≡ Menu

How to configure Wi-fi+Lan bridged access point in pfSense firewall router

I have installed wireless mini-PCIe card for my pfSense firewall. How do I configure a bridged LAN wifi access point (AP) network and setup pfSense?

In this tutorial, I will explain how to setup a bridged LAN Wi-fi network access point using pfSense. I am going to assume that you need to configure access point in a bridged mode. Our current setup look as follows on console:
Fig.01: The default WAN (igb0) and LAN (igb1) interfaces

Fig.01: The default WAN (igb0) and LAN (igb1) interfaces


The bridge will include LAN (igb2) and Wifi (ath0) interfaces:

bridge0 = LAN + WIFI

You need to configure additional interface (OPT1) and swap them as follows:

  1. WAN = Public IP/upstream router IP
  2. LAN = bridge0
  3. OPT1 = LAN (igb2)
  4. OPT2 = ath0 (wifi) (I’m using this Atheros AR9280 Chipset based mini pcie from Amazon)

You do not want to lose connectivity to your web interface. Hence you need to take help of OPT1. Do not assign an IP address to bridge0 or ath0 (wifi) interfaces. Make sure DHCP server enabled for LAN interface. Let’s get our hands dirty and make pfSense based all in one access point.

Step #1: Add OPT1 and OPT2 interface

Click on the Interfaces > Assign

Fig.02: The default WAN, LAN, and unconfigured ath0 wifi interfaces

Fig.02: The default WAN, LAN, and unconfigured ath0 wifi interfaces


Select igb3 network port from drop down menu (or which ever is free in your router) and click on the Add button to create OPT1:
Fig.03:  Adding OPT1 interface

Fig.03: Adding OPT1 interface


Next repeat the same step to add OPT2 interface with ath0 as a network port. At the end you should have four interfaces as follows:
Fig.04: Four interfaces

Fig.04: Four interfaces

Step #2: Enable OPT1 interface

Click on the Interfaces > Assign > OPT1 and set it as follows:

Fig.05: Enable OPT1 with no IPv4 or IPv6 settings

Fig.05: Enable OPT1 with no IPv4 or IPv6 settings


Make sure you SAVE the changes.

Step #3: Enable OPT2 (ath0 wifi AP) interface

Click on the Interfaces > Assign > OPT2 and set it as follows (i.e activate access point):

Fig.06: Enable OPT1 with no IPv4 or IPv6 settings. Make sure you set  standard and channel too.

Fig.06: Enable OPT1 with no IPv4 or IPv6 settings. Make sure you set standard and channel too.


Scroll down a little bit and set mode to ACCESS POINT, SSID, select WME, enable WPA, set WPA pre-shared key (wifi password), WPA mode to WPA2, WPA pairwise to AES as follows:
Fig.07:  Set Wi-fi (OPT2/ath0) settings

Fig.07: Set Wi-fi (OPT2/ath0) settings


Make sure you SAVE the changes. Please note that setup a different and strong pre-shared key and SSID for your network.

Step #4: Create a bridge (OPT1+OPT2)

Click on the Interfaces > Assign > select Bridges tab > click on Add button:

Fig.08: Add a new bridge (OPT1+OPT2)

Fig.08: Add a new bridge (OPT1+OPT2)


Make sure you select both the OPT1 and OPT2 interfaces under Member Interfaces. Click on the save button.

Step #5: Assign correct interface

You need to swap and set correct network port for LAN and OPT1 interfaces as follows:

InterfaceOld Network portNew Network port
LANigb2BRIDGE0
OPT1igb3igb2

Fig.09:  Note down old network port values for LAN and OPT1 before swap

Fig.09: Note down old network port values for LAN and OPT1 before swap


Next, assign the BRIDGE0 port to your LAN interface. And assign the port that was originally assigned to your LAN interface:
Fig.10:  Set LAN  interface network port to BRIDGE0 and old value of LAN interface to OPT1

Fig.10: Set LAN interface network port to BRIDGE0 and old value of LAN interface to OPT1


Click on the save button. The pfSense take a little time to reload all changes, and there is no loss in network connectivity. You just finished configuring with the bridge that includes your LAN and wifi interfaces. Finally click on the pfSense logo to see your network status from dashboard:
Fig.11:  pfSense wifi access point configured and working

Fig.11: pfSense wifi access point configured and working


Finally, tweak the wireless settings as per your needs. Also, don’t forget to setup the firewall rules for traffic to pass.

Share this tutorial on:

Your support makes a big difference:
I have a small favor to ask. More people are reading the nixCraft. Many of you block advertising which is your right, and advertising revenues are not sufficient to cover my operating costs. So you can see why I need to ask for your help. The nixCraft, takes a lot of my time and hard work to produce. If you use nixCraft, who likes it, helps me with donations:
Become a Supporter →    Make a contribution via Paypal/Bitcoin →   

Don't Miss Any Linux and Unix Tips

Get nixCraft in your inbox. It's free:



{ 3 comments… add one }
  • LX500 August 20, 2016, 4:41 pm

    Do you think it will work with USB wifi in AP mode?

    • Vivek Gite August 20, 2016, 4:43 pm

      You need to check for driver in freebsd man pages. If it is listed, it will work otherwise it won’t work. May I know your USB wifi ?

    • Dirk September 8, 2016, 11:03 am

      Yes,
      this is working fine for me.
      I use 2 different USB wifi sticks. Both with Ralink Chipset (RT2800, RT3070).
      But the wifi sticks only works with 54 MBit!

Leave a Comment

You can use these HTML tags and attributes: <strong> <em> <pre> <code> <a href="" title="">


   Tagged with: ,