PfSense VMware + USB Wireless AP
I've been running pfSense 2.0 RC1 and subsequent updates under VMware Workstation 7.1 for a while now and not had any problems. Running on VMware as I don't have dedicated hardware at the moment.
Anyway, I purchased a edimax7711Uan wireless dongle in the hope I could use the as an wireless access point in pfSense. Initially I could not get the device recognised in pfSense, I would receive the error "uhub_reattach_port: port 1 reset failed, error=USB_ERR_TIMEOUT". I got around the by disabling USB 2 in the VMware settings. Out of interest I also tried FreeBSD 8.2 under VMware and got the same problem with VMware tools installed. Booting pfSense from a LiveCD on a laptop and testing the wireless dongle directly connected to the hardware worked fine. So I guess this is either a VMware issue or FreeBSD issue.
Back to the wireless AP.
So after getting the device correctly recognised in pfSense I proceeded to setup the new interface which correctly uses the RUN driver. I add the interface, setup the most basic wireless options, open network, broadcast SSID, added static ip 192.168.2.1/24 and configured a dhcp server for this subnet. My LAN subnet is 192.168.1.1/24. When I scan for networks I can see the SSID I setup but when I try to connect nothing happens, no errors. I've tried from 2 different laptops and my Android phone but nothing. As far as I can tell it's not even trying to get an IP address.
Now am I correct in thinking that regardless of whether I have setup a rule to allow traffic between the LAN and WLAN, clients should still be able to associate as the WLAN subnet is running a DHCP server?
I've attempted configuring a bridged network between LAN and WLAN but then I get an error run0 device timed out, also I don't seem to be able to configure wireless options in bridged mode?
Basically I'm looking for any pointers as to where I can poke around, the logs I've looked at so far have give me nothing to go on. And in theory am I setting it up correctly, new wireless interface vs bridged to LAN ?
I've checked out most of the "how-to setup wireless AP under pfSense" I could find but so far no joy.
From the web GUI, Status -> Wireless will display associated clients.
You will need to put some firewall rules on the OPT1 interface to allow in the DHCP requests (Firewall -> Rules) and then normal traffic. (Default is to block everything from non-LAN interfaces.) While you are debugging you could use a "wide open" rule (allow anything from anywhere to anywhere) and tighten it up once you have it working.
Get a client to attempt to acquire an IP address through DHCP. A couple of minutes later take a look at least the system log, firewall log and dhcp log (Status -> System Logs, click on appropriate tab). Anything seemingly relevant to the DHCP requests?
wallabybob, thanks for the pointers.
Added a firewall rule for OPT1: Pass, Protocol 'Any', Source 'Any', Destination 'Any', Log packets enabled. So this should allow anything through on the wireless side. Tried connecting via a wireless client and same problem, tries to connect then disconnects. I've looked in the System Log, Firewall Log and DHCP log and I can't see anything relating to when I tried to connect.
I've since tried downloading the latest snapshot and doing a complete reinstall under VMware but the same thing happens. I did notice that if I set the Channel to 'Auto' in the wireless settings then I could not see the access point so I have since set this manually.
Here is the current config of my network devices
run0: flags=8a43 <up,broadcast,running,allmulti,simplex,multicast>metric 0 mtu 2290 ether 00:1f:1f:2f:fd:55 media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap>status:running run0_wlan1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 ether 00:1f:1f:2f:fd:55 inet6 fe80::21f:1fff:fe2f:fd55%run0_wlan1 prefixlen 64 scopeid 0x9 inet 192.168.2.1 netmask 0xffffff00 broadcast 192.168.2.255 nd6 options=3 <performnud,accept_rtadv>media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap>status: running ssid AP channel 11 (2462 Mhz 11g) bssid 00:1f:1f:2f:fd:55 regdomain xxx country xx indoor authmode OPEN privacy OFF txpower 30 scanvalid 60 protmode OFF -apbridge dtimperiod 1 -dfs</hostap></performnud,accept_rtadv></up,broadcast,running,simplex,multicast></hostap></up,broadcast,running,allmulti,simplex,multicast>
I have the DHCP server setup on 192.168.2.1/24 subnet and it has a pool of addresses to handout. I have the above firewall setting to allow anything on OPT1 to go anywhere. The logs are giving me nothing to work with.
I occasionally get the following error but from what I have read this is nothing to worry about.
run0_wlan1: ieee80211_new_state_locked: pending RUN -> SCAN transition lost
For info here is the device information when I plug in the adapter
run0: MAC/BBP RT3070 (rev 0x0200), RF RT3020 (MIMO 1T1R), address 00:1f:1f:2f:fd:55 run0: firmware RT2870 loaded
Device labeled as Edimax EW-7711Uan v1.0b
Can I enable more verbose logging?
What I shall try in the meantime is setting this up on my laptop to ensure its nothing to do with VMware although it shouldn't be as it's just a USB hub allowing the device through.
Just a bit more info.
In the interfaces page to device OPT1 (run0_wlan1) displays no packets in or out and performing a packet capture on the device OPT1 whilst trying to connect to the wireless device also displays no packets. ???
Well I've narrowed the problem down.
I used the livecd to setup pfSense on my laptop configured everything and the wireless USB worked first time. I could see the AP and associate to it. I then installed VirtualBox on my PC and tried the same with that, again I get the problem with USB 2.0 so need to revert to USB1 but after that the device is seen and I can configure it and connect to it. :)
So it must be a problem with the implementation of USB on VMware, although its strange I can see the device and the broadcasting of the access point but not connect.
Anyway I'm going to do some more digging around to see if I can get it working in VMware and log a bug report with them.
Also does anyone know if the following patches: http://lists.freebsd.org/pipermail/freebsd-current/2010-October/020504.html are in pfSense? I was just wondering if they would resolve the USB 2.0 issue that is present in both VMware and VirtualBox.
For clarification, the problems I've been having with VMware have been for Workstation 7.1.4 (running on Windows 7 x64) I have just uninstalled this and installed VMware 6.5.5 and it looks to be working as it should, the wireless USB device also now connects correctly using USB 2.0.
Although I still need to do some more tests its looking promising :)