[HOW-TO] Add WI-FI to pfsense
Motherboard: ASUS H110T
CPU: Intel CPU BX80662G3900 Celeron
Wireless card: QCNFA364A-Qualcomm Atheros QCA6174A Wireless Network Adapter https://www.amazon.com/dp/B07R62F8R2/ref=pe_2640190_232748420_TE_item
I wanted to have firewall, router and access point in one machine but although I like the pfsense user interface, it does not have good wi-fi support. Workaround was virtualization pfsense and OpenWrt on xcp-ng server and route OpenWrt traffic to pfsense.
Installing XCP-ng server
Installing XCP-ng server is straight forward. For instruction I followed the instructions here https://www.youtube.com/watch?v=bG5enpij0e8 and https://xcp-ng.org/docs/install.html
Installing Xen Orchestra
This will help managing the XCP-ng server and virtual machines. I SSH to XCP-ng serve and run
bash -c "$(curl -s http://xoa.io/deploy)"as outlined here https://xen-orchestra.com/blog/how-to-start-with-xen-orchestra/
The easiest way I found was through Xen Orchestra. Open a browser and go to Xen Orchestra >> put XCP-ng serve IP address , user and password >> go to Hub >> pfSense 2.4 (install, wait until done, then click create) >> proceed with pfsense installation as usual. Make use to add Guest Utilities. Other instruction can be found here https://xcp-ng.org/blog/2019/08/20/how-to-install-pfsense-in-a-vm/
- Download openwrt image. I used the latest image 19.07.3 / targets / x86 / generic / combined-ext4.img.gz https://downloads.openwrt.org/releases/19.07.3/targets/x86/generic/openwrt-19.07.3-x86-generic-combined-ext4.img.gz
- Decompress "combined-ext4.img.gz"
- Convert .img to .vdi,
qemu-img convert -f raw -O vdi combined-ext4.img combined-ext4.vdi
- Create VM in virtualbox. Add a second Adapter by going to Setting >> Network >> Adapter 1 (NAT) & Adapter 2 (NAT)
- In virtualbox, right click the VM and export VM as OCI (I used default setting)
- In Xen Orchestra, Go to Import >> Drop OVA or XVA files here to import Virtual Machines. Note the "Network NAT" section, use the dropdown menu to select your LAN and WAN as appropriate.
- Ensure VT-d/IOMMU functionality enabled in the motherboard. https://xcp-ng.org/docs/compute.html#pci-passthrough
- Pass wireless card to OpenWrt https://xcp-ng.org/docs/compute.html#pci-passthrough
- Disable tx checksum offloading on the virtual xen interfaces of the OpenWrt VM. This has been described in pfsense installation https://xcp-ng.org/docs/guides.html#_3-disable-tx-checksum-offload and https://xcp-ng.org/blog/2019/08/20/how-to-install-pfsense-in-a-vm/
xe vif-param-set uuid=<> other-config:ethtool-tx="off"
- SSH to OpenWrt and add wireless interface
opkg update && opkg install pciutils ath10k-firmware-qca6174 iw iwinfo kmod-cfg80211 kmod-mac80211 wireless-regdb wpad kmod-ath10k nano && wifi config && reboot
- Open browser >> go to openwrt url >> Network >> Wireless and enable the wifi.
- Network >> Interfaces >> edit LAN. We will route the traffic from openwrt to pfsense. If pfsense IP is 192.168.1.1, set Pv4 address to be 192.168.1.2 (I had to SSH to openwrt and edit
/etc/config/networkand I did this at the end). Set DNS server and gateway to the main router's address (192.168.1.1 in this example). Turn off the firewall and DHCP server in the openwrt. Go to System >> Startup, and disable firewall, dnsmasq and odhcpd in the list of startup scripts. More information can be found here. https://openwrt.org/docs/guide-user/network/wifi/dumbap
- I found XCP-ng Center https://github.com/xcp-ng/xenadmin to be useful to do the following: Autostart VM and the order to start VM. I used v20.03.01 https://github.com/xcp-ng/xenadmin/releases/download/20.03.01.31/XCP-ng-Center-20.03.01.31.msi (I had issues with the newer version)
- Right click the VM >> Properties >> Boot Options and Start options. I have pfsense start first, openwrt start 90 second after pfsense.
Hope this helps.