Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PFSense Wireless Acesspoint VPN/Radius Setup/Support

    Scheduled Pinned Locked Moved Wireless
    3 Posts 2 Posters 955 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      iZatrix
      last edited by

      Hello everyone!

      I'm  not sure if this question has been asked previously I did do a search to see if it was and I found nothing.

      I'm going t build a Pfsense 1u firewall and I was planning on picking up a: Ubiquiti Networks UAP-AC-LR-US 802.11ac Long Range Access Point and plugging it into a gigabit Ethernet port on the Pfsense machine. I want the access-point to be used in radius2 mode and have Pfsense dish out dhcp, vlan tagging, and radius server. I'm wondering if I use that access point if I can restrict WiFi connections to disallow access until connected to the wireless interface unless you have a VPN tunnel established. Then log in to radius. Is this kind of setup possible with that access point? I'm not sure if you need a specific access point to get vpn, radius, dhcp, and vlan tagging. Is this only determinant by using pfsense as the fw and router or am I wrong?

      Any help would be greatly appreciated,

      -Jon

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        confused on what your wanting to do with the vpn?  You want pfsense to be the vpn client to some service - and route your wifi users out this vpn, and block their access if vpn is down?  Yeah that is possible.  And sure you can run freerad on pfsense and use it your radius for auth to your wifi.  And sure the unifi support vlans, and even dynamic assigned vlans.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • I
          iZatrix
          last edited by

          I wanted to set up vpn so you had to establish a vpn tunnel to the pfsense box or the wireless access point before you would be able to see the captive portal for radius.

          I ended up getting different hardware. I didn't want to have to run the ubiquity cloud software especially since it's a java program.  I ended up getting a Cisco WAP121 ethernet access point. I can't get wireless clients to see the internet.

          I have an optional interface in the pfsense box with an internal static ip with dhcp on. 192.168.2.1  The access point has a static ip in this address range I have the mac address added to the filtering table for allowance the client is getting an ip address but not getting internet connectivity.  Is there anything special I have to do when plugging in an ethernet access point into a pfsense box to get wireless up?

          I don't yet have radius, nor vpn running I'm just using a regular ssid, mac filtering, and wpa2 personal.

          I'm guessing these need to be bridged some way?  I don't necessarily want to share the lan with wifi users unless I allow to do so with vlans or firewall pin holes. I'm try to keep wifi traffic separate but still get internet connectivity.

          Thanks again for help!

          -Jon

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.