Thoughts on building a WIFI WAN setup? "Travel Router" replacement

[FullyBorked]

Trying to figure out a better solution for my mother in law in an assisted living apartment complex.  They have shared WI-FI in the building but my mother in law has needs for smart TVs, printers, IoT etc. that needs to talk.  So for security and to allow her devices to talk I thought no big deal, grabbed a GL-MT3000 travel router, connected it to the apartment Wifi as WAN, setup her lan and wifi network/s, zero tier back to my opnsense firewall so she can access Jellyfin.  All is pretty good, but this GL trvel router is flakey, kinda reminds me of routers in the old days that needed a daily reboot to remain stable. I'm getting tired of fighting it...

Anyone have any thoughts on how I could plop and opnsense box down and use the Wi-Fi Wan?  I think I recall OPNsense doesn't like Wi-Fi adapters.  But thinking just rebuilding the "travel router" idea but with OPNsense instead of this goofy GL router. 

Secondly any other solutions that I might not be thinking of.   

[passeri]

I use Opnsense as my edge firewall, another as an internal router, with Mikrotik AP and switches, another Mikrotik as travel router. You could find a small two-port box for Opnsense for security with ease of connection with your system, then a low cost AP. You will have thought of this anyway. One box seems ideal but two can be a better fit.

[pfry]

[...]but this GL trvel router is flakey[...]

That's too bad. The GL.iNet devices are generally well-regarded by the OpenWRT folks, and it runs a modded OpenWRT from the factory. So suggesting "try OpenWRT" is kinda out the window.

I've never tried FreeBSD/OPNsense as a wi-fi client (much less AP), but I'd expect it to work OK with supported hardware. Getting that in a small form factor device might take some work. I grabbed a couple PCI-e devices (AR9380 "ath" and AX200 "iwf") off eBay to test... one of these days. How much money do you have (as time=money)?

Heh. For my wireless access at home I use an OpenWRT device broken down into two bridges (here I go with the bridges again...) where the wireless is on one with no IP assigned and a DHCP IP on the other for management only. The firewall is broken down to only separate the two bridges, and wireless clients are isolated. DHCP for both bridges is handled on my firewall. Similar concept to passeri's, but limited to my needs.

[FullyBorked]

[...]but this GL trvel router is flakey[...]

That's too bad. The GL.iNet devices are generally well-regarded by the OpenWRT folks, and it runs a modded OpenWRT from the factory. So suggesting "try OpenWRT" is kinda out the window.

I've never tried FreeBSD/OPNsense as a wi-fi client (much less AP), but I'd expect it to work OK with supported hardware. Getting that in a small form factor device might take some work. I grabbed a couple PCI-e devices (AR9380 "ath" and AX200 "iwf") off eBay to test... one of these days. How much money do you have (as time=money)?

Heh. For my wireless access at home I use an OpenWRT device broken down into two bridges (here I go with the bridges again...) where the wireless is on one with no IP assigned and a DHCP IP on the other for management only. The firewall is broken down to only separate the two bridges, and wireless clients are isolated. DHCP for both bridges is handled on my firewall. Similar concept to passeri's, but limited to my needs.

Yea that's what I thought too, I'm wondering if we just ended up with a bad unit.  Right out of the box I struggled just to get it to take updates, it'll show updating, reboot then be on the original firmware, usually after 4-5 retries/reboots it'll take the firmware.  I'm getting some interface errors in the logs, AI (if that can be trusted in the least) seems to think I have a hardware issue of some type or a firmware bug. 

Hate to even replace it, when it works it fits the bill perfectly. It's small, low power, quiet, and feature rich.  But I'm getting tired of getting nearly weekly calls of internet issues and constant pings from Uptime Kuma that it's down or high latency. 

[Greg_E]

I've had mostly good luck with the lower priced sft1200 Opal model, but I almost never use the wifi on it, and I'm guessing that might be part of it. On an old 750 Slate I used it in access point mode for my lab and it was solid, but again trying to use it to be a wifi client is not something I've done.

I do wish that OPNsense had better wifi support, it would be handy once in a while for things. Pfsense was no better back several years ago when I tried to set it up as an access point and router for my lab. This was with an old HP T620+ with Pro1000 card installed and whatever the onboard wifi card might have been. It's back doing OPNsense duty in my lab so maybe I'll give it a go again or trade out the wifi card for something newer (like from an HP T740, have a pile of those around).

[BrandyWine]

I do wish that OPNsense had better wifi support, it would be handy once in a while for things.

There's a decent list of wifi cards supported in freebSD 14.3.
I just not sure any would act as AP, they're all clients.

I guess you could wifi the LAN and WAN side of OPNsense, WAN side connects to the shared wifi AP, but you would still need another AP on LAN side for laptop/printer/etc AND fw to connect to. AP just needs to be layer-2, all the compute stuff can get dhcp from fw, etc. Voila, cable-less firewall.

[FullyBorked]

I do wish that OPNsense had better wifi support, it would be handy once in a while for things.

There's a decent list of wifi cards supported in freebSD 14.3.
I just not sure any would act as AP, they're all clients.

I guess you could wifi the LAN and WAN side of OPNsense, WAN side connects to the shared wifi AP, but you would still need another AP on LAN side for laptop/printer/etc AND fw to connect to. AP just needs to be layer-2, all the compute stuff can get dhcp from fw, etc. Voila, cable-less firewall.

I think that could work actually if opnsense can act as a Wi-Fi client in the wan it'd be simple enough to have a separate AP for the LAN.  Just have to figure out a compact device with a supported card.

[BrandyWine]

There's plenty of posts on this site regarding wifi. Using a mini pc based on N100 N150 that had ability for two wifi links would be ideal.