I’m working on a pfSense/OPNSense router-firewall-etc. net box; atm it’s at the investigation/planning phase. I really would like to put it in a Minisforum MS-A1 (upgradable everything, plus relatively low power, although the benefits of replacing a ~$250 Linksys router with a ~$700 mini-PC remains to be seen. I prefer MS-A1 over MS-01 because the CPU is changeable, and I’m still not entirely sold on Intel heterogenous for virtualization, which is the initial plan).
The issue I currently have is that my consumer-grade router has antennae, and the MS-A1 does not. I presume that antennae are desired in a router that will serve a household with many wireless devices. This may mean the MS-A1 is not a good candidate to replace my Linksys router after all. The only mini-PC I’ve seen with WiFi aerials on Newegg is an ASUS NUC with a Celeron processor. AliExpress has a better selection, but that’s a bit of a crapshoot IMHO.
If you have built a pfSense-type router device, how have you incorporated WiFi? Or do people who build pfSense routers just use wired everything? (They have phones, too, right?)
I believe that I need a WiFi NIC on the device that I can bridge with a wired NIC. Maybe there’s a solution to bridge WiFi (I’m sure there is) that’s not on the device, but then it won’t be controlled by the device. Maybe it’s not an issue? (I bet that’s the way to do it: a fairly autonomous device somewhere that just acts a bridge; it’s not like the WiFi net needs special processing vs. the wired net?)
(I figure I could put a PCIe WiFi card in the MS-01 if I went that route, but as mentioned, I prefer the MS-A1. If only Minisforum would make a version with aerials, or a PCIe slot too! I’m sure an avid DIY-er would just MacGyver the internal WiFi aerial leads into something more robust externally?)
so far as I am aware, any device with a Wi-Fi card can be used to create a Wi-Fi access point.
so i would think that you can just buy a pcie Wi-Fi card (assuming you have the spare pcie slot) with as many bands as possible and just advertise a Wi-Fi network.
i do not know if pf-sense supports that directly or if you need to buy an access point either from ubiquiti or the like.
Right, and the MS-A1 does have a WiFi NIC - standard M.2 device. My issue - I think - will be reach, hence the requirement for antennae that all commercial home-based routers come with. The MS-A1 doesn’t have any expansion slots, unlike the MS-01 which has a full-length PCIe slot. I was condidering doing what you said otherwise.
A Ubiquiti-type access point is a possibility but I was hoping for a completely contained solution: the proof-of-concept prototype is a desktop computer, but that requires too much power for full-time.
pfSense sucks as an AP, as there are even more driver issues or just non-existend drivers than with Linux.
And the wifi nic and the driver would have to support the AP mode.
Intel cards for example only work in client mode in Linux.
So you are mostly left with Qualcomm, Mediatek or Realtek.
Of which you would have to do some research if there is a fitting driver available that is stable.
I would wager that many ppl that use pfSense just use an AP outside of it, maybe Ubiquiti or Ruckus, no idea what else is there.
And functionality, and stability, and performance, and driver hell … not all WIFI NICs can work in host AP mode, and the ones that can, unless the landscape has changed significantly in the last five years, do a shitty job
Just get yourself a real AP and call it a day, bonus points for one that can handle multiple WIFI SSIDs over different VLANs, more bonus points for non cloud based config/orchestration, even more bonus points for roaming across APs if you need more than one …
With a wireless card that supports hostap mode
(See Cards Supporting Access Point (hostap) Mode),
pfSense® software can be configured as a wireless access point.
The main deciding factor these days is 802.11n or 802.11ac support;
Support for 802.11n hardware in pfSense software is somewhat limited and 802.11ac support does not exist.
This is a deal breaker for some, and as such using an external access point would be best
for networks requiring 802.11ac and in some cases 802.11n
if suitable hardware cannot be obtained.
The next most common factor is location of the antennas
or the wireless access point in general. Often, the firewall
running pfSense software is located in an area of the building
that is not optimal for wireless, such as a server room in a rack.
For ideal coverage, the best practice is to locate the AP in an
area that is less susceptible to wireless interference and that
would have better signal strength to the area where wireless
clients reside.
If the firewall running pfSense software is located alone on a
shelf in a common area or other similar area conducive to
good wireless signal, this may not be a concern.
That’s good info thanks; I didn’t know that about pfSense. I’m experimenting with a Debian-based desktop and AIUI can bridge wired & wireless and setup an access point via hostapd. Finding suitable NICs these days seems difficult: they’re mostly no-name Chinese brands that may or may not have Intel chips (i225, X210, etc.), or are very expensive even for 1G or 2.5GbE. My “infrastructure” is ~gigabit so I’m not going for SPF+ or anything that I consider esoteric, not yet anyway (first things first: get it running then upgrade!)
Sounding like increasingly good advice. I figured, having browsed the Ubiquiti site, that this would be a workable solution, although I was attempting to DIY everything. WiFi cards working only in client is a bit of a shock TBH.
As for the more sophisticated stuff: this is a one-household solution so shouldn’t need anything more complicated, although I need to broach VLANs at some point: I intend to have a full-time server in a DMZ.
I’m really surprised by this. I would imagine virtually all variants of commercially-available devices, with access points, are running some variant of Linux, and any driver improvements would be merged into the main tree.
Looks like I will have some diagnosing to do when I start putting cards in - still haven’t pulled the trigger on an add-in card for the extra 2.5GbE ports yet. I was anticipating bridging the onboard - Intel! - WiFi NIC and onboad Realtek 2.5GbE NIC and using that as the WAP.
I’m just gonna echo everyone else. Several years ago I did set up a pfsense box with a wifi card and configure me it as an AP.
It’s a pain and it never works well. The hardware feature considerations are tedious. BSD has limited wifi driver support so that limits your options even more.
You will probably spend a decent amount of time and money trying to make it work and still being disappointed with the results and stability of the wireless network.
Then later you want to upgrade your wifi and get to do it all over again.
I have used pfsense for years and it is rock solid. It’s powerful and stable. I can’t go back to commercial consumer routers. It is 100% worth buying separate APs though.
I hate router VMs. Any problem with the server takes out your entire home network, some problems with a VM can crash them all which again takes out your network, you open yourself up to a new class of attack like the Specter stuff that allows escaping VMs so any security bug found in PFsense or any VMs you have that allow internet access also open you to this. If the CPU isnt good enough you also can make network performance drop by hitting one of your VMs too much (like if you were running Jellyfin/Plex,etc and taking up encoding resources on the CPU)
IMO a router should always be its own piece of hardware.
I’m pretty agnostic on this right now. I haven’t tried Proxmox yet. Most people doing this sort of thing seem to use it from what I can tell. I’m not planning on putting a NAS or Plex e.g. server on the same box so I’m not anticipating the sort of issues you mention. Right now, the idea of Proxmox is mostly one of versatility. I’m totally open to ditching it and going straight to the metal. For this reason I may well end up with less capable hardware than I’m currently considering. I’m also not dealing with 10’s of Gbps bandwidth. Until I’ve experimented I don’t really know what to expect, which is why I’m attempting to tap Level1Techs’ brain trust first.