2 AP - Needing to bridge networks

japunga

Hi

I have 2 wrap2 boards running the latest release of pfsense with atheros wireless cards in them. I have 2 buildings that I want to connect together, one with a terminal server. Wired connections are not avaliable so I have to set up a way of connecting them using these two access points.

Could anyone help me with the setup procedure for this style of arrangement?

Thankyou

hoba

You can only bridge wireless interfaces if they are in accesspointmode. As 2 accesspoints can't talk to each other you can't do that atm (it's a driverlimitation, not pfsense). However you can set this up with routing if that is an option.

japunga

I am a bit of a hapless noob when it comes to wireless….

With the routing option, how would that be setup to allow the sort of communication I am looking for. I have some rules setup on the firewall to let trafic pass through but I don't think that is what you mean....

Any help would be greatly appreciated  :D

hoba

In case one of the locations has to use the wan of the other location you should let the WAN of both system always point to the internetgateway (in case you don't run the real wan directly on the pfSense):

(Internet)–----Internetrouter-------(lan)---------wan/pfSense1/opt1(ath0,accespoint)---------(wireless link)------wan(ath0, infrastructure)/pfSense2/lan-----clients

• add subnets to all your interfaces, don't brige anything. pfSense1 ath0 and pfsense2 ath0 have to share the same subnet and SSID
• you have to disable NAT in this kind of configuration. At both pfSense go to firewall>nat, outbound and enable advanced outbound nat. then delete the rules it creates at this page at the bottom and apply
• create pass any protocol, any source, any destination rules at all involved interfaces at both pfSense. also uncheck block private IP ranges at interfaces>wan.
• set up static routes at the internetrouter, at pfSense1 and pfSense2 for the remote subnets
• at pfSense2 it might be useful to add some custom DHCP settings like DNS and WINS of location1
• you should enable WPA for the wireless link for security reasons

Gertjan

Why using NAT, client mode etc ? (edit: talking about the AP's)

Some AP/routers offer WDS mode:
Let them all point to the gateway (the pFsense box IP) - Give them a local IP, like IP-LAN-pFSense+1 and IP-LAN-pFSense+2 - lock the WDS connection down with WPA2 and of you go.
I use a pair of those just to bring our compagny 'LAN' to my house (6 km distance !!) - no more need to have an ADSL access in my place  ;)

hoba

There is no NAT in the setup I described. It was turned off. The setup you describe currently doesn't work with pfSense due to driver limitations afaik. The solution I described works. Have tested this myself and even have setup a 3 hop shot this way with a wireless node in the middle that has no wired uplink and is powered by solarcells only (did a remote setup this way for someone at IRC). The system is deployed and working without issues afaik.

Hubal

I have similar problem. I want to link two wired LAN networks with the wirless link. So each computers can't see each other. No internet link need so far.

draft can look like this:  computers–---(eth lan)-----pfSense1(ath0)--------(wireless link 500 m)------(ath0)pfSense2-----(eth lan)-----computers

I have two wireless card. Now I'm bit confused ???, could you explain me some things:

-two access point can't talk to each other, but what about AP and Acces Point Client (AP-APC)? can I bridge wirless interface  in APC mode with lAn interface?
-  is the APC mode the same as infrastructure?

-can I put on pfsesnse1 and pf2 ad hoc modes and brigdge them with lan interfaces? no why?

-this solution with static routing has effect on preformance in comparison with brigde mode ?

hoba

APC is infrastructure. This mode can't be bridged to an other interface
ad hoc mode can't be bridged to another interface
only Accesspoint mode can be bridged to another interface

routing doesn't have an inpact on performance, it even saves some bandwidth on the wireless link as all the broadcast traffic of the wired lans won't be on the wireless link.

Hubal

thanks for explaining.  ;D

so I would like to set up this draft:

solution(1):        computers–---(eth lan)-----pfSense1(ath0)--------(wireless link 500 m)------(ath0)pfSense2-----(eth lan)-----computers                  (A)

----------(wireless link distances 50-800m)------(some wifi cards in infrastructure mode)    (B)

solution(2):    computers-----(eth lan)-----pfSense1(ath0 in ap mode)--------(wireless link 500 m)---------(some hardware bridge like Linksys, Sparklan etc)-----(eth lan)-----computers  (C)

----------(wireless link distances 50-800m)------(some wifi cards in infrastructure mode)    (D)

my ideas:

solution(1):
(A) pfsenese1 and pfSense2:  disable NAT;  enable advanced outbound nat,  delete the rules
      - create pass any protocol, any source, any destination rules at all involved interfaces at both pfSense. also uncheck block private IP ranges at interfaces>wan.
    - set up static routes form  pfSense1 to  pfSense2

(B) what do to link clients with pfsense1 in infrascture mode - is it possible in this config?

solution(2):

(C)- can it work? (or in PfSense should be a bridge mode - which istn't supported?)
(D)- can it work?

Sorry if I'm still don't understood something. I'm starting to work with wireless technology.

hoba

Solution 1 works the way you describe it.
Solution 2 will work too as pfSense1 is in AP mode and you can bridge in this mode.

Hubal

ok thanks

Uranium-235

I'm basically thinking of doing the same thing. What I have is a church and a house, and linking the DSL on the house to the church, ~300 meters away. I somehow doubt a regular box router is powerful enough, would it be? What we're planning on doing is using a SMA adapter on both of them, wire the coax outside, strip a few inches of shielding off the end and get them in line-of-sight. If I set up a normal box router as an AP at the house, can I turn a PFsense box with a wireless adapter & NIC to expand the LAN?