Pfsense as a wireless client for OpenVPN



  • Hello,

    Im an trying to setup the wireless card in a pfsense box made out of a laptop, so that i can connect to a privet wireless network that uses 802.1X auth. What i want to do with this interface is have it run a OpenVPN and maybe IPsec vpn instance so that when im on their network i can connect to mine securely.

    Im am having trouble with getting it to switch to infrastructure mode, it spits out an error:

    Error creating interface with mode Infrastructure (BSS). The ath0 interface may not support creating more clones with the selected mode.

    I had it setup as an AP but had problems so i went with a USB AP for that.

    Also in the interface configuration i have no idea where i would fill in the 802.1X Auth login so that i could connect to their network.

    Im running 2.1-BETA0 build Sep 13



  • @poplap120:

    Im am having trouble with getting it to switch to infrastructure mode, it spits out an error:

    Error creating interface with mode Infrastructure (BSS). The ath0 interface may not support creating more clones with the selected mode.

    I suspect the system thinks you still have the old AP interface still defined. You MIGHT need to reboot to clear out the memory of the AP configuration from the running system.

    @poplap120:

    I had it setup as an AP but had problems so i went with a USB AP for that.

    Some ath devices are supposed to support multiple virtual interfaces, with one or more operating as AP and one or more operating in infrastructure mode.

    @poplap120:

    Also in the interface configuration i have no idea where i would fill in the 802.1X Auth login so that i could connect to their network.

    On my system 802.1x auth parameters are entered on the Interface page in the Network-specific wireless configuration section below the WEP/WPA parameters. There is a note there that says the Enable WPA box needs to be checked to be able to enable 802.1x.



  • Even after a restart i get the same error from the wireless tab on interfaces, i dont get an error under the assign interface, it seems to work except it cant connect due to auth but i tested it with another network and it connected but did not get an IP but that net work also needs a UAC client running to connect to the Internet.

    Under 802.1X i only see options to connect to the server but no field to enter in information that would log it in to the network.

    Thanks



  • @poplap120:

    Under 802.1X i only see options to connect to the server but no field to enter in information that would log it in to the network.

    Sorry I didn't remember this earlier - see http://forum.pfsense.org/index.php/topic,44801.0.html

    @poplap120:

    Even after a restart i get the same error from the wireless tab on interfaces,

    Please post the contents of the pfSense configuration file (/cf/conf/config.xml) between the tags <interfaces>and</interfaces> , after masking any authentication information, passphrases etc. I am curious what interfaces pfSense is attempting to work on.



  • Thanks,
    I will give what is in that thread a try and report back…

    EDIT: im a little confused on where i would put the wpa_supplicant.conf and in the thread they linked they had it labeled as wpa_supplicant_ath0.conf, which should i label it?

    here is the interface config.xml, i

    <interfaces><wanthe<br><enable><if>ue0</if>
                           <ipaddr>dhcp</ipaddr>
                            <gateway><media><mediaopt><lan><enable><if>msk0</if>
                           <ipaddr>10.0.0.1</ipaddr>
                           <subnet>24</subnet>
                            <media><mediaopt></mediaopt></media></enable></lan>
                    <opt1><if>ath0</if>
                            <wireless><standard>11g</standard>
                                   <mode>bss</mode>
                                   <protmode>off</protmode>
                                   <ssid>*</ssid>
                                   <channel>0</channel>
                                    <authmode><txpower>99</txpower>
                                    <distance><regdomain><regcountry><reglocation><wpa><macaddr_acl><auth_algs>1</auth_algs>
                                           <wpa_mode>2</wpa_mode>
                                           <wpa_key_mgmt>WPA-EAP</wpa_key_mgmt>
                                           <wpa_pairwise>CCMP TKIP</wpa_pairwise>
                                           <wpa_group_rekey>60</wpa_group_rekey>
                                           <wpa_gmk_rekey>3600</wpa_gmk_rekey>
                                            <passphrase><ext_wpa_sw></ext_wpa_sw></passphrase></macaddr_acl></wpa>
                                    <auth_server_addr><auth_server_port><auth_server_shared_secret><auth_server_addr2><auth_server_port2><auth_server_shared_secret2></auth_server_shared_secret2></auth_server_port2></auth_server_addr2></auth_server_shared_secret></auth_server_port></auth_server_addr></reglocation></regcountry></regdomain></distance></authmode></wireless>
                            <alias-address><alias-subnet>32</alias-subnet>
                            <spoofmac><ipaddr>dhcp</ipaddr>
                            <dhcphostname></dhcphostname></spoofmac></alias-address></opt1></mediaopt></media></gateway></enable></wanthe<br></interfaces>
            <staticroutes><dhcpdfces><wan><enable><if>ue0</if>
                           <ipaddr>dhcp</ipaddr>
                            <gateway><media><mediaopt></mediaopt></media></gateway></enable></wan>
                    <lan><enable><if>msk0</if>
                           <ipaddr>10.0.0.1</ipaddr>
                           <subnet>24</subnet>
                            <media><mediaopt></mediaopt></media></enable></lan>
                    <opt1><if>ath0</if>
                            <wireless><standard>11g</standard>
                                   <mode>bss</mode>
                                   <protmode>off</protmode>
                                   <ssid>
    </ssid>
                                   <channel>0</channel>
                                    <authmode><txpower>99</txpower>
                                    <distance><regdomain><regcountry><reglocation><wpa><macaddr_acl><auth_algs>1</auth_algs>
                                           <wpa_mode>2</wpa_mode>
                                           <wpa_key_mgmt>WPA-EAP</wpa_key_mgmt>
                                           <wpa_pairwise>CCMP TKIP</wpa_pairwise>
                                           <wpa_group_rekey>60</wpa_group_rekey>
                                           <wpa_gmk_rekey>3600</wpa_gmk_rekey>
                                            <passphrase><ext_wpa_sw></ext_wpa_sw></passphrase></macaddr_acl></wpa>
                                    <auth_server_addr><auth_server_port><auth_server_shared_secret><auth_server_addr2><auth_server_port2><auth_server_shared_secret2></auth_server_shared_secret2></auth_server_port2></auth_server_addr2></auth_server_shared_secret></auth_server_port></auth_server_addr></reglocation></regcountry></regdomain></distance></authmode></wireless>
                            <alias-address><alias-subnet>32</alias-subnet>
                            <spoofmac><ipaddr>dhcp</ipaddr>
                            <dhcphostname></dhcphostname></spoofmac></alias-address></opt1></dhcpdfces></staticroutes>



