PFSense Wireless Acesspoint VPN/Radius Setup/Support



  • Hello everyone!

    I'm  not sure if this question has been asked previously I did do a search to see if it was and I found nothing.

    I'm going t build a Pfsense 1u firewall and I was planning on picking up a: Ubiquiti Networks UAP-AC-LR-US 802.11ac Long Range Access Point and plugging it into a gigabit Ethernet port on the Pfsense machine. I want the access-point to be used in radius2 mode and have Pfsense dish out dhcp, vlan tagging, and radius server. I'm wondering if I use that access point if I can restrict WiFi connections to disallow access until connected to the wireless interface unless you have a VPN tunnel established. Then log in to radius. Is this kind of setup possible with that access point? I'm not sure if you need a specific access point to get vpn, radius, dhcp, and vlan tagging. Is this only determinant by using pfsense as the fw and router or am I wrong?

    Any help would be greatly appreciated,

    -Jon


  • LAYER 8 Global Moderator

    confused on what your wanting to do with the vpn?  You want pfsense to be the vpn client to some service - and route your wifi users out this vpn, and block their access if vpn is down?  Yeah that is possible.  And sure you can run freerad on pfsense and use it your radius for auth to your wifi.  And sure the unifi support vlans, and even dynamic assigned vlans.



  • I wanted to set up vpn so you had to establish a vpn tunnel to the pfsense box or the wireless access point before you would be able to see the captive portal for radius.

    I ended up getting different hardware. I didn't want to have to run the ubiquity cloud software especially since it's a java program.  I ended up getting a Cisco WAP121 ethernet access point. I can't get wireless clients to see the internet.

    I have an optional interface in the pfsense box with an internal static ip with dhcp on. 192.168.2.1  The access point has a static ip in this address range I have the mac address added to the filtering table for allowance the client is getting an ip address but not getting internet connectivity.  Is there anything special I have to do when plugging in an ethernet access point into a pfsense box to get wireless up?

    I don't yet have radius, nor vpn running I'm just using a regular ssid, mac filtering, and wpa2 personal.

    I'm guessing these need to be bridged some way?  I don't necessarily want to share the lan with wifi users unless I allow to do so with vlans or firewall pin holes. I'm try to keep wifi traffic separate but still get internet connectivity.

    Thanks again for help!

    -Jon


Log in to reply