Which WLAN USB stick?



  • I want to use pfSense as an access point, however I don't have any room left for a pci card or something like that, I need to go the USB way. Anyone can recommend a WLAN usb stick that works out of the box with pfSense 2.0.3 without any fiddling and in the best case maybe even has an external antenna?
    [Do I need an external antenna to go through 2,3 rooms?]

    (I know the pfsense Wiki links to a spreadsheet with working wlan cards/sticks, however there's no information about if they include an external antenna - and checking them all manually takes ages…)

    Thanks for any hint on this!



  • @srynoname:

    [Do I need an external antenna to go through 2,3 rooms?]

    It depends on the size of the rooms and what materials are between the AP and clients.

    @srynoname:

    I want to use pfSense as an access point, however I don't have any room left for a pci card or something like that, I need to go the USB way. Anyone can recommend a WLAN usb stick that works out of the box with pfSense 2.0.3 without any fiddling and in the best case maybe even has an external antenna?

    You probably pretty much need a device with Ralink RT3070 chipset. Devices with this chipset seem, to have pretty much disappeared from retail outlets near me so I suggest you search on eBay for RT3070 which should turn up a number of devices including some with external antenna.

    To get a RT3070 based device recognised at boot time on pfSense, it is necessary to add the line

    runfw_load="YES"

    to pfSense file /boot/loader.conf.local (create the file if it doesn't already exist).



  • Thank you wallabybob. So, I ended up buying a wlan stick wihout antenna based on this chipset. works out of the box, no changes /boot/loader.conf.local were needed.
    signal strength 2 of 5 (android phone) after 1 room (so in the second room behind pfsense).

    usb stick is an edimax EW-7711UMn, only 11 / 54 mbit support by pfsense, but that's enough for me. additional plus: end of life, so chipset won't change and the stick is so small that it does not block other usb ports.



  • update: modifying /boot/loader.conf.local as told suggested by wallabybob is REQUIRED or else one will have a network interface mismatch on next boot! Also see https://redmine.pfsense.org/issues/3170 and https://redmine.pfsense.org/issues/3171.



  • hello,

    i am still having problems after following wallabybob's instructions.
    maybe i didn't create the /boot/loader.conf.local file properly.??

    with putty i used the following command:    cp /boot/loader.conf  /boot/loader.conf.local
    this created the file and then in the pfsense webgui i edited the file by deleting everything and adding runfw_load="YES".

    i noticed the /boot/loader.conf has an icon with a little yellow key on it but the /boot/loader.conf.local is just a plain one.

    the adapter i have is the d-link dwa125 v. a3 with the ralink 5370 chipset

    did i do something wrong or is the d-link not supported?

    thanks



  • @hammerman:

    the adapter i have is the d-link dwa125 v. a3 with the ralink 5370 chipset

    Probably "too new" to be supported. As best I know, the 5370 chipset is different from the 3070 chipset which is supported.



  • i think you're right, so i changed it for the tp-link tl-wn7200nd. this has the right chip, but i still can't get it to work.
    it shows up in the interface and i apply the settings but it doesn't seem to be transmitting.
    i noticed that it only gives me the option of wireless b and g. no "n" even though it's a "n" adapter.
    also in the channel section, max power shows up as zero.
    any ideas?

    ![Capture 001 a.jpg](/public/imported_attachments/1/Capture 001 a.jpg)
    ![Capture 001 a.jpg_thumb](/public/imported_attachments/1/Capture 001 a.jpg_thumb)
    ![Capture 002 a.jpg](/public/imported_attachments/1/Capture 002 a.jpg)
    ![Capture 002 a.jpg_thumb](/public/imported_attachments/1/Capture 002 a.jpg_thumb)
    ![Capture 003 a.jpg](/public/imported_attachments/1/Capture 003 a.jpg)
    ![Capture 003 a.jpg_thumb](/public/imported_attachments/1/Capture 003 a.jpg_thumb)



  • You have an invalid configuration because your WiFi interface and LAN interface are in the same IP subnet: 192.168.1.0/24. I suggest you move your WiFi IP address to (say) 192.168.8.1/24. Your interfaces need to be in distinct IP subnets unless they are bridged, but I suspect bridging would introduce a further level of complication that is unwarranted at this stage.

