How to set up pfsense as AP with an D-Link DWA-556



  • Hi @All and sorry to bother you with the same "old" question…. I really checked the other threads to get an answer.. but none works for me... And the book pfSense guide is't very helpful at all....

    OK.. Let's go

    I've been running pfSense for a few years now, but never got so confused. I'm trying to set up pfSense as an AP with a DWA-556 (atheros). I bought this card, cause it is said to be know as working on pfs2.0.
    I'm actually running pfSense 2.0-RC3_amd64 (built on Fri Jul 8 19:12:41 EDT 2011).

    My interface settings are:

    WAN --> nxfe0 (DHCP - from a fritz.box phone - works as Modem+Router - pfsense as exposed host)
    LAN  --> em0 (STATIC - 10.0.0.1/8 - DHCP on / Range 10.100.200.200 - 10.100.200.209 / Gateway 10.0.0.1)
    WLAN1 --> ath0 (STATIC - 10.0.0.2/8 - DHCP on / Range 10.100.200.210 - 10.100.200.219 / Gateway 10.0.0.2)
    WLAN2 --> ath0_wlan1 (STATIC 10.0.0.3/8 - DHCP on / RANGE 10.100.220 - 10.100.200.229 / Gateway 10.0.0.3)

    • at "Interfaces-->assign-->wireless" there is also a clone atho_wlan1
    • at "interfaces-->assign-->briges" I configured "bridge0" with the members LAN & WLAN1 & WLAN2

    LAN works fine!!!

    Settings for WLAN1:

    General configuration:
    Speed and duplex: default

    Static IP configuration:
    IP address: 10.0.0.2/8
    Gateway: none

    Common wireless configuration:
    Persist common settings: (unchecked)  <-- No Idea
    Standard: 802.11g
    Protection Mode: off
    Transmit power: 99
    Channel: Auto
    Antenna settings: default/default/default
    Distance setting: --
    Regulatory settings: ETSI / Germany / Indoor

    Network-specific configuration:
    Mode: AP
    SSID: Test1
    WPA: Checked
    WPA Mode: WPA2
    WPA Key Management Mode: Both
    Authentication: Shared Key


    Settings for WLAN2:

    General configuration:
    Speed and duplex: default

    Static IP configuration:
    IP address: 10.0.0.3/8
    Gateway: none

    Common wireless configuration:
    Persist common settings: (unchecked)  <-- No Idea
    Standard: 802.11g
    Protection Mode: off
    Transmit power: 99
    Channel: Auto
    Antenna settings: default/default/default
    Distance setting: --
    Regulatory settings: ETSI / Germany / Indoor

    Network-specific configuration:
    Mode: AP
    SSID: Test2
    Authentication: Open System


    @"Firewall-->Rules" I added for WLAN1 & WLAN2

    Action: pass
    Interface: WLAN1 (resp. WLAN2)
    Protocol: any
    Source: WLAN1 subnet (resp. WLAN2 subnet)
    Destination: any


    I can see with a mobile device (eg my acer A500) or a laptop both SSID's but I can not establish any connection.
    Looks like there is no IP address assignment by DHCP.

    I also tested to assign an interface with the "BRIGE0" and enable the DHCP server on this interface. Can't establish a connection connection.

    On pfSenses console there is about every 10s to 30s the message: ath0: stuck beacon; resetting (bmiss count4)

    What am I doing wrong?
    Can some one tell me how to correctly configure pfSense to get it work.
    What's about that bridge? Do I need it in a /8 subnet?
    Do I have to assign 3 different /24 subnets even if the DHCP range is set different?
    Should I go to a i386 version?

    here is al log for a connection try:

