OPNsense Forum
English Forums => General Discussion => Topic started by: opnnewbie on December 10, 2021, 12:07:58 am
-
First and foremost I suppose this question should go here since I did not find a more relevant section, otherwise, please point me to.
I am attempting to deploy my first opnSense device as a router to the intranet plus firewall and all the usual stuff to definitely ditch some Cisco boxes (router and ASAs) once and for all -the only ones I'll be keeping for the time being are the switches.
LAN is already set on a wired port, so far so good.
WAN should went out through a wireless port, and I am not finding the wireless settings to set it up. I know there is another menu option named WLAN but this seems to be to set an internal access point for my private devices, and I want it the other way around. I do have an operational setup like this with an outdated Cisco 1941 router and a wireless HWIC card configured as universal access point (I guess that was the description) and it worked fine for many years. Precisely, I set up the HWIC as WAN, enter the BSSID to which I want to connect to with all the details, configure manual IPv4, and then this HWIC connects to another router over the water where wired connections are not possible to begin with.
Please, can anybody advice me ?
-
This is somewhat a reply to myself to add some info:
I found the following: https://forum.opnsense.org/index.php?topic=5558.0
stating the following by user chemlud:
"I added the device (ralink, run), assigned it to WAN and configured it (SSID, password). I use it for wifi while traveling... "
what it is not clear to me is how to add and assign the device in question.
-
This doc might help https://docs.opnsense.org/manual/how-tos/interface_wireless_internal.html (https://docs.opnsense.org/manual/how-tos/interface_wireless_internal.html)
-
This doc might help https://docs.opnsense.org/manual/how-tos/interface_wireless_internal.html (https://docs.opnsense.org/manual/how-tos/interface_wireless_internal.html)
First and foremost thanks for your reply :)
I am not the kind of guy that starts asking questions without reading the docs; I may have skipped something at times or misunderstood something else on the other hand, but I always read the docs providing they are being available.
I have read the doc you point me to before your reply and it is all about setting INTERNAL wireless WLANs not wireless WANs.
-
This doc might help https://docs.opnsense.org/manual/how-tos/interface_wireless_internal.html (https://docs.opnsense.org/manual/how-tos/interface_wireless_internal.html)
Sorry, I forgot to state that this is exactly my inquiry: https://forum.opnsense.org/index.php?topic=5558.0
But this post is from 2017.
It may be totally outdated.
-
First of all: Wifi and BSD is a pain. That said: Is your stick shown under "Interfaces -> Assignments" in "New Interfaces" drop-down?
Under "Interfaces -> Wireless -> Devices" if you press the + button?
If not your trouble starts here...
Many people use wifi APs to avoid configuring wifi hardware in BSD...
-
First of all: Wifi and BSD is a pain. That said: Is your stick shown under "Interfaces -> Assignments" in "New Interfaces" drop-down?
Under "Interfaces -> Wireless -> Devices" if you press the + button?
If not your trouble starts here...
Many people use wifi APs to avoid configuring wifi hardware in BSD...
Hi chemlud. You are the one advising in the post I linked to.
Yes, I am aware that BSD and a lot-of-things doesn't match well, wireless being one of those.
I am lucky with this one: the device is recognized as wtn0 under interfaces/wireless/devices/add if I attempt to add it as internal wireless in opnSense. That test I did some days ago looking my way around opnSense. Besides, this adapter works flawlessly in the BSDs, it has a RealTek RTL8188RU chip that I choose because I did some research, it works flawlessly in DragonFlyBSD for the matter.
That being said my adapter is a go and is already shown as the WAN (not WLAN) interface because I configured it so.
Now ... how can I set the wireless parameters ?
Do I have to manually make a wpa_supplicant config since the GUI doesn't seem to have the related section ?
-
Haven't done it for some time now and the device I configured in the old post is no longer in use (was i386 iirc). You define the wireless device at first, then you assign it to WAN and then the mask for WAN shows you fields to enter SSID, passphrase etc...
Easy as that...
PS: tried it on the new hardware for traveling, if you scroll down on the WAN Interface tab after assigning the stick there you can enter the credentials. Works here :-D
-
Haven't done it for some time now and the device I configured in the old post is no longer in use (was i386 iirc). You define the wireless device at first, then you assign it to WAN and then the mask for WAN shows you fields to enter SSID, passphrase etc...
Easy as that...
PS: tried it on the new hardware for traveling, if you scroll down on the WAN Interface tab after assigning the stick there you can enter the credentials. Works here :-D
OK. That did the trick, I mean, adding the device in the WLAN section (as if it was intended for an internal AP) and then assigning the added device to the WAN interface back in the interface assignments section ... so far so good. While at it, my two cents on the subject, is that to me the docs are not clear enough on this scenario, when you see a WLAN entry in the menu and you intend to setup a wireless WAN you tend to ignore this entry outright from the start. My humble opinion.
