Using a wireless adapter for LAN interface

mililani

Hi folks,

I'm not sure where to put this post.  It's a how-to that I think may be useful to newbies such as myself.  When I first started installing and configuring PfSense 2.0 beta, I figured that I should be able to access and configure it wirelessly.  That is, select the internal wifi adapter as the LAN interface.  This would allow me to connect to a configured host_ap SSID on the LAN interface and manage the machine remotely (as well as connect to the Internet via NAT translation).  That proved to be quite an effort.  It took me many painstaking combinations and iterations to finally be able to start the system with the wifi adapter selected as the LAN interface in host_ap mode.  Infact, I had to do this whole painstaking process again recently only to have failed!  Luckily, I backed up my previous configuration.

So, in my system I have only two interfaces: WAN (direct connection to the Internet) and LAN (wireless access point and configuration port).  This is opposed to the normal pattern of interfaces I've seen so far: WAN <-> OPT1 (wireless adapter AP), and LAN (configuration port on ethernet).  The easiest way to configure a wireless adapter on the LAN interface in host_ap mode is by assigning the wireless adapter as the LAN interface on start up.  Then, configure the interface IPs and DHCP services from the main menu.  Then drop into shell and edit the cf/conf/config.xml file and find the <lan>stanza.  Modify it to look like this:

<lan><enable><if>ath0</if>
<media><mediaopt><wireless><standard>11g</standard>
<protmode>off</protmode>
<txpower>99</txpower>
<channel>1</channel>
<distance><regdomain><regcountry><reglocation><mode>hostap</mode>
<ssid>NEW</ssid>
<authmode><wpa><macaddr_acl><auth_algs>1</auth_algs>
<wpa_mode>2</wpa_mode>
<wpa_key_mgmt>WPA-PSK</wpa_key_mgmt>
<wpa_pairwise>CCMP</wpa_pairwise>
<wpa_group_rekey>60</wpa_group_rekey>
<wpa_gmk_rekey>3600</wpa_gmk_rekey>
<passphrase>irrits12</passphrase>
<ext_wpa_sw><enable></enable></ext_wpa_sw></macaddr_acl></wpa>
<auth_server_addr><auth_server_port><auth_server_shared_secret><pureg><enable></enable></pureg>
<apbridge><enable></enable></apbridge></auth_server_shared_secret></auth_server_port></auth_server_addr></authmode></reglocation></regcountry></regdomain></distance></wireless>
<spoofmac><ipaddr>111.168.1.1</ipaddr>
<subnet>24</subnet></spoofmac></mediaopt></media></enable></lan>

This will configure your system to start up the LAN interface in host_ap mode with a configured SSID called NEW, passphrase irrits12, on channel 1, IP of 111.168.1.1.  You can use whatever you like for this.  Reboot the system after you make these changes.  Once you connect to the SSID on startup, you will be able to access webconfigurator via 111.168.1.1.  You can also create a NAT route to bridge this network to the WAN interface.  This will allow you to also surf the WAN network (I'm assuming the WAN will be the Internet).

Hope this helps someone out.  It was a PAIN to get this to work through webconfigurator and LAN on ethernet (connecting via crossover cable).  If someone mentions this is already in the formal documentation, please shoot me.</lan>

wallabybob

I would rather put a wired LAN interface on the system and use the WEB GUI than go through that, but my typing is not very good  :)

Perhaps it also helps that I have a couple of USB - Ethernet adapters that work with pfSense.

mililani

Hi Wallaby, your response has piqued my interests.  I thought the web configurator binds to the LAN interface only.  What I do is bind the LAN interface to the ethernet port, use a crossover cable to connect, connect to the web configurator and do all the changes there.  The only problem with this is I will eventually have to remove the LAN interface from the ethernet port and onto the internal wifi adapter.  This is where PfSense, for some odd reason, becomes very cludgey.  I challenge you to try this.  It took me an entire day to do it, and for some reason, I could not replicate it recently.  I figured the easiest way is to do the initial changes, then manually add the stanzas to the config.xml file after reboot.  It saved me a bunch of headaches recently.

mililani

Nevermind!  I think I found another way!  Just add a firewall rule to allow access to web configurator on OPT1.  Switch ethernet port to OPT1 and wireless to LAN interface.  Reboot and connect to OPT1 via browser.  Reconfigure LAN.

Shoots.  I wish I've known all this before!

wallabybob

You could just add firewall rules to your wireless interface to allow it to access the internet. No need to swap LAN and OPT1 (unless I missed something).

It looks to me that on my system the web server (lighttpd) will accept incoming connections to any address, not just the address of the LAN interface. Indeed I was able to connect to it from a system on an OPTx interface.