    @hammerman:

    i think you're right, so i changed it for the tp-link tl-wn7200nd. this has the right chip, but i still can't get it to work.
    it shows up in the interface and i apply the settings but it doesn't seem to be transmitting.
    i noticed that it only gives me the option of wireless b and g. no "n" even though it's a "n" adapter.
    also in the channel section, max power shows up as zero.
    any ideas?

    What evidence leads you to suspect it is not transmitting?

    "Wireless N" is not (yet) supported in pfSense. Perhaps it will be supported in pfSense 2.2.

    From which page did you read off max power = 0?



  • well i suppose i should have just checked the sys logs first. apparently not much is working correctly !!

    general system problems . . .

    Sep 13 08:57:28 php: rc.filter_configure_sync: The gateway: AIRVPN is invalid or unknown, not using it.
    Sep 13 08:57:28 php: rc.start_packages: The command '/usr/local/etc/rc.d/squid.sh stop' returned exit code '1', the output was ''
    Sep 13 08:57:28 Squid_Alarm[63094]: Squid has exited. Reconfiguring filter.
    Sep 13 08:57:28 Squid_Alarm[63687]: Attempting restart…
    Sep 13 08:57:29 squid[65404]: Squid Parent: child process 65863 started
    Sep 13 08:57:29 php: rc.start_packages: Restarting/Starting all packages.
    Sep 13 08:57:31 php: rc.start_packages: Starting HAVP
    Sep 13 08:57:31 php: rc.start_packages: Reloading Squid for configuration sync
    Sep 13 08:57:32 php: rc.filter_configure_sync: The gateway: AIRVPN is invalid or unknown, not using it.
    Sep 13 08:57:32 php: rc.filter_configure_sync: The gateway: AIRVPN is invalid or unknown, not using it.
    Sep 13 08:57:32 Squid_Alarm[90158]: Reconfiguring filter…
    Sep 13 08:57:32 php: rc.start_packages: Reloading Squid for configuration sync
    Sep 13 08:57:33 php: rc.start_packages: Reloading Squid for configuration sync
    Sep 13 08:57:33 Squid_Alarm[3222]: Squid has resumed. Reconfiguring filter.
    Sep 13 08:57:34 check_reload_status: updating dyndns AIRVPN_VPNV4
    Sep 13 08:57:34 check_reload_status: Restarting ipsec tunnels
    Sep 13 08:57:34 check_reload_status: Restarting OpenVPN tunnels/interfaces
    Sep 13 08:57:34 php: rc.start_packages: Starting HAVP
    Sep 13 08:57:34 php: rc.start_packages: Reloading Squid for configuration sync
    Sep 13 08:57:35 php: rc.start_packages: Reloading Squid for configuration sync
    Sep 13 08:57:35 php: rc.start_packages: Not calling package sync code for dependency squid of squid because some include files are missing.
    Sep 13 08:57:35 php: rc.start_packages: Reloading Squid for configuration sync
    Sep 13 08:57:36 php: rc.start_packages: Reloading Squid for configuration sync
    Sep 13 08:57:37 php: rc.openvpn: OpenVPN: One or more OpenVPN tunnel endpoints may have changed its IP. Reloading endpoints that may use AIRVPN_VPNV4.
    Sep 13 08:57:38 php: rc.start_packages: Reloading Squid for configuration sync
    Sep 13 08:57:38 login: login on ttyv1 as root
    Sep 13 08:57:38 sshlockout[56977]: sshlockout/webConfigurator v3.0 starting up
    Sep 13 08:57:38 login: login on ttyv0 as root
    Sep 13 08:57:40 php: rc.start_packages: Reloading Squid for configuration sync
    Sep 13 08:57:41 php: rc.filter_configure_sync: The gateway: AIRVPN is invalid or unknown, not using it.
    Sep 13 08:57:44 squid[65404]: Squid Parent: child process 65863 exited with status 0
    Sep 13 08:57:45 php: rc.filter_configure_sync: The gateway: AIRVPN is invalid or unknown, not using it.
    Sep 13 08:57:45 php: rc.start_packages: The command '/usr/local/etc/rc.d/squid.sh stop' returned exit code '1', the output was ''
    Sep 13 08:57:45 php: rc.filter_configure_sync: The gateway: AIRVPN is invalid or unknown, not using it.
    Sep 13 08:57:47 php: rc.filter_configure_sync: SQUID is installed but not started. Not installing "filter" rules.
    Sep 13 08:57:48 squid[18804]: Squid Parent: child process 19342 started
    Sep 13 08:57:50 php: rc.filter_configure_sync: The gateway: AIRVPN is invalid or unknown, not using it.
    Sep 13 08:57:50 php: rc.start_packages: Starting HAVP
    Sep 13 08:57:50 check_reload_status: Syncing firewall
    Sep 13 08:57:51 php: rc.start_packages: Reloading Squid for configuration sync
    Sep 13 08:57:52 check_reload_status: Reloading filter
    Sep 13 08:57:52 php: rc.filter_configure_sync: The gateway: AIRVPN is invalid or unknown, not using it.
    Sep 13 08:57:52 php: rc.filter_configure_sync: The gateway: AIRVPN is invalid or unknown, not using it.
    Sep 13 08:57:53 php: /index.php: Successful login for user 'admin' from: xxx.xxx.xxx.xxx
    Sep 13 08:57:53 php: /index.php: Successful login for user 'admin' from: xxx.xxx.xxx.xxx
    Sep 13 08:57:58 php: rc.filter_configure_sync: The gateway: AIRVPN is invalid or unknown, not using it.
    Sep 13 08:58:02 php: rc.filter_configure_sync: The gateway: AIRVPN is invalid or unknown, not using it.
    Sep 13 08:58:02 php: rc.filter_configure_sync: The gateway: AIRVPN is invalid or unknown, not using it.

