Small pfSense compatible box w/ wifi

Discussion in 'FreeBSD and FreeNAS' started by imrazor, Dec 31, 2017.

  1. imrazor

    imrazor New Member

    Joined:
    Dec 31, 2017
    Messages:
    5
    Likes Received:
    0
    As an experiment, I set up a pfSense VM in ESXi 6.5 to connect an isolated virtual network to my server's NIC. It worked very well for that purpose, and I eventually started using it as an OpenVPN endpoint. Now I'd like to ditch my Linksys E4200 for a small, dedicated pfSense box that can act as firewall, OpenVPN endpoint and wifi access point. I'd like to keep it small, cheap and low powered because my home lab is already taking up too much power and space.

    The Zotac zBox line looked like a good contender, but it seems the built in wifi isn't FreeBSD/pfSense compatible. Can anyone else suggest a similar combination of functionality and chassis that is fully compatible with pfSense?
     
    #1
  2. Evan

    Evan Well-Known Member

    Joined:
    Jan 6, 2016
    Messages:
    2,803
    Likes Received:
    407
    I would not use any of those systems to share WiFi , much much better off with just an access point.
     
    #2
    Nugget, sfbayzfs and Patrick like this.
  3. imrazor

    imrazor New Member

    Joined:
    Dec 31, 2017
    Messages:
    5
    Likes Received:
    0
    I'm new to this, so I'm not disputing you, but why do you feel that way? Wouldn't having all that functionality in one box be more efficient?

    If that's not a good idea, what combination of hardware would you recommend?
     
    #3
  4. Evan

    Evan Well-Known Member

    Joined:
    Jan 6, 2016
    Messages:
    2,803
    Likes Received:
    407
    Some wireless cards can run in AP (access point) mode but essentially they are crap as they are designed for connecting to one WiFi network not supporting lots of clients, also antenna design is geared to supporting one connection not many from different locations and signal strength at same time.
    (If you only want to cover a single room like a audio apartment and save costs sure use the built in)

    Anyway the idea you have is used a small PC and the router and all the logic is in that the access point does only WiFi, not even dhcp.

    Aruba, Cisco, ubnt all make good access points. This ubnt one is popular.

    Ubiquiti Networks - UniFiĀ® AP AC LITE
     
    #4
  5. imrazor

    imrazor New Member

    Joined:
    Dec 31, 2017
    Messages:
    5
    Likes Received:
    0
    Thanks for explaining. I'm trying to cover a 3 bedroom single story wooden house, so it's not that complex an environment.

    Is the model you linked PoE only? Would I need a 3rd NIC in the pfSense box, or could I hook it up to a switch? Or, how about flashing a consumer router with DD-WRT/Tomato/etc. and turning it into an AP?

    Sorry for the newb questions, but wifi networking has not been my focus.
     
    #5
  6. Evan

    Evan Well-Known Member

    Joined:
    Jan 6, 2016
    Messages:
    2,803
    Likes Received:
    407
    Will work fine with a switch, no need for an extra nic.
    You can certianly use a flashed consumer router, may also not need flashing at all.

    I use an Apple AirPort Extreme and an express as my access points since I had them and wireless they do pretty well. (They have that option from factory to be just an access point with no routing functions)
     
    #6
  7. whitey

    whitey Moderator

    Joined:
    Jun 30, 2014
    Messages:
    2,757
    Likes Received:
    853
    UAP-AC-PRO zealot here :-D

    @Evan hit it on the head...the reason 'most' consumer grade 'let me do it all' devices suck is just that...they are trying to do too much and in trying to do so do a piss poor job at all functions (routing/firewalling/vpn/wifi].

    Preference arnd here for many of us is a solid/proven routing/firewall/vpn platform (usually BSD based) and use a dedicated AP for wireless functionality that does wifi DAMN well. The UAP's support vlan tagging for additional ssid's and some other great functionality...that being said if you take that route you do need a routed interface on that subnet/vlan to perform natting if you want to get that WLAN ssid out to the internet so an additional interface or vlan tagging w/in pfSense is needed.
     