    Jul 11 21:07:37 hostapd: ath0_wlan0: STA e0:b9:a5:4d:c3:32 WPA: pairwise key handshake completed (RSN)
    Jul 11 21:07:40 hostapd: ath0_wlan0: STA e0:b9:a5:4d:c3:32 IEEE 802.11: deassociated
    Jul 11 21:07:41 hostapd: ath0_wlan0: STA e0:b9:a5:4d:c3:32 IEEE 802.11: associated
    Jul 11 21:07:41 hostapd: ath0_wlan0: STA e0:b9:a5:4d:c3:32 RADIUS: starting accounting session 4E1B4533-00000018
    Jul 11 21:07:41 hostapd: ath0_wlan0: STA e0:b9:a5:4d:c3:32 WPA: pairwise key handshake completed (RSN)
    Jul 11 21:07:43 hostapd: ath0_wlan0: STA e0:b9:a5:4d:c3:32 IEEE 802.11: deassociated
    Jul 11 21:07:44 hostapd: ath0_wlan0: STA e0:b9:a5:4d:c3:32 IEEE 802.11: associated
    Jul 11 21:07:44 hostapd: ath0_wlan0: STA e0:b9:a5:4d:c3:32 RADIUS: starting accounting session 4E1B4533-00000019
    Jul 11 21:07:44 hostapd: ath0_wlan0: STA e0:b9:a5:4d:c3:32 WPA: pairwise key handshake completed (RSN)
    Jul 11 21:07:46 kernel: ath0: stuck beacon; resetting (bmiss count 4)
    Jul 11 21:07:46 kernel: ath0: stuck beacon; resetting (bmiss count 4)
    Jul 11 21:07:46 hostapd: ath0_wlan0: STA e0:b9:a5:4d:c3:32 IEEE 802.11: deassociated
    Jul 11 21:07:47 hostapd: ath0_wlan0: STA e0:b9:a5:4d:c3:32 IEEE 802.11: associated
    Jul 11 21:07:47 hostapd: ath0_wlan0: STA e0:b9:a5:4d:c3:32 RADIUS: starting accounting session 4E1B4533-0000001A
    Jul 11 21:07:47 hostapd: ath0_wlan0: STA e0:b9:a5:4d:c3:32 WPA: pairwise key handshake completed (RSN)
    Jul 11 21:07:49 hostapd: ath0_wlan0: STA e0:b9:a5:4d:c3:32 IEEE 802.11: deassociated
    Jul 11 21:07:50 hostapd: ath0_wlan0: STA e0:b9:a5:4d:c3:32 IEEE 802.11: associated
    Jul 11 21:07:50 hostapd: ath0_wlan0: STA e0:b9:a5:4d:c3:32 RADIUS: starting accounting session 4E1B4533-0000001B
    Jul 11 21:07:50 hostapd: ath0_wlan0: STA e0:b9:a5:4d:c3:32 WPA: pairwise key handshake completed (RSN)
    Jul 11 21:07:53 hostapd: ath0_wlan0: STA e0:b9:a5:4d:c3:32 IEEE 802.11: deassociated
    Jul 11 21:07:53 hostapd: ath0_wlan0: STA e0:b9:a5:4d:c3:32 IEEE 802.11: associated
    Jul 11 21:07:53 hostapd: ath0_wlan0: STA e0:b9:a5:4d:c3:32 RADIUS: starting accounting session 4E1B4533-0000001C
    Jul 11 21:07:53 hostapd: ath0_wlan0: STA e0:b9:a5:4d:c3:32 WPA: pairwise key handshake completed (RSN)
    Jul 11 21:07:56 hostapd: ath0_wlan0: STA e0:b9:a5:4d:c3:32 IEEE 802.11: deassociated
    Jul 11 21:07:56 hostapd: ath0_wlan0: STA e0:b9:a5:4d:c3:32 IEEE 802.11: associated
    Jul 11 21:07:56 hostapd: ath0_wlan0: STA e0:b9:a5:4d:c3:32 RADIUS: starting accounting session 4E1B4533-0000001D
    Jul 11 21:07:56 hostapd: ath0_wlan0: STA e0:b9:a5:4d:c3:32 WPA: pairwise key handshake completed (RSN)
    Jul 11 21:07:59 hostapd: ath0_wlan0: STA e0:b9:a5:4d:c3:32 IEEE 802.11: deassociated
    Jul 11 21:08:15 kernel: ath0: stuck beacon; resetting (bmiss count 4)
    Jul 11 21:08:16 kernel: ath0: stuck beacon; resetting (bmiss count 4)
    Jul 11 21:08:46 kernel: ath0: stuck beacon; resetting (bmiss count 4)
    Jul 11 21:09:16 kernel: ath0: stuck beacon; resetting (bmiss count 4)
    Jul 11 21:09:46 kernel: ath0: stuck beacon; resetting (bmiss count 4)
    Jul 11 21:10:09 syslogd: exiting on signal 15
    Jul 11 21:10:09 syslogd: kernel boot file is /boot/kernel/kernel
    Jul 11 21:10:11 dhcpd: Internet Systems Consortium DHCP Server 4.2.1-P1
    Jul 11 21:10:11 dhcpd: Copyright 2004-2011 Internet Systems Consortium.
    Jul 11 21:10:11 dhcpd: All rights reserved.
    Jul 11 21:10:11 dhcpd: For info, please visit https://www.isc.org/software/dhcp/
    Jul 11 21:10:11 dhcpd: Warning: subnet 10.0.0.0/8 overlaps subnet 10.0.0.0/8
    Jul 11 21:10:11 dhcpd: Warning: subnet 10.0.0.0/8 overlaps subnet 10.0.0.0/8
    Jul 11 21:10:11 dhcpd: Warning: subnet 10.0.0.0/8 overlaps subnet 10.0.0.0/8
    Jul 11 21:10:11 dhcpd: Warning: subnet 10.0.0.0/8 overlaps subnet 10.0.0.0/8
    Jul 11 21:10:11 dhcpd: Multiple interfaces match the same subnet: em0 ath0_wlan1
    Jul 11 21:10:11 dhcpd: Multiple interfaces match the same shared network: em0 ath0_wlan1
    Jul 11 21:10:11 dhcpd: Multiple interfaces match the same subnet: em0 ath0_wlan0
    Jul 11 21:10:11 dhcpd: Multiple interfaces match the same shared network: em0 ath0_wlan0
    Jul 11 21:10:16 kernel: ath0: stuck beacon; resetting (bmiss count 4)
    Jul 11 21:10:16 kernel: ath0: stuck beacon; resetting (bmiss count 4)
    Jul 11 21:10:17 kernel: ath0: stuck beacon; resetting (bmiss count 4)