  • @poplap120:

    EDIT: im a little confused on where i would put the wpa_supplicant.conf and in the thread they linked they had it labeled as wpa_supplicant_ath0.conf, which should i label it?

    On startup pfSense generates configuration files for applications from information in the pfSense configuration file (config.xml). The topic to which I linked was pointing out that the process of generating the WiFi supplicant configuration file didn't generate the necessary elements for your type of configuration. This can't be fixed without tweaking some of the PHP code that writes the WiFi supplicant configuration file. If you tweak the PHP code you will need to keep track of your changes so you can suitably reapply them if you upgrade the pfSense firmware.

    @poplap120:

    here is the interface config.xml,

    Did you have a bit of keyboard bound when you pasted that? The whole interfaces section seems to be almost duplicated and I don't recognise the dhcpdfces element.



  • Oh ok thanks that make sense.

    Well i dont know why that happened, i was using putty. here is a copy from a ssh connection on linux box.

    <interfaces><wan><enable><if>ue0</if>
                            <ipaddr>dhcp</ipaddr>
                            <gateway><media><mediaopt></mediaopt></media></gateway></enable></wan>
                    <lan><enable><if>msk0</if>
                            <ipaddr>10.0.0.1</ipaddr>
                            <subnet>24</subnet>
                            <media><mediaopt></mediaopt></media></enable></lan>
                    <opt1><if>ath0</if>
                            <wireless><standard>11g</standard>
                                    <mode>bss</mode>
                                    <protmode>off</protmode>
                                    <ssid>MASON-SECURE</ssid>
                                    <channel>0</channel>
                                   <authmode></authmode>
                                    <txpower>99</txpower>
                                    <distance><regdomain><regcountry><reglocation><wpa><macaddr_acl></macaddr_acl>
                                            <auth_algs>1</auth_algs>
                                            <wpa_mode>2</wpa_mode>
                                            <wpa_key_mgmt>WPA-EAP</wpa_key_mgmt>
                                            <wpa_pairwise>CCMP TKIP</wpa_pairwise>
                                            <wpa_group_rekey>60</wpa_group_rekey>
                                            <wpa_gmk_rekey>3600</wpa_gmk_rekey>
                                            <passphrase><ext_wpa_sw></ext_wpa_sw>
                                            <ieee8021x><enable></enable></ieee8021x>
                                            <enable></enable></passphrase></wpa>
                                    <auth_server_addr><auth_server_port><auth_server_shared_secret><auth_server_addr2><auth_server_port2><auth_server_shared_secret2></auth_server_shared_secret2></auth_server_port2></auth_server_addr2></auth_server_shared_secret></auth_server_port></auth_server_addr></reglocation></regcountry></regdomain></distance></wireless>
                            <alias-address><alias-subnet>32</alias-subnet>
                            <spoofmac><enable><ipaddr>dhcp</ipaddr>
                            <dhcphostname></dhcphostname></enable></spoofmac></alias-address></opt1></interfaces>


Locked