    #7
    sfbayzfs likes this.
  8. K D

    K D Well-Known Member

    Joined:
    Dec 24, 2016
    Messages:
    1,404
    Likes Received:
    297
    +1 for the Unifi APs. Solid WiFi performance.

    The APs are POE only but ship with a POE injector. I'm currently running 3 of these off a Unifi POE switch but earlier ran them from a Cisco SG-300 via a POE injector.
     
    #8
    sfbayzfs likes this.
  9. sfbayzfs

    sfbayzfs Active Member

    Joined:
    May 6, 2015
    Messages:
    244
    Likes Received:
    102
    I switched my home setup to pfsense firewall and a separate POE access point years ago, and it is WAY better than an all in one device.

    None of the items draw that much power, so consolidating isn't that important, and dedicated access points are great! I had a TP-link N AP with 3 external antennas which was fantastic until it died, after a few duds in between with smaller antennas, I got a UAP-AC-LR, which is working great! I was wary of the UAP java based controller instead of a web UI, but it works great, and you don't need to run it all the time for most setups, just for initial config, and it has cool features you don't usually see in web UIs too. The coverage area is great for a single unit (what I was going for) almost as good as I need, but there are a couple of corners which could be covered better. I also got the TP-Link AC 1750 AP with 3 external antennas, but I haven't has time to set it up yet, and the UAP-AC-LR is very impressive so far, so I may just not get around to setting up the TP-Link.

    I have run PFSense on Soekris hardware and HP thin clients and Supermicro based systems - the Soekris stuff and cheaper knock-off WRAP / ALIX stuff have lots of wireless card slots, but the wireless cards geared towards access point usage cost almost as much as an actual access point, so I always use a wired firewall and then a separate AP. That also gives you the flexibility of having your AP centrally located, whereas your firewall is fine to have near an outside wall where your service comes in.
     
    #9
  10. saivert

    saivert Member

    Joined:
    Nov 2, 2015
    Messages:
    118
    Likes Received:
    12
    Look for something with an Atheros WIFI card in it. I got a QOTOM minipc and it came with the AR9287 mini PCI card with two antennas which is easy to setup in pfsense. I mainly use it to test separate subnet for wifi as I also use my old Asus RT-AC66U as an AP on the regular LAN subnet.
     
    #10
  11. EffrafaxOfWug

    EffrafaxOfWug Radioactive Member

    Joined:
    Feb 12, 2015
    Messages:
    1,062
    Likes Received:
    353
    I've played around with hostapd and atheros cards making a DIY AP under linux, but the last time I looked at attempting the same under pfsense, it didn't support 802.11ac in AP mode and only supported a handful of (mostly atheros) 802.11n radios in AP mode.

    I'd second the recommendation of buying an off-the-shelf AP and plugging that into the pfsense box. If you are going to try building your own WAP - in the knowledge that it'll likely cost at least twice what an off-the-shelf WAP would cost - I'd recommend sticking with linux (especially using distros like openwrt) since the hardware support and wireless support is much better.

    Regardless of the OS, atheros cards seem to have the best support in the open source universe. I've run into problems with running otherwise well-supported intel cards - lots of them don't support AP mode it seems.
     
    #11
Similar Threads: Small pfSense
Forum Title Date
FreeBSD and FreeNAS pfSense2.4.3(FreeBSD11.1) support the intel 82599EB 10-Gigabit ? Sep 21, 2018
FreeBSD and FreeNAS FreeBSD/pfSense guest 10GbE SR-IOV VF successes? Aug 30, 2018
FreeBSD and FreeNAS pfSense RAM and CPU Jun 25, 2018
FreeBSD and FreeNAS Pfsense VM Sep 28, 2017
FreeBSD and FreeNAS How does PfSense number the network interfaces? May 26, 2017

Share This Page