Wireless Configuration Question- Help Needed :(

Hi guys,

I just received my pfsense SG-1000 and am loving it. I have successfully setup my LAN bridge and WAN connections and currently live and online :D My next challenge is to set up a wireless access point.

I am using an older modem/router for my AP and have disabled DHCP and WAN interfaces. I have been reading through how to set up my AP and the first thing multiple guides say is "..Navigate to Interfaces->Assignments and add an interface". So I have already crated an OPT1 interface which allows me to manage my modem that sits outside the LAN. The problem is I cant seem to add any additional interfaces.

This is probably a symptom of my severe lack of knowledge and experience with pfsense, but any held given would be fantastic.

Cheers,

Just had a thought. Perhaps the guides I have been reading are describing a setup that includes a wifi NIC installed on the pfsense box? That would explain why they are adding an additional interface ?

So to follow up. I believe that yes, I not need to add any additional interfaces (silly me). Basically, this is what I have done so far

1. Set up my old rodem/router with a LAN IP of 192.168.1.3 (which is outside of my LAN DHCP range)
2. Disabled the DHCP server on the modem/router

Now I can see both my 2.4 ad 5 Ghz networks and can connect.

I get assigned a valid IP address from the LAN DHCP range. But i cannot access the net.

Any ideas ?

johnpoz

Well if your lan network is 192.168.1/24 and your wifi clients are getting an IP from your dhcp on pfsense You should be working - what are the clients getting for dns, gateway? These should point to pfsense. Are you wired clients on this 192.168.1 network working?

You sure you disable dhcp on your old wifi router, and your getting dhcp from pfsense - pointing to pfsense for dns and gateway?

@johnpoz:

Well if your lan network is 192.168.1/24 and your wifi clients are getting an IP from your dhcp on pfsense You should be working - what are the clients getting for dns, gateway? These should point to pfsense. Are you wired clients on this 192.168.1 network working?

You sure you disable dhcp on your old wifi router, and your getting dhcp from pfsense - pointing to pfsense for dns and gateway?

Thank you for the response. I have check my client (which is a mac). I found my default gateway like so:

route get default | grep gateway = 192.168.1.1

I then found my dns servers like so:

scutil –dns | grep 'nameserver[[0-9]*]; = (nameserver[0] = 192.168.1.1 & nameserver[1] = 192.168.1.1)

To answer your question, my wired clients on my pfsense LAN are active and working. With the following:

DNS Server: 192.168.1.1
Default Gateway: 192.168.1.1

The DHCP server on my old router is definitely disabled, see below (from the config of the router):
IP Address: 192.168.1.3
Subnet Mask: 255.255.255.0
DHCP Server: Disable

The LAN firewall rules shouldn't be a problem since they are default and simply allow all connection from the LAN.

I really need to get this working, and I can't seem to figure why this is still failing at this point.

johnpoz

Well if you firewall rules are any any..

You say you can not ping? Can you arp for the mac of pfsense interface? If not then no nothing is going to work.. That you get dhcp points to layer 1 or 2 not being a problem?

Points to wireless issue if your saying your wired clients work.. Does a wired client plugged into a lan port on this wifi router your using as just dhcp work?

you sure your connecting to your wifi? ;) I have seen more times than you would think…

Q: How come my printer doesn't work from my wifi client?? But I can use the internet and ping the router
A: Because your connected to your neighbors wifi with SSID of linksys which is open vs your that is linksys with a psk ;)

Hi Johnpoz, thanks for taking the time to help out :)

Well yeah its Lan Net to Any ( Default allow lan to any rule)

@johnpoz:

Well if you firewall rules are any any..

Does a wired client plugged into a lan port on this wifi router your using as just dhcp work?

you sure your connecting to your wifi? ;) I have seen more times than you would think…

So if i take a client from my LAN and cable it directly from the old router ports. Then i do not get a valid DHCP IP, which makes sense since it never touches my PFsense LAN and DHCP is disabled on the old router.

And I am certain i am connecting to the correct SSID, I changed them to be custom, just to be sure.

johnpoz

"So if i take a client from my LAN and cable it directly from the old router ports. Then i do not get a valid DHCP IP,"

Then you do not have your wifi router setup as AP…. And no it makes ZERO sense if your wanting to use the wifi router as just an AP.

A wifi router is a simple bridge of its wifi interface to the switch ports (lan ports).. Is just like a dumb switch on the lan ports.. So connecting 1 lan port to pfsense interface and another device on lan port 2 of wifi router has put these devices on the same layer 2 so yeah you should be getting dhcp from pfsense in that sort of setup

If your saying you setup your wifi router as AP.. And you have it plugged in like this.. Then the lan ports should work on your wifi router. Unless your doing something with vlans on pfsense? And tagging?

This really is 1 minute and done.. Any wifi router can be used as just AP.. Since their lan ports are just dumb switch, and the wifi is bridged to it.. So your doing something wrong - the dhcp server is not turned off? Your using wan port to connect to your pfsense? Not exactly sure - but what I can tell you is have done this with 100's of different models of wifi routers over the years for friends and family and clients, etc.

Does not matter if native firmware or 3rd party firmware.. Connect lan port to network, turn off dhcp server your now wifi router is just an AP with this switch bridged to its wifi...

Hi johnpoz

@johnpoz:

A wifi router is a simple bridge of its wifi interface to the switch ports (lan ports).. Is just like a dumb switch on the lan ports.. So connecting 1 lan port to pfsense interface and another device on lan port 2 of wifi router has put these devices on the same layer 2 so yeah you should be getting dhcp from pfsense in that sort of setup

Sorry sorry, miscommunication. I thought you meant if I disconnect the old router from the pfsense LAN and simply cable one of its LAN ports directly to a client,the client should not receive a IP via DHCP (since it would be disabled on the router).

I can confirm that if I have old router on my pfsense LAN and connect a client to a LAN port on the back of the old router, then yes I receive a valid IP via pfsesne DHCP server and can get on the net.

I dont think the old router has wireless issues, because i was using it 4 months ago before I swapped it out…there has to be something simple that is not working...wtf haha

Fixed the problem.

The firmware on my old router needed to be upgraded. older versions had a AP isolaton problem…sigh such a simple fix that took far too long.

Thanks for your help johnpoz :)

johnpoz

So does your client work when connected to a lan port like in my picture? But doesn't work when on wireless?