_edca: called" message only appeared once on connection

The continual update messages you experienced must have been due to a connection failure/reset/mismatch with the particular 5G access point you were using. All connections I attempt to various access points work perfectly.

NOTE: I am also using QEMU/KVM PCI passthrough running on a Ubuntu host, dedicated server - Gigabyte GA-H170N-WIFI motherboard
[P.S> I'm using the Intel 8260 as a backup WAN to a mobile hotspot, useful as emergency connection for when the (home) WAN gateway connection goes down]

Hi,

I have a Gigabyte GA-Z270N-WIFI motherboard running ubuntu 16.04 and I use Pfsense as router in the virtualbox.
I have set the wireless adapter (wlp9s0) in the virtualbox as bridged and I followed your tutorial.
But unfortunately for me it didn't work.
On Pfsense it sees the adapter as em2 but in the "Wireless Interface Configuration" it shows "None available" in parent interface.

I have tried to reboot Pfsense but no luck and I also tried your tutorial from zero 3 times.
I'm using the version 2.4.3-RELEASE.

Do you know any idea that could be my problem?

Thanks in advance.

BearTM

The important detail for you is exactly what I added in the NOTE at the end:

"NOTE: I am also using QEMU/KVM PCI passthrough running on a Ubuntu host, dedicated server - Gigabyte GA-H170N-WIFI motherboard."

Since pfSense needs to directly control the hardware, this method will only work as a bare-metal or PCI Passthrough to the VM.

Because you bridged your adapter to the host, there is no WiFi card for pfSense to access in hardware.

Remove the WiFi card from your host (blacklist), add it as a PCI Passthrough to the VM in QEMU, and then it will work.

gaijinboy

Thanks for the explanation!

I'll try to do on this weekend and let you know.

gaijinboy

@BearTM:

The important detail for you is exactly what I added in the NOTE at the end:

"NOTE: I am also using QEMU/KVM PCI passthrough running on a Ubuntu host, dedicated server - Gigabyte GA-H170N-WIFI motherboard."

Since pfSense needs to directly control the hardware, this method will only work as a bare-metal or PCI Passthrough to the VM.

Because you bridged your adapter to the host, there is no WiFi card for pfSense to access in hardware.

Remove the WiFi card from your host (blacklist), add it as a PCI Passthrough to the VM in QEMU, and then it will work.

I tried once again to add it as a PCI Passthrough and I found out that my adapter is not 8260, it is 8265 :(
They already merged the kernel module into the version 12 of freebsd, but not for version 11.
So I guess I will have to wait until I can make this work