  • You have a number of things wrong:

    • distinct interfaces need to be in distinct subnets. You have LAN, WLAN1 and WLAN2 in the same subnet.

    • the bridge interface itself should have an IP address, its members shouldn't

    Its hard to tell you how to right it because you haven't described how you want your configuration to behave. Why have two distinct wireless networks on the one physical interface if you are going to bridge them together? Do you want your WLAN clients to have free access to LAN system?



  • @wallabybob
    OK. ThanX

    Check if I got it right (I have to reduced to LAN & WLAN only –> Posted config was only for testing purpose.. got confused cause of this ath0 & ath0_wlan1 interfaces).

    1. LAN (em0) --> NO DHCP / NO IP (interface type: none)
    2. WLAN (ath0) --> NO DHCP / NO IP (interface type: none)
    3. BRIDGE0 --> Members: LAN & WLAN / DHCP ON / IP Static e.g. 10.11.12.1 /24 / DHCP Range eg 10.11.12.2 - 10.11.12.254

    So I guess I can access pfSense webinterface though the BRIDGE0 / 10.11.12.1 ?

    Got It Right ??


    At the moment I have it like
    1. LAN (em0) --> DHCP ON / IP Static 10.11.12.1 /24 / DHCP Range 10.11.12.2 - 10.11.12.254
    2. WLAN (ath0) --> DHCP ON / IP Static 10.11.13.1 /24 / DHCP Range 10.11.13.2 - 10.11.13.254
    3. BRIDGE0 --> Members: LAN & WLAN / No Interface assigned at the "interface assignment" .. "only" defined in "bridges"

    In this configuration wireless hosts can connect & internet works on LAN & WLAN .. but they do not see each other.

    What I want.. I just want to be abe to have the file-sharing enabled between my wireless hosts and my wired ones. For this they have to be in the same subnet (as I know).
    It's just the question how to bring them togeder. I do not need 2 WLAN's. One is good enough.

    P.S.

    What is this ath0: stuck beacon; resetting (bmiss count4) message?
    A x64 driver problem?? Is it more stabe if I install a x32 version of pfSense????



  • @LoCrux:

    What is this ath0: stuck beacon; resetting (bmiss count4) message?
    A x64 driver problem?? Is it more stabe if I install a x32 version of pfSense????

    I don't know what it means. I see it from time to time on my system and it doesn't seem to cause any problems.

    @LoCrux:

    In this configuration wireless hosts can connect & internet works on LAN & WLAN .. but they do not see each other.

    You need a firewall rule on WLAN to allow access to LAN. Try to access a LAN client from WLAN and then check the firewall log (Status -> System Logs, click on Firewall tab). You will probably see your access attempts logged.