Back to the setup: I already configured all the wireless settings for the WAN interface, and, I suppose I may be setting something wrong, there are a lot of settings and I'll have to reconcile all the opnSense jargon with the Cisco jargon to pinpoint any differences. I set up Infrastructure (BSSID) to begin with, but, for example, you have to manually set everything, including the WiFi standard like b/g/n/ac.
Anyway, how do you monitor the wireless connection ?
I mean, signal strength, connection status, and the like.
I tried to add a widget on the dashboard but didn't find nothing related. I even looked for something in all the menus and nothing at first glance. You stated that you use this setup while traveling, so, how do you manage your connections ?
-
Haven't done it for some time now and the device I configured in the old post is no longer in use (was i386 iirc). You define the wireless device at first, then you assign it to WAN and then the mask for WAN shows you fields to enter SSID, passphrase etc...
Easy as that...
PS: tried it on the new hardware for traveling, if you scroll down on the WAN Interface tab after assigning the stick there you can enter the credentials. Works here :-D
Although I have a perfectly working wireless adapter attached to OPNSENSE I am having a hard-time trying to emulate the wireless config I have working on linux:
Switching the USB cable among linux and OPNSENSE boxes (same USB adapter, same antena, same place) gives me a perfect/flawless connection on linux and no carrier on OPNSENSE:
OPNSENSE: "scanning"
OPNSENSE: "no carrier"
What am I doing wrong ?
1.1) linux: wpa_supplicant configuration file (working as expected):
country=AR
network={
ssid="whatever"
scan_ssid=1
key_mgmt=WPA-PSK
psk="##########"
}
1.2) linux: wpa_cli status;
Selected interface 'wlan0'
bssid=##:##:##:##:##:##
freq=2437
ssid=whatever
id=0
mode=station
wifi_generation=4
pairwise_cipher=CCMP
group_cipher=TKIP
key_mgmt=WPA2-PSK
wpa_state=COMPLETED
ip_address=192.168.0.100
p2p_device_address=##:##:##:##:##:##
address=##:##:##:##:##:##
uuid=########-####-####-####-############
1.3) linux: iwconfig wlan0;
wlan0 IEEE 802.11 ESSID:"whatever"
Mode:Managed Frequency:2.437 GHz Access Point: C8:3D:D4:5D:B4:10
Bit Rate=72.2 Mb/s Tx-Power=20 dBm
Retry short limit:7 RTS thr=2347 B Fragment thr:off
Encryption key:off
Power Management:off
Link Quality=50/70 Signal level=-60 dBm
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:0 Invalid misc:7 Missed beacon:0
2.1) OPNSENSE CONFIGURATION: XML:
</interfaces>
...
<wan>
<if>rtwn0_wlan1</if>
<wireless>
<mode>bss</mode>
<wpa>
<macaddr_acl/>
<auth_algs>1</auth_algs>
<wpa_mode>2</wpa_mode>
<wpa_key_mgmt>WPA-PSK</wpa_key_mgmt>
<wpa_pairwise>CCMP</wpa_pairwise>
<wpa_group_rekey>60</wpa_group_rekey>
<wpa_gmk_rekey>3600</wpa_gmk_rekey>
<passphrase>##########</passphrase>
<ext_wpa_sw/>
<ieee8021x/>
<enable>1</enable>
</wpa>
<wme>
<enable>1</enable>
</wme>
<wep>
<key/>
</wep>
<hidessid/>
<pureg/>
<puren/>
<ieee8021x/>
<standard>11ng</standard>
<protmode>off</protmode>
<ssid>whatever</ssid>
<channel>6</channel>
<authmode/>
<txpower/>
<regdomain/>
<regcountry>AR</regcountry>
<reglocation/>
<auth_server_addr/>
<auth_server_port/>
<auth_server_shared_secret/>
<auth_server_addr2/>
<auth_server_port2/>
<auth_server_shared_secret2/>
<apbridge/>
<turbo/>
</wireless>
<descr>WAN</descr>
<enable>1</enable>
<lock>1</lock>
<spoofmac/>
<blockbogons>1</blockbogons>
<gateway_interface>1</gateway_interface>
<ipaddr>192.168.0.100</ipaddr>
<subnet>24</subnet>
<gateway>WAN_GWv4</gateway>
</wan>
</interfaces>
2.2) OPNSENSE CONFIGURATION: GUI:
INTERFACES, ASSIGNMENT:
LAN: re0
WAN: rtwn0_wlan1 (Alfa AWUS036NHRv2)
INTERFACES, WIRELESS DEVICES:
rtwn0_wlan1 infrastructure (BSS) Alfa AWUS036NHRv2
INTERFACES, WAN:
BASIC CONFIGURATION:
checked enable interface
checked prevent interface removal
device: rtwn0_wlan1
GENERIC CONFIGURATION:
