Small pfSense compatible box w/ wifi

Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.

imrazor

New Member
Dec 31, 2017
10
0
1
54
As an experiment, I set up a pfSense VM in ESXi 6.5 to connect an isolated virtual network to my server's NIC. It worked very well for that purpose, and I eventually started using it as an OpenVPN endpoint. Now I'd like to ditch my Linksys E4200 for a small, dedicated pfSense box that can act as firewall, OpenVPN endpoint and wifi access point. I'd like to keep it small, cheap and low powered because my home lab is already taking up too much power and space.

The Zotac zBox line looked like a good contender, but it seems the built in wifi isn't FreeBSD/pfSense compatible. Can anyone else suggest a similar combination of functionality and chassis that is fully compatible with pfSense?
 

imrazor

New Member
Dec 31, 2017
10
0
1
54
I'm new to this, so I'm not disputing you, but why do you feel that way? Wouldn't having all that functionality in one box be more efficient?

If that's not a good idea, what combination of hardware would you recommend?
 

Evan

Well-Known Member
Jan 6, 2016
3,346
598
113
Some wireless cards can run in AP (access point) mode but essentially they are crap as they are designed for connecting to one WiFi network not supporting lots of clients, also antenna design is geared to supporting one connection not many from different locations and signal strength at same time.
(If you only want to cover a single room like a audio apartment and save costs sure use the built in)

Anyway the idea you have is used a small PC and the router and all the logic is in that the access point does only WiFi, not even dhcp.

Aruba, Cisco, ubnt all make good access points. This ubnt one is popular.

Ubiquiti Networks - UniFi® AP AC LITE
 

imrazor

New Member
Dec 31, 2017
10
0
1
54
Thanks for explaining. I'm trying to cover a 3 bedroom single story wooden house, so it's not that complex an environment.

Is the model you linked PoE only? Would I need a 3rd NIC in the pfSense box, or could I hook it up to a switch? Or, how about flashing a consumer router with DD-WRT/Tomato/etc. and turning it into an AP?

Sorry for the newb questions, but wifi networking has not been my focus.
 

Evan

Well-Known Member
Jan 6, 2016
3,346
598
113
Will work fine with a switch, no need for an extra nic.
You can certianly use a flashed consumer router, may also not need flashing at all.

I use an Apple AirPort Extreme and an express as my access points since I had them and wireless they do pretty well. (They have that option from factory to be just an access point with no routing functions)
 

whitey

Moderator
Jun 30, 2014
2,766
868
113
41
UAP-AC-PRO zealot here :-D

@Evan hit it on the head...the reason 'most' consumer grade 'let me do it all' devices suck is just that...they are trying to do too much and in trying to do so do a piss poor job at all functions (routing/firewalling/vpn/wifi].

Preference arnd here for many of us is a solid/proven routing/firewall/vpn platform (usually BSD based) and use a dedicated AP for wireless functionality that does wifi DAMN well. The UAP's support vlan tagging for additional ssid's and some other great functionality...that being said if you take that route you do need a routed interface on that subnet/vlan to perform natting if you want to get that WLAN ssid out to the internet so an additional interface or vlan tagging w/in pfSense is needed.
 
  • Like
Reactions: sfbayzfs

K D

Well-Known Member
Dec 24, 2016
1,439
320
83
30041
+1 for the Unifi APs. Solid WiFi performance.

The APs are POE only but ship with a POE injector. I'm currently running 3 of these off a Unifi POE switch but earlier ran them from a Cisco SG-300 via a POE injector.
 
  • Like
Reactions: sfbayzfs

sfbayzfs

Active Member
May 6, 2015
259
143
43
SF Bay area
I switched my home setup to pfsense firewall and a separate POE access point years ago, and it is WAY better than an all in one device.

None of the items draw that much power, so consolidating isn't that important, and dedicated access points are great! I had a TP-link N AP with 3 external antennas which was fantastic until it died, after a few duds in between with smaller antennas, I got a UAP-AC-LR, which is working great! I was wary of the UAP java based controller instead of a web UI, but it works great, and you don't need to run it all the time for most setups, just for initial config, and it has cool features you don't usually see in web UIs too. The coverage area is great for a single unit (what I was going for) almost as good as I need, but there are a couple of corners which could be covered better. I also got the TP-Link AC 1750 AP with 3 external antennas, but I haven't has time to set it up yet, and the UAP-AC-LR is very impressive so far, so I may just not get around to setting up the TP-Link.

I have run PFSense on Soekris hardware and HP thin clients and Supermicro based systems - the Soekris stuff and cheaper knock-off WRAP / ALIX stuff have lots of wireless card slots, but the wireless cards geared towards access point usage cost almost as much as an actual access point, so I always use a wired firewall and then a separate AP. That also gives you the flexibility of having your AP centrally located, whereas your firewall is fine to have near an outside wall where your service comes in.
 

saivert

Member
Nov 2, 2015
138
18
18
40
Norway
Look for something with an Atheros WIFI card in it. I got a QOTOM minipc and it came with the AR9287 mini PCI card with two antennas which is easy to setup in pfsense. I mainly use it to test separate subnet for wifi as I also use my old Asus RT-AC66U as an AP on the regular LAN subnet.
 

EffrafaxOfWug

Radioactive Member
Feb 12, 2015
1,394
511
113
I've played around with hostapd and atheros cards making a DIY AP under linux, but the last time I looked at attempting the same under pfsense, it didn't support 802.11ac in AP mode and only supported a handful of (mostly atheros) 802.11n radios in AP mode.

I'd second the recommendation of buying an off-the-shelf AP and plugging that into the pfsense box. If you are going to try building your own WAP - in the knowledge that it'll likely cost at least twice what an off-the-shelf WAP would cost - I'd recommend sticking with linux (especially using distros like openwrt) since the hardware support and wireless support is much better.

Regardless of the OS, atheros cards seem to have the best support in the open source universe. I've run into problems with running otherwise well-supported intel cards - lots of them don't support AP mode it seems.