Newbie to pfSense. Need wireless setup advice.

  • So here will be my setup. I am a network newbie that need lots of research to get it right. Previous setup was a Dell GX620 box with 3.4 ghz P4 and 4 GB RAM running x86 DDWRT with 2 NIC and a Cisco E2000 running DDWRT as a WAP. Dell box started messing up requiring constant reboots. Have been limping by on the E2000 but I think it just doesn't have the guts for what we do.

    pfSense setup will be similar. Same Dell GX620 3.4 ghz P4 and 4GB RAM. 2 NIC (onboard plus PCI), BUT I am adding a TLWDN4800 wireless card to the setup. This runs the AR9380 chipset. I'm running the most recent pfSense build of 2.2 I just installed.

    I am hoping to keep this an all on one box and nix the E2000 router as an AP and just use the TPLink card.

    How hard is this going to be to setup?

    Everything connects via wifi to the box. No ethernet connections. Will keep both NIC.

    Also run a VPN from time to time for bittorrent downloads and mainly spoofing our location for WatchESPN when they black out games for the East coast we can VPN to West coast and watch games.

  • Not that hard if you have already set up a pfSense but as your previous one only had two wired cards, I would as you say keep both wired NICs, one each for WAN and LAN - you said you would only have wireless clients but I assume you plan to use LAN to configure the pfSense initially and set up the wireless.

    Add your wireless card as the OPT1 interface and configure it as HOSTAP, not Infrastructure. Set up IP settings, DHCP if required, etc. Remember to create firewall rules to allow traffic out from OPT1, and indeed any other considerations when using OPTx interfaces. pfSense has by default certain rules and configurations that only apply to LAN, for example allowing HTTP and DNS traffic to WAN.

    Off the top of my head this will be the bare minimum you need to achieve in order to continue your research on the forums and guides.

  • Yes, I will login via LAN to setup the WLAN.

    I'm holding onto my E2000 until I at least get the pfSense box setup, installing, and running solid.

    The install of pfSense was a million times easier than DD-WRT was.

  • There's a lot of old info out there pertaining to old versions of pfsense so I'm confused.

    I have everything recognized.

    OPT1 (WLAN)

    I have bridged LAN and OPT1.

    There are a lot of things saying I have to create a new interface for BRIDGE0

    However, if I look under status>interfaces I see my three interfaces listed. LAN and OPT1 show a Bridge and the state is "learning"

    I haven't hooked my box up to the cable modem yet to get WAN because I want to minimize network downtime.

    So I'm kind of stuck at a cross road. Do I go ahead and hook up to the WAN and hope for the best?

    Where's the super simple "I just want to setup pfsense like a store bought wireless router" tutorial? Plug in to modem, setup the wifi SSID and PW, and I'm good to go?

  • Banned


    I have bridged LAN and OPT1.

    Why? This is NOT needed. Nor desired in most cases. Put the inherently insecure wireless stuff on a separate interface/subnet so that it can be restricted properly as/if required.

  • @jdubau55:

    Where's the super simple "I just want to setup pfsense like a store bought wireless router" tutorial? Plug in to modem, setup the wifi SSID and PW, and I'm good to go?

    A lot of people use pfSense precisely because it is not like a store-bought router. These ISP supplied or consumer grade devices are enough for the average user, but if you are familiar with DD-WRT I imagine you have greater requirements and more confidence in your skills than most home users.

    I can't comment on out of date documentation without knowing which ones you read, but I would research this as two separate issues. One is setting up the wireless AP. Two is configuring an OPTx interface - whether or not OPT1 is a wireless interface should be irrelevant for most of it. I would remove the bridge (or start again from scratch if you are not too far in to configuring it already) and simply set up OPT1 as a separate network, and ensure your rules allow the appropriate traffic out (see my earlier post about default rules only for LAN).

Log in to reply