    openvpn . . .  i thought things were fine. guess not.

    Sep 13 08:57:07 openvpn[82930]: port_share_host = '[UNDEF]'
    Sep 13 08:57:07 openvpn[82930]: port_share_port = 0
    Sep 13 08:57:07 openvpn[82930]: client = ENABLED
    Sep 13 08:57:07 openvpn[82930]: pull = ENABLED
    Sep 13 08:57:07 openvpn[82930]: auth_user_pass_file = '[UNDEF]'
    Sep 13 08:57:07 openvpn[82930]: OpenVPN 2.3.2 i386-portbld-freebsd8.3 [SSL (OpenSSL)] [LZO] [eurephia] [MH] [IPv6] built on Jul 24 2013
    Sep 13 08:57:07 openvpn[82930]: MANAGEMENT: unix domain socket listening on /var/etc/openvpn/client1.sock
    Sep 13 08:57:07 openvpn[82930]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
    Sep 13 08:57:07 openvpn[82930]: NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
    Sep 13 08:57:07 openvpn[82930]: LZO compression initialized
    Sep 13 08:57:07 openvpn[82930]: Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ]
    Sep 13 08:57:07 openvpn[82930]: Socket Buffers: R=[42080->65536] S=[57344->65536]
    Sep 13 08:57:07 openvpn[82930]: Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]
    Sep 13 08:57:07 openvpn[82930]: Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'
    Sep 13 08:57:07 openvpn[82930]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'
    Sep 13 08:57:07 openvpn[82930]: Local Options hash (VER=V4): '22188c5b'
    Sep 13 08:57:07 openvpn[82930]: Expected Remote Options hash (VER=V4): 'a8f55717'
    Sep 13 08:57:07 openvpn[83765]: UDPv4 link local (bound): [AF_INET]xxx.xxx.xxx.xxx:50211
    Sep 13 08:57:07 openvpn[83765]: UDPv4 link remote: [AF_INET]108.59.8.147:443
    Sep 13 08:57:07 openvpn[83765]: TLS: Initial packet from [AF_INET]108.59.8.147:443, sid=8f3169e8 eba4410b
    Sep 13 08:57:07 openvpn[83765]: VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org
    Sep 13 08:57:07 openvpn[83765]: VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, emailAddress=info@airvpn.org
    Sep 13 08:57:08 openvpn[83765]: Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
    Sep 13 08:57:08 openvpn[83765]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Sep 13 08:57:08 openvpn[83765]: Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
    Sep 13 08:57:08 openvpn[83765]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Sep 13 08:57:08 openvpn[83765]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
    Sep 13 08:57:08 openvpn[83765]: [server] Peer Connection Initiated with [AF_INET]xxx.xxx.xxx.xxx:443
    Sep 13 08:57:11 openvpn[83765]: SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
    Sep 13 08:57:11 openvpn[83765]: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.4.0.1,comp-lzo no,route 10.4.0.1,topology net30,ping 10,ping-restart 60,ifconfig 10.4.80.134 10.4.80.133'
    Sep 13 08:57:11 openvpn[83765]: OPTIONS IMPORT: timers and/or timeouts modified
    Sep 13 08:57:11 openvpn[83765]: OPTIONS IMPORT: LZO parms modified
    Sep 13 08:57:11 openvpn[83765]: OPTIONS IMPORT: –ifconfig/up options modified
    Sep 13 08:57:11 openvpn[83765]: OPTIONS IMPORT: route options modified
    Sep 13 08:57:11 openvpn[83765]: OPTIONS IMPORT: –ip-win32 and/or --dhcp-option options modified
    Sep 13 08:57:11 openvpn[83765]: ROUTE_GATEWAY 192.0.150.129
    Sep 13 08:57:11 openvpn[83765]: TUN/TAP device ovpnc1 exists previously, keep at program end
    Sep 13 08:57:11 openvpn[83765]: TUN/TAP device /dev/tun1 opened
    Sep 13 08:57:11 openvpn[83765]: do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0
    Sep 13 08:57:11 openvpn[83765]: /sbin/ifconfig ovpnc1 10.4.80.134 10.4.80.133 mtu 1500 netmask 255.255.255.255 up
    Sep 13 08:57:11 openvpn[83765]: /usr/local/sbin/ovpn-linkup ovpnc1 1500 1558 10.4.80.134 10.4.80.133 init
    Sep 13 08:57:11 openvpn[83765]: /sbin/route add -net xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx 255.255.255.255
    Sep 13 08:57:11 openvpn[83765]: /sbin/route add -net 0.0.0.0 10.4.80.133 128.0.0.0
    Sep 13 08:57:11 openvpn[83765]: /sbin/route add -net 128.0.0.0 10.4.80.133 128.0.0.0
    Sep 13 08:57:11 openvpn[83765]: /sbin/route add -net 10.4.0.1 10.4.80.133 255.255.255.255
    Sep 13 08:57:11 openvpn[83765]: Initialization Sequence Completed
    Sep 13 08:57:55 openvpn[83765]: MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock
    Sep 13 08:57:55 openvpn[83765]: MANAGEMENT: CMD 'state 1'
    Sep 13 08:57:55 openvpn[83765]: MANAGEMENT: CMD 'status 2'
    Sep 13 08:57:55 openvpn[83765]: MANAGEMENT: Client disconnected

