Does anyone have a guide for wifi bridging between 2 pfsense boxes??

  • Does anyone have a guide for wifi bridging between 2 pfsense boxes????? For instance - to bridge 2 remote buildings.

    I have been trying like crazy to get a p2p wifi bridge working with 2 alix boards, but cannot reliably get packets across.

    I have CM9 wlan cards on alix aps.

    ALIX1>>>>>>>>>>>>>>>>>>    <<<<<<<<<<<<<<<<<<alix2<br>LAN(, not bridged)=[CM9 AP mode(]==|==[( Infrastr mode]=(routed, no bridge)LAN(
                                                                                  (same channel, same SSID)

    I have turned off Firewall completely under Advanced Menu- no NAT

    I have tried turning on Advanced Outbound NAT, and creating manual entries, but cant get traffic through.

    I have also tried with NAT and firewall rules like: allow any/any from LAN>OPT0 and any/any from OPT0>LAN on both units.

    • but nothing moves.  Anyone???</alix2<br>

  • I dont really understand where your problem is.

    Could you reformulate what you want to achieve?
    Like make a Diagramm and make a list from where to where access should be allowed.
    Does your second building have internet?
    Or is that what you are trying to do?
    Provide a Building that didnt have internet with internet?

  • Building 1} Internet > Router 1 (not pf) LAN > Router 2 LAN
    Router 2 wlan >  to wlan on router 3

    Building 2} Router 3 LAN > LAN with PCs

    I want to bridge 2 buildings - so anything in building 1 can access anything in building 2 and anything in building 2 can access anything in building 1 such as servers, internet. Its just a wireless LAN extension. Building 2 has no other internet connection except by connecting through building 1.

    A completely transparent bridge would be nice so everything is on the same subnet, but if it needs to be a routed network with 2 different subnets, that will be fine. But I cannot get traffic through either way I try it.,1395.msg8273.html#msg8273  - that is exaclty what I need, but it doesnt work, cant pass traffic from the remote LAN to the main LAN, and cant ping from the main LAN to the remote pf wifi interface. my remote router shows authenticated to the main AP, but nothing moving.

  • Cant you set your pfSense in AP mode and use your remote AP as client?
    Then bridge the WLAN on pfSense to your LAN.

    In your remote builing you would not use a router –> switches to connect the clients to the client-AP. The client-AP should not route but bridge.

  • I've too have been trying to bridge wireless for a while now.

    Here is what I have found so far:

    To bridge wireless there are two methods I can find.
    Option 1:
    1. Setup PFSense wireless as an access point mode on the Opt1 interface. (Doesn't seem to work if the interface is the WAN or the LAN.)
    2. Then enable bridging to the WAN or the LAN either one will work.
    Cons: This will bridge from ethernet to wireless. But in my case I want another device on the other end to take the wireless and bridge it back to to ethernet.  From what I've seen FreeBSD requires the wireless bridge to be in Access Point mode which you cannot have on both sides. A Linksys wireless gaming adapter (WGA54G or WGA54AG) could bridge the wireless back to Ethernet on the other side but in my case I need an outdoor unit.

    Option 2:
    1. Establish a wireless link between Point A and Point B. Set one PFSense firewall in Access Point mode and the other in Infrastructure BSS mode so that it can be setup as a client of the PFSense Access Point.
    2. Setup OpenVPN as a point to point VPN link and put it in bridging mode with a tap interface.

    I've got mine to the point where it says bridge learning, the bridge interface also shows UP however it doesn't seem to work like a bridge yet. Probably missing some small step.

  • yes - i have tried all that, but is there no one that has a set procedure that is in service on the current version of pfsense???????? - can you provide exact details?? the obvious doesnt seem to work for me.

    I have it up as you have said -
    10 network / 24:

    building1LAN–pfsenseLAN(|bridged to:|opt1{AP}{Infrstr}Opt1|pfsenseLAN

    On building 2 I have also tried briding the LAN onto the OPT1 (infrastructure cant bridge to LAN) - I set my OPT1 to as above, then go to the LAN interface and set it to and bridge it to OPT1. This is still in a lab setup, the routers are about 10 feet apart.

    Everything shows authenticated on the wifi, and learning, but I cannot ping anything across the link. - I keep trying different things, and one problem I am finding is that pfsense doesnt update settings correctly, something wont work, then all of a sudden after a reboot it does. So now I am rebooting a lot, and it takes forever - thus really wanting someone that can provide EXACT details. The guide in the link I found above looks great, but it just dont work for me.