    @LoCrux:

    What I want.. I just want to be abe to have the file-sharing enabled between my wireless hosts and my wired ones. For this they have to be in the same subnet (as I know).
    It's just the question how to bring them togeder. I do not need 2 WLAN's. One is good enough.

    I suggest you reconfigure so that your LAN interface is the bridge (pfSense LAN interface has special default rules). You can probably get this done by the following sequence from a wireless client:
    Rename em0 to PHYSLAN, set IP address to NONE.
    Add a firewall rule to PHYSLAN and WLAN to allow DHCP: Pass, proto=UDP, source=0.0.0.0, port=68, dest=255.255.255.255, port=67, gateway=*, queue=none.
    Change members of bridge0 to WLAN and PHYSLAN
    Assign interface bridge0 to LAN. Check new LAN interface has previously assigned LAN address and DHCP server enabled etc.
    Set IP address of WLAN to NONE.
    On wireless client renew DHCP lease.

    I have not done this so can't vouch for the ordering. You might lose access to the box at different stages (especially the second last) so it would also be a good thing to also have a LAN client with a temporary static IP address so you can gain access to the box if you lose access through the wireless client. Once it is all done I suggest you reboot so you can verify that the new configuration restarts correctly.

    This mirrors the configuration I have: wireless LAN and wired LAN bridged with unfettered access between LAN and wireless LAN.

    Edit: I have just checked my firewall rules on PHYSLAN and WLAN and each interface also has a rule:
    Pass, proto=, source=LAN net, port=, dest=, port=, gateway=*, queue=none.



  • The stuck beacon issues are a known issue with atheros chips. I believe it has been fixed with the latest versions of FreeBSD but you'll have to wait until PFSense is updated for that to not happen. Also, I was not able to get WPA or WPA2 working with PFSense using a DWA-552. You might want to try with either No encryption or WEP first to see if it will work.

    Using the latest builds of FreeBSD 9 WPA2 would work for me, and there might even been some experimental N support. It sounds like PFSense 2.1 will use 9 for it's base, so maybe in the next year it will work a lot better than it does now.

    I think I recall another thing that might be causing stuck beacons messages. You might want to try a different channel as I think the amount of interference could also cause that issue.



  • :-\

    OK.. Now it seems to work (in parts)

    The following configuration is now running:

    Interfaces:
    1. WAN (nfe0)
    1. INTEL (em0) –> Interface only set to active
    2. WLAN (ath0) --> Interface only set to active & WLAN settings (SSID, Mode, etc..)
    3. LAN = BRIDGE0 (Members: INTEL & WLAN)  --> IP: 10.0.0.1/8; DHCP On (Range 10.11.12.1 - 10.11.12.254); Gateway 10.0.0.1

    Assigned Rules for the Firewall:

    LAN:
    1. Pass, proto=, source=LAN net, port=, dest=, port=, gateway=, queue=none
    2. Pass, proto=
    , source=INTEL net, port=, dest=, port=, gateway=, queue=none
    3. Pass, proto=, source=WLAN net, port=, dest=, port=, gateway=*, queue=none

    INTEL: (needed ???)
    1. Pass, proto=, source=INTEL net, port=, dest=, port=, gateway=*, queue=none

    WLAN: (needed ???)
    1. Pass, proto=, source=WLAN net, port=, dest=, port=, gateway=*, queue=none

    Now all clients connect on the 10.0.0.0/8 subnet and get their IP assigned within the DHCP range.

    If I check the arp tables on connected hosts (physical or wireless) all hosts seem to be resolved..
    BUT if I ping (ICMP) a wireless-host from a wired-host (or vice versa) they don't reply.

    Pinging wired-host <--> wired-host or wireless-host <--> wireless-host is OK.

    So Samba or Windows sharing does also only work within the host-interface (INTER or WLAN)
    BUT NOT within the BRIDGE-Interface.
    So is there anything more I have to set????

    Last but not least:

    I reinstalled pfSense using a i386 version (2.0-RC3) and the ath0: stuck beacon; resetting (bmiss count4) vanished!!!!

    Regards

    LoCrux



  • Your rules for INTEL and WLAN should probably both specify source=LAN net since the INTEL interface and WLAN interface don't have IP addresses. I've no idea what source will actually go into the firewall rules when you specify a network which does have an IP address. You will also need to add the rule I gave earlier to allow DHCP.

    Have you checked the firewall log to see if the access attempts from wired to wireless have been blocked by the firewall? And remember to reset firewall states if you change the rules.


Log in to reply