Extend Network to other factory

  • Hi all,
    I need some help with an issue i have at the moment.  At our factory we run a small business 2003 server with a 24 port switch to all the client computers.  We have now just bought another factory about 200m up the road and i want to set up a wireless link between the 2 factories so the computers over there can see our small biz server.  I have 2 wrap units with pfsense setup on them.  Has anyone done this before?  Can someone guide me please?



    Note: the small biz server handles all the dhcp and firewall through ISA server.

  • Yes, I have a setup similiar to this (though not wireless but static 2 mbit/s link). Set it up in the following way:

    Internet–-----Mainoffice-------wan/pfsense1/lan(wifi)    )    )    )  wifi link  (    (    (    wan(wifi)/pfsense2/lan---------Branchoffice

    • Setup a transfer network that both pfSense can share for the wireless link.
    • Enable advanced outbound nat at both pfSense systems at firewall,nat, outbound and delete all autocreated nat rules to convert the setup into a routing platform.
    • Now create pass any any any rules at wan and lan (change the default lan pass rule from source subnet lan subnet to any).
    • Create static routes at pfSense1 to point to the remote lan subnet behind pfSense2
    • create static routes at your mainoffice default gateway to point to the pfSense1 for the remote lan subnet (add the transfer subnet too if you want to be able to reach these IPs)
    • at pfSense2 setup the dhcp server to hand out IPs for the branchoffice. assign the dns-server of the mainoffice (alternatively you can setup dhcp relay but using the pfSense dhcp server should be easier and dns will manage the rest)
    • optionally set up the trafficshaper at both systems to give priority to terminalsessions or whatever

  • Hi Hoba,
    Thanks for the reply.  What do you mean by a transfer network?  Sorry if it sounds stupid to ask.


  • Some kind of in your setup unused network like pfSense1 wireless interface is and pfSense2 wireless interface is, gw This way you won't have any broadcasts on the wireless link eating bandwidth.

    This transfer net will only be seen in traceroutes.

  • Should i use adhoc connection or AP and Infrastrucure?


  • I would go with AP at one end and infrastructure at the other end.

  • Hi,

    I am also trying to setup a similar configuration, but my question is how do I get the one pfsense1 wireless  to connect to pfsense2's wireless.

    I have pfsense2 as a wireless AP, but how do I setup pfsense1 to conenct to that AP?


  • The second pfSense has to be set to mode "infrastructure" with the same channels/ssid/encryption/… .

  • great - thanks.  I got it working.


  • Hi all,
    I have tried this setup. I have set it all up in one room at the moment with 2 computers.  I have set 1 as an AP and the other as infrastructure.  However for some reason when i go to status/wireless it wont show the AP but it will show our AP for our internet connection.  If i scan for AP's using my laptop it will show both the Internet AP and the PF AP. They are both on different channels.
    Any help please?


  • Ok,
    I can see the Infrastructure PF box from the PF AP and it even show the wireless ip of the INF PF in the ARP tables, i have created the rules any,any,any for both the lan and the wireless on both box and i cannot ping the other box from the AP.

  • Make sure you have all needed routes in place and you did shut down natting where needed. You also need to uncheck interfaces>wan "block private IP Ranges".

  • Hi Hoba,
    Sorry to be a pain again (i am new to this) i still cannot get this to work for some reason, i cannot even ping between the 2 pfsense units.  With the rules do i set them in the NAT page or in Firewall/Rules page? And with the static routes what would the Gateway be?



  • the simpler way is to buy 2 access points that are WDS or bridges capable (like buffalo WHR-HP-G54), once wireless link is configured by wds for example, you just need to connect them to each part of your network


Log in to reply