Wireless (Atheros) connectivity issues
I'm having a problem with multiple sites/installations of pfSense that I'm having trouble diagnosing. We've got pfSense 2.0.1 boxes at multiple sites. Each of these boxes has an Atheros-based wireless card and is connected via OpenVPN to a pfSense box which is acting as the server/gateway to company resources. This allows us to have wired and wireless devices at each site connected to company resources as needed.
Wireless is set up as WPA2 Enterprise, and is talking via RADIUS to NPS on a Windows Server 2008 box that sits behind the server (so auth requests are sent over the VPN).
Every so often wireless stops functioning. This is random, but the problem is replicated at multiple sites, so I'm thinking we have a compatibility or configuration issue (not a signal quality issue) here. The devices that lose connectivity show full signal, but there is no communication between the device and the pfSense box, until we manually disconnect/reconnect, at which point it functions again. For example, a Windows laptop would show the "exclamation point" on top of the wireless signal near the clock when this issue occurs.
My gut tells me there's something happening with the RADIUS auth or WPA re-key that fails or is rejected, but I cannot seem to figure out where to look in the logs or otherwise to begin diagnosing this.
Thanks in advance for any guidance or tips that could get me started looking in the right place.
SlowGrind last edited by
What hardware are you using (what Atheros chipset does the wireless card have)? And can you post a screen shot of the current settings?
I believe it's the Compex WLM54G card. The client cards are all different but the behavior is the same. A screenshot of the wireless configuration is attached.
Also, after further research, it seems as though there are others running similar hardware with the same issues. Here's an example of one, and I don't know enough about the backend to know if the solution would even apply here:
WNDR3700 & Intel clients routinely deauthenticate from AP
This is EXACTLY the behavior I'm experiencing, even though we are on different platforms…
SlowGrind last edited by
By looking at the settings, Im assuming that you have 2 antennas on your access points (You have diversity turn on)? And that the you are using them outside (or a very large building) with a distance setting of 200 meters (650 feet)? And some of your clients can only use the 11b mode, the reason you have Protection mode RTS and CTS turn on?
Correct on the antennas and diversity. I've changed the distance parameters to try and see if it was an ACK timing issue. No, the distance is not that long but that happened to be what it was set on when I took the screenshot.
Adjusting any of these settings doesn't change the behavior as it relates to the connectivity issues I'm experiencing.
I really think there's something to be found from that OpenWRT ticket if we are running the same core/kernel packages…