PfSense as small Wireless ISP - Best implementation?
-
Hi all,
I've been using pfSense at work and home for several years now and love its flexibility and features.
My father lives out in the sticks in New Zealand, and the nearest town has begun offering 30mbps VDSL connections to properties close to the exchange.
With the help of a friend who lives next to the telephone exchange, he intends to become an ISP for a cluster of 5 locations dotted at 300m~ intervals, 4km away from the exchange.
Setting aside the underlying long distance wireless links, which will be done using 5GHz dishes, what would be the best way to provide private, traffic shaped internet access to each of the 5 clients using pfSense?
Currently I'm thinking the pfSense box is set up in the house next to the exchange as a PPPoE server on the LAN interface, and each client uses a standard ethernet router to log in over the wireless to the PPPoE server and then get routed to the internet.
Does that sound like the most sensible set-up? Any input appreciated
Many thanks in advance!
-
It is not obvious to me what would be gained by introducing PPPoE. I suggest you keep the clients on separate VLANs (this might be possible through the wireless equipment, at worst through a small VLAN capable switch) or provide separate physical interfaces on your pfSense box.
Either way provides isolation between subnets. Each VLAN interface on pfSense can be traffic shaped.
Since this is to be sited in the sticks there is probably no reason not to use 2.4GHz gear which would probably be a bit cheaper than 5GHz gear.
-
My two thoughts with using VLANs are that 1) I'm not sure if cheaper wireless hardware can deal with VLANs and 2) every subscriber would need a VLAN capable switch to untag the packet (is there a cheap way to do this?)
Whereas PPPoE can traverse wifi, can it not?
-
Are you using, say, a single omni-directional antenna at the VDSL site? So a single wifi device to receive all the connections?
Since you only have 5 'customers' you have more options as you can set stuff up manually that would be impractical for 100s or 1000s or users.You could use a wifi access point that supports VAPs (virtual access points). Setup 5 VAPs, each with a different SSID and encryption code, give one to each customer. Configure the AP to tag each VAP to a different VLAN such that they arrive at the pfSense box on 5 seperate VLAN interfaces. Then you can filter or throttle as you wish.
Just a suggestion. I've never done this. ;)
Steve
-
My two thoughts with using VLANs are that 1) I'm not sure if cheaper wireless hardware can deal with VLANs and 2) every subscriber would need a VLAN capable switch to untag the packet (is there a cheap way to do this?)
Whereas PPPoE can traverse wifi, can it not?
Look at the "airMax" Ubiquiti products line… you can get info/help about the wireless part of your project at his forum
http://community.ubnt.com/