Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Pf Access Point Help

    Scheduled Pinned Locked Moved Wireless
    6 Posts 2 Posters 2.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      leadZERO
      last edited by

      I just got a pf box from Netgate with an Atheros miniPCI card.  I was able to get bridging working between the LAN port and the pf hosted access point. Hosts on LAN and WIFI were able to get leases from the pf DHCP server.

      The problem started when I tried to get auth/encryption working in the pfsense access point.  No matter what settings I tried, I could never get a host to work on the  wifi.  I tried WPA/WPA2/WEP, AES/TKIP, simple keys, etc.  Everything works great if I have no authentication or encryption.  I tried both with a Windows 7 desktop as well as my iPhone.  Neither could ever connect.

      Is there some trick? I've tried Google and the forums search, but haven't come across anything that works yet.

      Thanks,
      Ryan

      1 Reply Last reply Reply Quote 0
      • W
        wallabybob
        last edited by

        @leadZERO:

        Everything works great if I have no authentication or encryption.

        That is a good start.

        Please post the output of the pfSense shell command ifconfig -a I'll compare your current parameters with mine.

        Did you reboot your pfSense box after setting encryption parameters? I don't know if it is required with change in encryption parameters but I have found a few instances where major parameter changes seem to require a reboot to take effect.

        1 Reply Last reply Reply Quote 0
        • L
          leadZERO
          last edited by

          So, to test, I took the bridge out of the equation and just added a static IP to the wireless AP interface and set the DHCP server to hand out leases on it.  The only thing I have to switch between these settings working and not working is to enable/disable the WPA? check box.  (And yes, I'm also resetting my host to use/not use the passphrase.)

          I tried rebooting my pf in between just to try that, same thing.

          
          ath0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 2290
                  ether ***
                  media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap>status: running
          
          ath0_wlan0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
                  ether ***
                  inet6 ***%ath0_wlan0 prefixlen 64 scopeid 0x9
                  inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
                  nd6 options=3 <performnud,accept_rtadv>media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap>status: running
                  ssid mixatmp channel 11 (2462 MHz 11g) bssid 00:0b:6b:23:0b:59
                  country US ecm authmode WPA2/802.11i privacy MIXED deftxkey 2
                  AES-CCM 2:128-bit txpower 25 scanvalid 60 protmode OFF burst -apbridge
                  dtimperiod 1 -dfs</hostap></performnud,accept_rtadv></up,broadcast,running,simplex,multicast></hostap></up,broadcast,running,simplex,multicast> 
          
          1 Reply Last reply Reply Quote 0
          • W
            wallabybob
            last edited by

            Here's ifconfig output from my working system:

            
            # ifconfig -a
            ath0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 2290
            	ether ***
            	media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap>status: running
            
            ath0_wlan0: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
            	ether ***
            	inet6 ***%ath0_wlan0 prefixlen 64 scopeid 0xd 
            	nd6 options=3 <performnud,accept_rtadv>media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap>status: running
            	ssid *** channel 1 (2412 MHz 11g) bssid ***
            	regdomain ROW country AU indoor ecm authmode WPA2/802.11i
            	privacy MIXED deftxkey 2 AES-CCM 2:128-bit AES-CCM 3:128-bit
            	txpower 30 scanvalid 60 protmode OFF burst dtimperiod 1 -dfs
            #</hostap></performnud,accept_rtadv></up,broadcast,running,promisc,simplex,multicast></hostap></up,broadcast,running,simplex,multicast> 
            

            Do you change the SSID when you switch from unencrypted to encrypted mode? If not, I wonder if that confuses the clients. (I presume you aren't completely clearing the clients memory of previous connections.) How about using a different SSID for the encrypted configuration?

            1 Reply Last reply Reply Quote 0
            • L
              leadZERO
              last edited by

              I did try using a different SSID, same thing.  I also noticed that anytime I changed the parameters, Windows 7 noticed the change, so I doubt it's getting confused.

              Any idea what the "burst -apbridge" on mine is?

              1 Reply Last reply Reply Quote 0
              • W
                wallabybob
                last edited by

                -apbridge means (I think) that the access point does NOT as a bridge between wireless clients.

                Other settings on my interface:

                | WPA Mode | | WPA2 |
                | WPA Key Management Mode | | Pre-Shared Key |
                | Authentication | | Open System Authentication |
                | WPA Pairwise | | AES |
                | Key Rotation | | 60 |
                | Master Key Regeneration | | 3600 |
                | Strict Key Regeneration | | unchecked |
                | Enable IEEE802.1X Authentication | | unchecked |

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.