Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Hi avail + wifi on 2 different subnets or the same one?

    Wireless
    2
    4
    1.2k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      hcoin
      last edited by

      Looking for general guidance when adding wifi 'hotspots' to a pf high availability setup.

      Start with two working pf boxes that have a lan, wan and pfsync adapters.  A master and and a backup, all using pfsync to share rules and state and so forth.  Vanilla two box setup.  Known working, all good.

      Now, add a wifi adapter to each box, with the intention to offer guest wifi wan access.  No need for any on the wifi to have traffic anywhere except to the wan, including among themselves.  All lan traffic blocked.

      Thinking about keeping all the rules and nat entries simple and clean, is it possible to have both access points be on the same subnet?  If they are on different subnets, is there a 'not ugly hack' way to have a 'dummy' interface on the 'other' box so as to have a place for the rules to reside to keep the syncing manageable?

      OK… now for the good bit... What if it is ok for the wifi hotspot guests to communicate among themselves?  How can DHCP be set up?  Clearly the gateway you get depends on which access point the device is connected to.  There is no path for two nodes on the same subnet connected to different access points!

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        In that situation it isn't likely to function as you expect. For CARP to work the two nodes would need to be able to reach each other on that wifi subnet, and if they are both acting as APs, they likely will not see each other at layer 2. Your best bet would be to use standard NICs or a VLAN with an external AP.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • H
          hcoin
          last edited by

          I think you appreciate the challenge, it's way better from both a wire, failover and management fuss perspective to have an access point in each box.  The burden of managing the pf config and then two AP guis plus wires and …. and ...

          Could I create a vlan on the pfsync interface, then bridge that to the AP's on each box?  Then each of the AP's could have a different address, they could both be on the same subnet and yet still see one another as well as their traffic.  Does that have a hope of working?

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            It could be done on a VLAN, yes.

            In the future it may be possible with something like WDS to use the wireless interfaces directly, but for now getting them onto a common layer 2 is the challenge.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.