  • Here are the links I have been going off of.

    PFSense OpenVPN

    PFSense Forum
    One of the best threads on the PFSense forum with OpenVPN bridging.
    From this thread it sounds like users: Numbski and razor2000 have an operational OpenVPN bridging environment.,1990.75.html

    Making OpenVPN key creation easier until we get a GUI (by sullrich),4807.msg29294/topicseen.html#msg29294

    FreeBSD Handbook Wireless Networking

    FreeBSD Handbook Bridging

    Open VPN Ethernet Bridging

    Additional Links,7009.msg39692/topicseen.html#msg39692,7223.msg41076/topicseen.html#msg41076

    According to one post an Alix board 500mhz can handle 16mb bridged throughput.
    Layer 2 bridging requires Tap interface instead Tun.
    OpenVPN bridging is not currently stable when used with CARP.

    server-bridge command doesn't work with secured key openVPN point to point. An Error message states that it requires cert style point to point. I personally want the method where DHCP on the remote network provides the addresses. Server bridge method allows you to state addresses for the OpenVPN clients to used when they connect to the VPN.

  • Sorry Mcrane, my last post was mainly intended for GruensFroeschli or anyony else that knows the exact procedure to link 2 networks over wifi.

    I suppose my terminology is off, I am using the word "bridge" in a slightly different manner- I dont necessarily mean that it has to be a traditional "bridging device", it could be a routed link in which each physical network leg is on a different subnet, or they could all be on the same subnet in a true bridged design - I dont care as long as all traffic gets across So far I have failed to make both scenarios work ;( I dont care about a VPN secured link, WPA will be fine for this application.

    I just need a guide that says "you need to do this, have this subnet here, uncheck this box there, create xyz static route for xyz interface…etc". I have lots of background info, lots of theory, but so far no working implementation. This is a great link:,1395.msg8273.html#msg8273  that matches exactly what I need, but I cant make it work - has anyone tried it, or made something else work?

    Thanks for the links mcrane, I will keep them for reference, but still hoping someone else can provide some better detail on making an unhindered point 2 point wifi link to join 2 networks into 1.

  • Maybe it's just me but i had some bad experiences with pfSense as a client.
    (no problem with it as AP)
    What i would do: outsource the WLAN stuff.

    Get a standalone AP and a standalone wireless client. Then connect the wired side as an OPTx interface to the pfSense.

    Just let the pfSense handle the routing and the VPN encryption.
    Let other Hardware do the Wireless stuff.

  • funny you say that - I bought DD x86 over the weekend, testing it on the Alix now.

    However - I did finally make some progress with pfsense.

    used the routed way - 2.1/24 subnet for my main LAN, 3.1/24 subnet for the 2nd LAN:

    [2.1 (internet gw+AP OPT1 bridged to LAN)]–--[2.30(OPT1 on pfsense2)/3.1]–---[3.90(workstation]

    1. The main router was pretty much a standard install, bridged OPT1 to LAN, and made sure all traffic flowed from OPT1 to LAN, set OPT1 in AP mode. Next created a Static Route that pushed all traffic for the 3 network to 2.30 as the gateway.

    2. On remote router on LAN 2 was as follows: Check "Disable Firewalls" (System>Advanced), unchecked "Blocked Bogon" and "Block Private Networks", (Interfaces>WAN).

    ***IMPORTANT: Set OPT 1 to use DHCP, wireless Infrastructure mode, running same SSID, same channel, same security key as host AP network.

    Next go to Firewall>NAT>Outbound>Manual Outbound (Advanced Outbound NAT), create 1 rule each for the LAN leaving everything to any, and 1 rule for the OPT1 port saying the same thing. When done it will show:
    OPT1    any  *  *  *  *  *  NO
    LAN    any  *  *  *  *  *  NO

    The ***key here is the OPT1 port had to be getting an IP from DHCP, otherwise it would not correctly create the "Default Route" that told it all internet traffic had to go out 2.1 - I hope there is a way to manually create this route, I tried as a static route, but it wouldnt work. If using DHCP, it made the route showed up in the routing table automatically and all worked perfect.

    Now on to my next scheme of running dual wlan cards bridged with dual LAN for higher wifi bandwidth/availability to wireless clients ;)

  • Bridge in station mode will not work. Bridge will only work in AP mode, the other end will have to be a wireless bridge unit of some sort. You can not bridge a wireless station interface in freebsd. In order to do this you will need to have something like linux ebtables, and as far as I know it does not exist for freebsd.

Log in to reply