How to configure with USB WiFi NIC



  • hi,
    i have installed v2.0.1 on my Asus eeePC.

    what is the best configuration option for my situation.  Long term, i will buy a compatible USB NIC for my WAN interface, but for now, i just want to test things out, and possibly use the onboard NIC for the WAN, and the USB WiFi nic to create a LAN.

    when i connect the USB WiFi NIC (it is a Draytek Vigor N61, the console shows that the firmware RT2870 is loaded.  does this mean that the wifi NIC is supported out the box (that would be nice)

    so as things stand, i have one interface - WAN, that has a local IP and i can access the web interface through it.  how do i go about using the usb wifi nic?


  • Netgate Administrator

    @kingxerxes:

    the console shows that the firmware RT2870 is loaded.  does this mean that the wifi NIC is supported out the box (that would be nice)

    Probably. It looks like it's supported by the run driver so it should appear as run0. Even better is that is supports access point mode.

    In the webGUI go to Interfaces: (assign):
    Click the '+' button and hopefully select your run0 interface.

    Often with these interfaces you have to add the line: runfw_load="YES" to /boot/loader.conf.local but yours appears to be loading it's firmware already.

    Steve



  • hey,
    so i have added in the wifi interface, and set it up with a static IP in the LAN interface section.

    the trouble is that once i click ok, after a few seconds, all connectivity to the box goes.  i cannot ping it, and i cannot ping from it (using the console).

    the only way to recover is to factory reset and start again.

    any ideas?

    EDIT: correction, when i am in the state where i cannot ping the pfsense box form the network i CAN ping from the console (option 7) to the router (192.168.10.254) and other devices



  • @stephenw10:

    Often with these interfaces you have to add the line:

    runfw_load="YES"

    to /boot/loader.conf.local but yours appears to be loading it's firmware already.

    If you want the device to be recognised at boot time it is necessary to add the line:

    runfw_load="YES"

    to /boot/loader.conf.local otherwise the kernel can't find the firmware when it is required because the file system isn't yet mounted.

    @kingxerxes:

    the trouble is that once i click ok, after a few seconds, all connectivity to the box goes.  i cannot ping it, and i cannot ping from it (using the console).

    What are the IP address and netmask on the pfSense WAN and LAN interfaces? Perhaps your static IP assignment  has put WAN and LAN in the same subnet.



  • hi,
    i will edit the boot loader in due course.

    at the moment the IP's are as follows:

    Home LAN: 192.168.10.0/24 [DHCP server]

    pfSense LAN: 10.0.0.0/24 [DHCP server]
    pfSense WAN: 192.168.10.1/24 [static IP]

    i though that i should be able to access the web interface through the WAN IP from the home network, but it dont seem to be able to.

    since changing the pfSense LAN range to 10.0.0.0, i am unable to ping from the console to the home network.  is there a way to specify the interface that I am pinging from?

    EDIT: also, how can i edit the boot loader from the console?



  • @kingxerxes:

    since changing the pfSense LAN range to 10.0.0.0, i am unable to ping from the console to the home network.  is there a way to specify the interface that I am pinging from?

    I have found that "sometimes" when making "significant" IP address changes the kernel doesn't seem to completely forget the old settings and a reboot seems to be necessary to straighten everything out.

    @kingxerxes:

    EDIT: also, how can i edit the boot loader from the console?

    There are two screen based editors in pfSense: vi and ee. If you are not familiar with vi you will probably be able to get by with ee.

    Alternatively you could use a shell command like:

    echo 'runfw_load="YES"' >> /boot/loader.conf.local

    to append the string runfw_load="YES" (enclosed in single quotes in the command) to file /boot/loader.conf.local, creating the file if it doesn't already exist.



  • hi,
    i have created the loader.conf.local and the wifi nic is now detected on boot.

    as it is, the WAN is assigned to re0 (the onboard nic) and has the IP 192.168.10.1.  i cannot ping it from the network, and since rebooting i now cannot connect to the web interface.  i have tried gone through setting the IP for the WAN and have set it again to the same IP, but this hasnt helped.

    also, i am getting messates at the console saying:
    calru: runtime went backwards from [number] to [smaller number] usec for pid [pid number]

    i can ping hosts on the network from the pfsense, but not back…


  • Netgate Administrator

    By default you should not be able to ping the WAN interface, or access the webgui on it, from the wan side. The firewall blocks it. Access is via the LAN. You can change this by adding a firewall rule to the WAN interface to allow it.

    I would guess that with only one interface the box will allow access to WAN but as soon as you add a LAN interface that is changed.

    I have only experienced the 'runtime went backwards' error after switching the default kernel timecounter.
    What are the specs of your eeepc?

    Steve



  • @kingxerxes:

    as it is, the WAN is assigned to re0 (the onboard nic) and has the IP 192.168.10.1.  i cannot ping it from the network, and since rebooting i now cannot connect to the web interface.  i have tried gone through setting the IP for the WAN and have set it again to the same IP, but this hasnt helped.

    You have two networks (LAN and WAN) connected to your pfSense. Which network do you mean? Please also provide the current IP address and network mask of the pfSense WAN and LAN interfaces, the IP address and network mask of the systems from which you are attempting to connect and the text of the messages indicating "connection failure".

    @kingxerxes:

    also, i am getting messates at the console saying:
    calru: runtime went backwards from [number] to [smaller number] usec for pid [pid number]

    NTP adjusted the time "backwards"?

    @kingxerxes:

    i can ping hosts on the network from the pfsense, but not back…

    Which network do you mean? Default pfSense WAN configuration allows outgoing connection attempts from the WAN interface and blocks incoming connection attempts to the WAN interface.

    Do you have Block private networks enabled on your WAN interface?



  • @stephenw10:

    By default you should not be able to ping the WAN interface, or access the webgui on it, from the wan side. The firewall blocks it. Access is via the LAN. You can change this by adding a firewall rule to the WAN interface to allow it.

    ah ha.  i think this may be the issue i am experiencing.  what rules should i add?  the problem is that i cannot connect to the LAN interface of the pfSense as it is wireless, and each time i have added it the network has not appeared (with me selected access point mode).

    ok, networking details are:
    home network: 192.168.10.0/24
    pc that i am using to test pings to pfSense from: 192.168.10.104/24
    router (gateway for the network): 192.168.10.254/24

    pfSense WAN IP: 192.168.10.1/24, gateway 192.168.10.254/24
    pfSense LAN range: 10.0.0.0/24
    pfSense LAN interface IP: 10.0.0.1/24

    i guess the way i will have to do this is to setup with only the WAN, add the firewall rules that will let me in over the WAN (when it has two interfaces), then add the LAN interface.

    will try this all later :)


  • Netgate Administrator

    Ok, here's what I would do.
    remove the wifi card and boot the machine with only one interface, this will allow you access to the gui.
    Now add a rule to the WAN interface that will definitely allow access. It will be far too permissive for normal use but you can edit it later.

    
    Proto 	 Source Port 	Destination 	Port 	Gateway 	
    
    TCP/UDP  * 	* 	WAN interface 	* 	* 	 	 
    
    

    Now when you plug in your WIFI interface and set it up you should still have access to the webGUI to configure the wifi properties.

    Once you have access via the lan you can disable the WAN rule to restore some security.

    Steve



  • cheers all for the help.

    adding that firewall rule has worked, i now have a fancy access point :)


Log in to reply