Installing WiFi Card in working machine.

hammerman

hi,

my setup is working fine with wan, lan, and vpn ports.
i have a wifi card installed as well but it isn't set up.

is it possible to bridge the lan and wifi to make a new interface called bridged and still have everything work?

does the dhcp and firewall rules automatically transfer to the new bridged interface from the old lan one?

or do i have to start from scratch and go through the process of setting up the whole system again?

is there an easy way to do this?

thanks

Guest

Very Easy, No Bridge required. No need to disturb your working setup.
From Interfaces, assign your ATH0 to an empty OPT interface. Make it static IP off your main IP range. IE. 192.168.10.1 or similar.
Enable the OPTx interface you added and setup wifi for the OPTx interface.(AP mode/SSID/Channel/Security)
Enable DHCP server on the new OPTx Wifi port with appropriate address range.
Make firewall rule for OPTx to allow traffic(use your LAN firewall settings as a guide)

OPTx= OPT interface you use.

edited- cause i can't spell

hammerman

ok, thanks for the advice.

i wanted to attach a poe camera to the lan port and access it wirelessly without another switch.
i think your method with have the wireless on a different subnet.

dotdash

While it would be on a different subnet, you don't need another switch- pfSense will route traffic between LAN and the wireless unless you block it with rules. It's less complicated than bridging the ports.

hammerman

i tried to set it up the way you mentioned.

everything seemed to be working by looking at the dashboard.

except in the wireless logs it says:

hostapd: ath0_wlan0: WPA rekeying GTK
i tried changing the key rotation and regeneration to 3600 and 7200.

also the ssid isn't being broadcast.

dotdash

@hammerman:

except in the wireless logs it says:

hostapd: ath0_wlan0: WPA rekeying GTK

That's just a message, it doesn't mean anything is wrong.

@hammerman:

also the ssid isn't being broadcast.

SSID shouldn't be hidden unless you check 'enable hide SSID'

hammerman

thanks,
it was a loose antenna wire.

hammerman

after finally being able to get back to the machine, i find that i can join the wireless network and receive an ip address.

i have no internet access though.
i created a firewall rule for the wifi interface as:

Action = Pass, Interface = WiFi,  TCP/IP version = IPv4, Protocol = any, Source = any, Destination = any

i am also getting  IEEE 802.11: disassociated and IEEE 802.1X: unauthorizing port  alerts in the wireless logs.

any ideas?

Guest

should be: wifi net

check your lan rules for example

hammerman

thanks for the tip.

i checked my lan rules.

1. has source: lan_net, dest. any and gateway wan dhcp.

2. has source: lan_net, dest. any any.

when i assigned the wifi interface, should i did it from interfaces -> assign?
i noticed that when i did this, there was no wifi-lan and wifi-wan interfaces like there is with lan and wan.
also on interfaces, there is a wireless tab. should i have added it there instead?

i don't which method allows me to set up a corresponding wifi gateway for the firewall rules.

dotdash

@hammerman:

1. has source: lan_net, dest. any and gateway wan dhcp.

Unless you have multiple WAN connections, there is no need to set the gateway, and it will prevent LAN from talking to Wireless.

@hammerman:

when i assigned the wifi interface, should i did it from interfaces -> assign?
i noticed that when i did this, there was no wifi-lan and wifi-wan interfaces like there is with lan and wan.
also on interfaces, there is a wireless tab. should i have added it there instead?

The wireless tab is used for creating cloned wireless interfaces, like if you wanted to have two SSIDs with different rules, e.g. a guest wireless that was blocked from LAN, and a regular wireless that could access LAN.

@hammerman:

i don't which method allows me to set up a corresponding wifi gateway for the firewall rules.

You don't need a wifi gateway. You don't need to set a gateway on your rules.

hammerman

thanks for the advice,

i copied the default allow lan to any rule for ipv4 and replaced "lan" with "wifi" and source "lan net" with "wifi net." destination is "any" and no gateway.

for the next rule, i did the same thing but this time i used the protocol tcp/udp,  same source of "wifi net" and again destination as "any" and no gateway.

i still have no internet access though.

am i missing another rule?

doktornotor

1/ Post screenshots.
2/ What's exactly "still have no internet access"?

hammerman

no internet access means after connecting to pfsense wifi and obtaining an ip address i am unable to browse web pages.
i am able to ping the router though.

doktornotor

Uh… Have you considered disabling the VPN mess out have there?!

hammerman

i can't change the vpn. i need 2 different openvpn connections.

would openvpn have an effect on the wifi part?

doktornotor

Dude we have no idea what are you doing there and where's the traffic going. And you apparently have not 2 but 4 VPN interfaces, two for LAN (?!?!) as well?

Good luck.

hammerman

vpn is set exactly as it should be.
works 100% directly followed from airvpn.

i'm concerned about the wifi.
are the rules correct, or if not, what should i do to allow my to browse the web?

thanks