unchecked block private networks
checked block bogon networks
IPV4 configuration type: static IPv4
IPv6 configuration type: none
MAC address: blank
MTU: blank
MSS: blank
speed and duplex: default (no preference, typically autoselect)
checked dynamic gateway policy: this interface does not require an intermediate system to act as a gateway
HARDWARE SETTINGS:
unchecked override global settings
STATIC IPv4 CONFIGURATION:
IPv4 address: 192.168.0.100
IPv4 upstream gateway: WAN_GWv4
IPv4 upstream gateway (add new gateway): default gateway checked
IPv4 upstream gateway (add new gateway): far gateway unchecked
IPv4 upstream gateway (add new gateway): multi-WAN gateway unchecked
IPv4 upstream gateway (add new gateway): gateway name: WAN_GWv4
IPv4 upstream gateway (add new gateway): 192.168.0.1
IPv4 upstream gateway (add new gateway): description: …
COMMON WIRELESS CONFIGURATION SETTINGS (APPLY TO ALL WIRELESS NETWORKS ON rtwn0):
checked persist common settings
standard: 802.11ng
802.11ng OFDM protection mode: protection mode off
transmit power: default
channel: auto (6)
regulatory settings: regulatory domain: default
regulatory settings: country: AR
regulatory settings: location: default
NETWORK-SPECIFIC WIRELESS CONFIGURATION:
mode: infrastructure (BSS)
SSID: whatever
minimum standard: any
unchecked allow intra-BSS communication
checked enable WME … since the other wireless device supports it (QoS)
unchecked enable hide SSID
unchecked enable WEP
checked enable WPA
WPA pre-shared key: ##########
WPA mode: both … WPA2 … vs WPA
WPA key management mode: PSK … vs EAP
authentication: OSA (Open System Authentication) … vs SKA (Shared Key Authentication) for WEP only
WPA pairwise: AES[-CCMP] (this one) … vs TKIP
key rotation: 60
master key regeneration: 3600
unchecked strict key regeneration
unckecked IEEE802.1X authentication
802.1X*: default values
DASHBOARD reports:
interface LAN green
interface WAN red
INTERFACES, WIRELESS, WAN STATUS reports:
whatever BSSID:##:##:##:##:##:##:## CHANNEL:6 RATE:54M RSSI:-79.95 INT:100 CAPS:EPS BSSLOAD HTCAP WME ATH WPA RSN
SYSTEM, GATEWAYS, SINGLE reports:
gateway WAN_GWv4 192.168.0.1 255 (upstream) 192.168.0.1 offline
gateway WAN_GW (active) (active) 254 online
OPNSENSE SHELL:
ping 192.168.0.100; … OK
ping 192.168.0.1; … network is down
route show default;
route to: default
destination: default
mask: default
gateway: 192.168.0.1
fib: 0
interface: rtwn0_wlan1
flags: <UP,GATEWAY,DONE,STATIC>
recvpipe sendpipe ssthresh rtt,msec mtu weight expire
0 0 0 0 1500 1 0
ifconfig rtwn0_wlan1;
rtwn0_wlan1: flags=8c43<UP,BROADCAST,RUNNING,OACTIVE,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether ##:##:##:##:##:##
inet6 ####::###:####:####:####%rtwn0_wlan1 prefixlen 64 scopeid 0x6
inet 192.168.0.100 netmask 0xffffff00 broadcast 192.168.0.255
groups: wlan
ssid "whatever" channel 6 (2437 MHz 11g ht/20)
regdomain NONE country AR authmode WPA1+WPA2/802.11i privacy MIXED
deftxkey UNDEF txpower 30 bmiss 7 scanvalid 60 protmode OFF ht20
ampdulimit 8k ampdudensity 16 shortgi -stbc -ldpc wme roaming MANUAL
media: IEEE 802.11 Wireless Ethernet autoselect mode 11ng
status: no carrier
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
wpa_cli status;
Selected interface 'rtwn0_wlan1'
wpa_state=SCANNING
ip_address=192.168.0.100
address=##:##:##:##:##:##
uuid=########-####-####-####-############
-
wifi drivers in BSD are a pain. try another stick with another chip set.
-
wifi drivers in BSD are a pain. try another stick with another chip set.
... but I can flawlessly connect with it on dragonFlyBSD too !
-
wifi drivers in BSD are a pain. try another stick with another chip set.
...furthermore: I am starting to suspect the GUI handling of wpa_supplicant because no matter the changes I make on it (saving them and reloading them) ifconfig rtwn0_wlan1 always reports:
regdomain NONE country AR authmode WPA1+WPA2/802.11i privacy MIXED