Best approach for Wifi for my setup?

  • Hi,

    I have a wired network (WAN -> pfsense -> unmanaged switch -> LAN) and family who want Wifi added to it for them and their visiting friends.

    I don't trust them not to have their wifi devices wide open or acting as hotspots ;D so ideally I want to have some kind of complete isolation of the Wifi side from my own PC, laptop, file servers - VLAN, separate PCI card, separate IP range, etc. I'm also not sure how I want to structure the Wifi side (access point or otherwise), whether I might want to allow some degree of connectivity of wired-to-wireless if it can be done safely (eg to allow access to a couple of "safe" shares on a given file server only), and whether I want to split the Wifi into "trusted" and "untrusted" wireless networks (are any Wifi devices "safe"?).

    The building is large and has double thickness brick walls so from memory, wifi signals become unreliable from one room to another which may be a factor in choosing a reliable card or the need for repeaters/extenders/antennae.  I'm mainly a wired LAN user so wireless setup is pretty new to me, and the main stickied threads about wireless card support either date from 2007-08 which isn't so relevant for v2.1, or contain a very long list but no information which PCI Wifi cards would have better drivers, reliability, or signal quality.

    Can anyone help me run through how to choose a suitable Wifi setup and the security implications of the different options?


  • If you want to save yourself time and headaches, forget about wifi cards to use directly in pfSense. Get an external AP and connect it to a new interface or VLAN on your pfsense box and manage the access rules on the FW.

    I did the same at home and it works great:,59799.0.html

Log in to reply