How-to configure Wi-fi in pfSense

Netgate offers the 802.11a/b/g/n wireless kit for APU but configuring pfSense to use it is not immediately apparent and I was not able to find a recent how-to or tutorial on how to do the setup. This tutorial is using pfSense 2.2 but should work with 2.1 as well.

This tutorial will help you configure a bridged LAN Wi-fi network. We won’t be dealing with creating a guest wifi network but if requested I’m willing to do that later.

It’s all about the bridge

The most tricky part of this is configuring the LAN bridge to the Wi-fi interface. I’m going to assume that you already have a LAN interface configured and your pfSense is working great. Now all you want to do is configure the wireless.

If you go to Interfaces->(assign) you probably see something like this.
Screen Shot 2015-02-20 at 21.17.13

Now in order to create the bridge without getting disconnected we need to do a bit of trickery.

Assign a new interface to something that is not in-use. For example a network port that you’re not using or even create a PPP interface temporarily just so you have something to assign it to. Once created it will probably be called OPT1 or OPT2. Go ahead and click on it, enable it, and rename it to LAN_PORT. It should then look something like this.
Screen Shot 2015-02-20 at 21.23.31

You should also have an interface assigned for you wifi card such as the wireless kit from Netgate. It might look like this.

Screen Shot 2015-02-20 at 21.26.44

And if you open the interface it should be enabled.

Screen Shot 2015-02-20 at 21.26.55

IPv4 and IPv6 configuration should be set to None for both the Wifi and LAN_PORT interface.

Now it’s time to actually configure the bridge. Under Interfaces->(assign) click on the Bridges tab. Click the + icon to add a new bridge.

Under Member interfaces select both the Wifi and LAN_PORT interfaces that you setup.
Click Save and apply these changes and you should see something like this.
Screen Shot 2015-02-20 at 21.33.18

Now go back to Interface assignments, and we want to adjust the assignments a little.

Assign the BRIDGE0 port to your LAN interface. And assign the port that was originally assigned to your LAN interface to the LAN_PORT interface. It should then look something like this.
Screen Shot 2015-02-20 at 21.34.46 Screen Shot 2015-02-20 at 21.34.54

In my case re2 was originally assigned to LAN and is now assigned to LAN_PORT.
Save these settings and apply, and you’re finished with the bridge!

More Wi-fi Settings

Now it’s time for the wireless settings. There are some gotchas that we’ll mention, but first here are screenshots of my configuration that is working great.

(To get to this configuration click on the Wifi interface from the Interfaces assignment tab.)

Screen Shot 2015-02-20 at 21.40.32 Screen Shot 2015-02-20 at 21.40.45 Screen Shot 2015-02-20 at 21.41.28

WPA Pairwise has to be set to Both, if you set it to AES the wifi will stop working. In my testing I found it was best to set WPA Mode to WPA2 and leave the Pairwise set to Both.

Otherwise you should be fine copying all the wireless settings from my screenshots, of course you’ll choose a different pre-shared key and SSID 🙂

Remember that your LAN IP address and other network settings must now be configured on the interface that you assigned to the bridge, and also DHCP should be enabled on that same interface.

 

 

 

21 Replies to “How-to configure Wi-fi in pfSense”

  1. What you have not made clear is where you set the network settings. Assume this is the bridge as you say the IPv4 and IPv6 should be empty for LAN and WAN.

    And you will need to set up DHCP for the new BRIDGE0 interface.

  2. Hello Arthur –
    Just wanted to take a moment and say thanks for the tutorial. I just purchased one of the pfSense Appliances (SG-4860) and added the Wireless Adapter to have an all in one solution. I have been tinkering with the config and have had to reset the configuration several times till I ran across your blog entry. Being that I had DHCP functioning on the LAN interface prior to starting things, I didn’t have to reconfigure a new DHCP Scope for the Bridge. The wireless connected fine, but the firewall was blocking all egress traffic. I added a pass all rule (like the existing LAN rule) and that seemed to take care of things. I also was able to set WPA Pairwise to AES and have things work fine (TKIP not secure).

    Just wanted to say thank you again and give you some feedback from my install/configuration.

