Objective of this article
In this article we explain how to configure a WIFI interface on pfSense® 2.4.x
Software used
pfSense® 2.4.X
Hardware used
The hardware used for the tests consisted of 4GB 16GB RAM and 4 Sk 10/100/1000 network: Entry Level Firewall 4 NIC APU4 based 4GB RAM + WIFI but can easily be applied to higher level hardware like this one : AUTM5 Aluminum + WIFI Firewall Appliance
Download ready-to-use Wifi configurations
To facilitate the configuration and testing of wifi configurations, we have prepared a series of configuration files ready for use. Once loaded on your device pfSense or OPNsense can save time and facilitate tests.
Configurations are available for the following hardware:
- Firewall compatible: Wifi APU – pfSense and OPNsense version;
- Firewall compatible: Compact Small UTM 3 Wifi – pfSense and OPNsense version;
- Firewall compatible: Small UTM 3 Wifi – pfSense and OPNsense version.Wifi configurations for pfSense and OPNsense firewalls.
Introduction
There are many tutorials on the Internet for wireless configuration of pfSense®, but most of them don’t seem to work and the rest is for previous versions of pfSense®.
Prerequisites:
- Have a wireless card supported by pfSense® (eg WLE200NX)
- Make sure the card is properly mounted in the mPCIe slot and that the antenna cables are securely connected
- The card is detected by pfSense®
Now, step by step instructions.
How to configure a WIFI card in bridge with the LAN in pfsense
If on pfsense you have a WIFI card and you want that, who connects to this wifi, is part of the LAN network (so it will take the DHCP of the LAN, will have a LAN address, etc.), it will be necessary to create a bridge between the LAN and WIFI as described in this guide.
First we create a fictitious interface:
Select Interface-> Assignment
Click on the PPPs tab then “Add“
Configure as below, then save
Configure the WIFI interface
Select Interface-> assignement and then tab “wireless”
Click on “add” configure as below and save. The card: “ath0 (Atheros 9280)” will change based on the sk wifi you have installed
Select Interface->assignement, then from “avaible network ports” select the wifi port (i.e. ath0_wlan0 …) then add. The result will be similar to the figure below (instead of “wifi” you will probably have “OPT1”). Click on the interface just created (“OPT1”)
Configure the WIFI interface with your SSID, preshared key, etc. An example below:
NIC Preparation
From Interface->assignment, add the newly created “PPP” temporary port, selecting it from “Avaible network ports:” and then clicking on add. As in the figure
Now click on the newly created tab (in the OPT2 example)
Configure it, activate it and choose a name
Create il bridge
From Interface->Assignement then from the TAB “Bridges”, create a new bridge as shown, then save
Final assignment of the NICs
- The following operation is delicate;
- The interface assigned to the LAN must be assigned to LAN_Port (i.e. igb1).
The LAN interface will be assigned to the bridge just created.
These two operations must be carried out in strict sequence. Only when both assignments have been made, saved and applied. The result will be similar to the figure below.
Create firewall rules
In addition to the rules on the LAN interface, remember to create a rule on WIFI and LAN_PORT to allow traffic. See example on the LAN_PORT interface (create identical rule on WIFI)
The result will be the following
OCT
2019