Wireless management with external AP?
-
Is it possible to use pfSense for managing wireless network through an external AP such as WAP54G or using WRT54G as an access point?
Or would I need an internal wireless card, and then use the WAP54G as a wireless repeater of sort?
Thanks,
RMSe17 -
Just connect an accesspoint to one of your opts. You have to configure wireless settings then at the accesspoint but you could have firewalling, caprive portal, dhcp,… managed at the pfSense then.
-
@hoba,
I am currently planning to buy myself a new router box from Soekris or PCEngines and I will want to have wireless networking at home.
What would you advise me?a) Soekris/WRAP with a miniPCI wireless card working both as a wireless access point and router/firewall appliance?
b) Or would you advise me to buy the Soekris/WRAP and a real AccessPoint to connect in one of the OPT plugs?
Please be aware that I would like to have WEP, WPA, WPA2, tkip etc… enabled on the WiFi network with no more than 2 or 3 hosts and a 4Mb/256Kb WAN connection with either PPTP or OpenVPN server enabled for 1 or 2 simultaneous hosts.
Too many if, right? :o
Thanks in advance.
Cheers -
I would go with a soekris/wrap with atheros card. The only (more or less important) thing you can't do right now is macfiltering. However lsf has promised to add more features in the future (but don't expect this too soon, it's work for the next versions). Depending on the type of external AP (soho/enterprise) you should be fine with an embedded system and a wireless card (has more features like a soho AP but slightly less features than an enterprise AP). I have some colleagues using them at home with pfSense and we are using them at the office too. I also have 2 wraps with wireless at home to play around with. I only would go with an external accesspoint if the router has to be at a different location than the best location for the wireless to cover the needed area. However this is only my opinion, others might disagree.
Btw, you can expect a throughput at the wireless interface of around 25 mbit/s with a wrap/soekris in WPA mode with AES encryption (measured real throughput in 108 mbit/s turbo a mode with my cm9). This sounds low but most commercial accesspoints won't be faster either (real throughput, not theoretical values, that you never will reach).
-
On the other hand, I tend to say that pFsense rocks very well on an 'old PC' (give it at least a 10 Gb disk and 512 Mb memory - a 1.5 Ghz CPU).
Extend your Wifi network with the help of a switch and some SOHO AP's and an alternatif firmware for these AP's. I consider that I have 'entreprise AP's', initialy worth 60 € each (from ebay, even less). [Yes, those Linksys WRT54Gxxx buggers ;))
You'll wind up with good covering, no need for high power on one spot, WPA(2) etc. is handled 'of box'. Rock solid also.
Throughput is marvelous - my 3 AP's do clip the 100 Mb / FD OPT network card on the pfSense PC ones in a while, when more then 10 radio connections are present on those AP's.Using this setup in a hotel. pFsense fills in all the needs, and adds tons of extras.
-
Thanks for the tip, hoba.
Now I would love to buy an atheros miniPCI but unfortunately I can't find them here in Portugal.
I'm affraid that I will have to order it from abroad and that will get very expensive.
Cheers -
Check http://madwifi.org/wiki/Compatibility for atheros based cards. Maybe you can find one of them near your location. I use the wistron CM9.
-
Thanks for the tip hoba.
I don't want to hijack this thread so I'll open a new one with a couple more questions.
Cheers :) -
Just connect an accesspoint to one of your opts. You have to configure wireless settings then at the accesspoint but you could have firewalling, caprive portal, dhcp,… managed at the pfSense then.
Are there advantages to having wireless controlled by pFsense and then using WRT54G's with 3rd party firmware (HyperWRT or DD-WRT) as wireless repeater/access points vs having a WRT54G controll wireless settings (WAP/MAC)? Just wondering if there is a justifiable advantage to it, since I would have to buy another piece of hardware (PCI Wireless card)
Thanks!
-
Depends.
If you have just one AP - then there isn't much difference, although its simpler to mange the access (if restriction applies) on one system. Complicated Hotspot pages ? Forget about these AP’s, handle them from pFsense box.
If you need a bigger surface (multiple floors) to cover, then using the WRTG(S)’s as simple AP’s, and pFsense to manage the lot – will be simpler. Some ‘simple’ filtering has to be done on a per AP basis (think about the Network Neighbourhood from Windows - and protecting the AP’s them self).
I’m using myself a pFsense PC-based system – and an OPT1 interface. The hotspot function is enabled on it – behind it is a switch and 5 AP’s (WRT54GS + Sveasoft firmware). This never failed on me.