    Take Care,
    Bill

  3. Why can’t you just bridge the LAN and Wifi networks? What’s the purpose of creating this 4th network interface?

    On that note, you said to create a temporary PPP network. Do we just create arbitrary values to fill in for this temp PPP network?

  4. Hey Charlie, I stated the reason in the post “in order to create the bridge without getting disconnected”. If you are connected via a console cable or via some other interface besides the LAN interface then yeah you can go ahead and skip that step.

  5. I see. I just wanted to make sure that it was for the disconnection and I didn’t do something unforeseen to my network by directly bridging both the LAN and WiFi interfaces.

    It’s working great now, but it looks as if my m-pcie card doesn’t support the ability to change the Transmit Power like yours does. Sure would be nice to boost the range.

    You mentioned a 802.11 a/b/g/n wireless kit at the beginning.
    In that kit is the WLE200NX wifi chip running the Atheros AR9280 chipset. I have the same chip from Amazon. Still no Transmit Power setting though. Any special trick to that?

    Thanks for this blog post. I was looking for something like this for the last few days. It just so happens you have similar hardware!

  6. Also, I would LOVE a tutorial about guest networks. I know very little about VLANs and isolation so I think it would be very educational, for me at least.

    ( +1 request from me on a guest network tutorial)

  7. Thanks so much for this tutorial, it will come in handy as I switch over to pfSense in a few days. Count me in as an additional request for secure & isolated guest wifi. My understanding is that additional security can be achieved through the use of free-radius and captive portals. If you could include those in the scope of your tutorial then that would be amazing.

  8. Hi Arthur –

    Thanks for documenting the setup. I have the Netgate equivalent of the 2440 (same hardware and wifi card) with pfsense installed. I have the built-in wifi access point setup ok, but wondered if simultaneous 2.4Ghz and 5Ghz access is supported? I tried to set it up, but looks like you can only support 1 radio at a time. I’m replacing my existing Linksys wireless router, which supports both.

    Jericho

  9. Nice tut! I have bought an APU14D unit with the same wireless card.
    My WiFi connection is working now thanks to your guide.

    I love a tutorial for guest network as well.
    🙂

  10. I was wondering if pfsense support ap+wds mode?
    if so I can use another router as wds client to expand my wifi network .

    Can’t find too much info about this, so appreciate if you can give me some input.

    Thanks.

  11. Thank you for the awesome manual Arthur.
    I was using Smoothwall and today have changed to pfSense. I bought a wi-fi internal card and did all the installs as per the manual. I probably miss something because I cannot get to the Internet. Checked the ping from all interfaces and it is working.
    Could you, please help with some advise?
    Regards,
    Asen

  12. Hi Arthur

    If i will have lan hosts, and use 3 ap for wifi hosts. Do i need to have 3 interfaces on the server? or only with lan bridge can i manage the wifi connections?

    Regards

  13. I can’t understand how it works just yet but damn it did this guide help so much.

    Thank you!

  14. Authur,

    It took several tries along with f-Bombs before I found your blog. It was god sent and you have no idea how this really helped me out. I bought my APU2C4 about 5 or 6 months ago (Possibly More!) and never took the opportunity to set it up on my home network because I wanted to make sure that I can get all my traffic going to the firewall. I read several sites on setting up the firewall and once I got it working then my focus was the WiFi. I compared your blog to others and this one was the best hands down! I understood why you created the extra interfaces. for each interface you assign the ports, it will make the difference when you create and assign the bridge port to the LAN and swap the ports from the LAN Port to the newly created “LAN_PORT”.. at first it didnt make sense but I sat down and followed this to the letter and low and behold.. WIFI!!

    The only difference for me, I had to set my WPA Pairwise from both to AES

    THANK YOU, THANK YOU!!!

  15. I also wanted to know if you have instructions on setting up on guest wifi and setting IPSEC VPN Tunnels.. just curious to set this up to test between my company and having it to join my company’s network. We have a Chicago office that has one employee and we would like to for him to work off the network without having him use a remote client software…

  16. Hello everone
    I kinda have a question ?
    Will other devices be able to see the WiFi created in the Pfsense G.U.I? .What does the pfsende really do? ,I wanna use it for my project .thanks will be awaiting ur reply

  17. Can you have multiple wifi cards at once? And can you use a AC card?

Leave a Reply

Your email address will not be published. Required fields are marked *