    wireless problems . . .

    Sep 13 08:56:56 hostapd: run0_wlan0: IEEE 802.11 Fetching hardware channel/rate support not supported.
    Sep 13 08:57:56 hostapd: run0_wlan0: WPA rekeying GTK
    Sep 13 08:58:56 hostapd: run0_wlan0: WPA rekeying GTK
    Sep 13 08:59:56 hostapd: run0_wlan0: WPA rekeying GTK
    Sep 13 09:00:56 hostapd: run0_wlan0: WPA rekeying GTK
    Sep 13 09:01:56 hostapd: run0_wlan0: WPA rekeying GTK

    i followed your instructions from a previous thread to set up the wireless. it looks like the tp-link might not be fully supported.
    as for the openvpn, it appears to be working but the logs say there are problems.
    maybe just a couple of quick hints or should i just start from the beginning?
    thanks.



  • @hammerman:

    i followed your instructions from a previous thread to set up the wireless. it looks like the tp-link might not be fully supported.
    as for the openvpn, it appears to be working but the logs say there are problems.
    maybe just a couple of quick hints or should i just start from the beginning?
    thanks.

    More than a couple of quick hints:

    • Not everything reported in the logs is a problem. What you have reported from the wireless log is normal behaviour, not a problem. On the other hand, you do seem to have problems with the AIRVPN gateway, squid apparently not starting and the openvpn client promptly disconnecting but they would be best addressed in separate topics.

    • Answer my previous questions.

    • Give evidence to support your suspicions and conclusions. I can think of a number of reasons why a WiFi adapter might appear to be silent. If I know the basis of your suspicion I might be able to eliminate some possibilities and so lead more quickly to a resolution.