• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Wireless Bridge between two pfSense boxes (with WPA)?

General pfSense Questions
4
8
7.5k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • A
    Aussie_Bear
    last edited by Nov 15, 2005, 6:40 AM

    I'm thinking about using a pair of EPIA (Mini-ITX) setups with pfsense and
    turning them into a wireless bridge setup to join my and my brother's network.

    He wants the link to be protected by WPA (RADIUS server), but I want to use
    VPN. So I'm just wondering if its possible to do both?
    (Assuming the wireless card I'll use supports WPA under FreeBSD 6.0)

    Alternatively, would it be better just to buy an wireless access point or a Linksys
    WRT54G (use a third-party firmware for bridge mode with WPA) and have
    pfSense act as VPN endpoint?

    1 Reply Last reply Reply Quote 0
    • H
      hoba
      last edited by Nov 15, 2005, 7:21 AM

      If you go IPSEC you need some horsepower at both endpoints to do the encryption. Without it you get bad throughput. I would suggest using atheros chipset based wireless cards on both ends and use WPA with AES mode (with AES it basically is as secure as IPSEC) and the atheros chipsets are doing the AES-encryption in hardware which means you should get good throughput.

      1 Reply Last reply Reply Quote 0
      • A
        Aussie_Bear
        last edited by Nov 16, 2005, 2:34 AM

        I see…

        The reason I thought of using IPSec is because the EPIA mobos I have feature the
        VIA C3 CPUs that have Padlock technology. (Meaning they can do AES encryption
        in hardware already). And since FreeBSD 6.0 Release has listed this feature as being
        supported, I naturally assumed it would be cool to use it in VPN role.

        Anyway, I looked around the FreeBSD's Hardware Compatibility list and noticed that
        some of those wireless cards may not use Atheros chips in some versions.
        (eg : I hear that some use Texas Instruments, Atheros, and PRISM ones in
        three different versions!)

        Is there a brand of wireless NIC that is guaranteed to be using the Atheros based solution?
        (Because I don't wanna buy something and end up finding out that it ain't using an Atheros
        chipset anymore because the manufacturer changed chipsets because of economic reasons).

        1 Reply Last reply Reply Quote 0
        • H
          hoba
          last edited by Nov 16, 2005, 6:22 AM

          pfSense is not supporting padlock at the moment as it is not yet fully working so we had to disable it to not break IPSEC support with platforms that have this feature. What wifi nics do you need? miniPCI, PCI, PCMCIA? lsf might have some info on supported cards and jump in here  ;D

          1 Reply Last reply Reply Quote 0
          • A
            Aussie_Bear
            last edited by Nov 16, 2005, 6:49 PM

            Just PCI based ones. Nothing fancy, as long as they're using the
            Atheros AR5212 chipset (as mentioned in the FreeBSD HCL)

            1 Reply Last reply Reply Quote 0
            • A
              Aussie_Bear
              last edited by Nov 19, 2005, 8:19 PM

              Well, it was simply fustrating trying to find the "right NIC", I gave up after about 20 tries.
              (Damn those companies for changing chipsets and not providing labelling for changes! How hard
              is it to add a character to show that its a slightly different version?)

              Anwyay, I went with a pair of Linksys WRT54G routers instead. I used HyperWRT (third-party firmware)
              and was able to get both routers talking to each other with WPA-PSK (AES). Works pretty darn good.
              (Interestingly, it supports RADIUS in this bridging mode as well).

              Gonna be using pfSense for VPN end-points.
              Thanks for your help.

              1 Reply Last reply Reply Quote 0
              • S
                sullrich
                last edited by Nov 19, 2005, 9:19 PM

                @Aussie_Bear:

                Well, it was simply fustrating trying to find the "right NIC", I gave up after about 20 tries.
                (Damn those companies for changing chipsets and not providing labelling for changes! How hard
                is it to add a character to show that its a slightly different version?)

                Anwyay, I went with a pair of Linksys WRT54G routers instead. I used HyperWRT (third-party firmware)
                and was able to get both routers talking to each other with WPA-PSK (AES). Works pretty darn good.
                (Interestingly, it supports RADIUS in this bridging mode as well).

                Gonna be using pfSense for VPN end-points.
                Thanks for your help.

                Our friends at NetGate do not do this…  http://www.netgate.com/  Everything is labelled and you get what you pay for.  Check em' out.

                NOTE: NetGate is a sponsor of pfSense, so they deserve your business!

                1 Reply Last reply Reply Quote 0
                • L
                  lsf
                  last edited by Nov 23, 2005, 6:45 PM

                  Any card marked with a+b+g 108mbit is atheros based. 3com pci card is atheros based. if you check out google and search for atheros based cards you will find loads of them. But as I said, any 108mbit a+b+g card is atheros based. The madwifi guys maintains a rather large list of supported cards: http://www.madwifi.org/wiki/Compatibility

                  -lsf

                  1 Reply Last reply Reply Quote 0
                  1 out of 8
                  • First post
                    1/8
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.