Jump to content

Adding a wireless interface to VM as a wireless interface.

Shammikit
By Shammikit
in Networking
 Share
Posted

I will at least add my two cents on this.  I may ramble a bit, so forgive me for that or any mistakes. 

 

Based on the VirtualBox documentation and a forum conversation, guest OSes see wireless adapters as a wired connection and cannot be seen as a wireless adapter due to how VBox creates the bridge (we have already discovered that, of course).   While the guest OS sees the interface as being wired, communications between your guest and your LAN should still work properly.  If you absolutely need the interface on your pfSense to show as wireless you must attach a USB wireless adapter and pass it through to the guest (as you have done) and configure the device on the guest.  That also means making sure that the adapters you are attempting are supported.  See the netgate link below for their supported wireless card documentation.  I also have links to Oracle's documentation on bridged networking and freeBSDs official page on configuring wireless below just as a reference.

 

https://docs.oracle.com/cd/E97728_01/E97727/html/network_bridged.html

https://www.freebsd.org/doc/handbook/network-wireless.html

https://docs.netgate.com/pfsense/en/latest/wireless/supported-wireless-cards.html

 

Personally, I think you should skip trying to make your laptop an AP.  USB wireless adapters are not really meant to act as the AP in that relationship and, while they sometimes can work in this function, typically do not give the greatest performance (at least from my experience).  With your setup (unless you decide to add another AP), I would probably use the ISP router as your AP and have your DHCP set to use the LAN side interface of the pfSense VM as the default gateway.  This would force DHCP clients to send traffic to the pfSense that is meant for outside of your LAN and subject to your firewall rules.  You may have to play with the routing on the pfSense as well so it forwards traffic properly.  Since it is not inline, anyone could simply set their IP address statically and bypass this.  If the ISP router has the capability to do so, you could prevent this with ACLs and NAT on the pfSense.  Its a messy solution, of course. 

 

Again, just my two cents.  Feel free to ignore me.  ?

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author
10 hours ago, Tzomb1e said:

I would probably use the ISP router as your AP and have your DHCP set to use the LAN side interface of the pfSense VM as the default gateway.  This would force DHCP clients to send traffic to the pfSense that is meant for outside of your LAN and subject to your firewall rules.  You may have to play with the routing on the pfSense as well so it forwards traffic properly.  Since it is not inline, anyone could simply set their IP address statically and bypass this.  If the ISP router has the capability to do so, you could prevent this with ACLs and NAT on the pfSense.  Its a messy solution, of course. 

OK, i believe this is what i first tried for like 3 days. I think I messed this up so bad that I never got it working properly. This is what i tried:

My ISP router is a wireless router. so my plan also was as u said, use the ISP router as an AP. so i disabled the DHCP server from the isp router and set dhcp in pfsense. And in the dhcp server settings I set the static IP of my pfsense as the default gateway so that this IP will be distributed for the connecting clients. After doing this the clients successfully got IPs from the dhcp in pfsense however they cannot get online. For the defaut gateway of PFsense i have put the static IP of my ISP router and im able to ping google dns and other online sites from the pfsense box itself. So i was thinking, if my pfsense can get online, using it as the default gateway could get the connecting client devices online too. I may have been wrong.(Probably :P)

 

Because this failed I put the static IP of my ISP router in the DHCP server default gateway for the clients to receive. Now they were able to get online, however none of the rules i set in my pfsense were working. And i did ensure they were correctly applied and saved when i set them up. I believe as i set the default gateway for the clients to receive the IP of my ISP router, they are directly going out to the internet without going to pfsense. 

 

I have attached an image of this setup. And as u can see here I have setup the WAN interface only and not setup a LAN on the pfsense, which probably is another problem. Another question I have is the interface that connects the pfsense to the internet is the WAN yes? And the LAN is what the clients connect to? I dont know about this but can u setup the same interface to act as the LAN & WAN both because here in my case Im using the ISP router to access internet and to use as the AP for the LAN and their is only 1 interface in my router.

 

PS: This is my first ever PFsense setup, so mind me if i have asked or done something stupid. Thanks

 

 

isp rtrt as AP.PNG

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author
14 hours ago, Windows7ge said:

I would test this configuration on bare metal before trying to do it in a VM. Right now the issue could be anything between the virtualization process or potentially pfSense's ability to use that NIC at all. Eliminate that it's virtualization problem then try to virtualize it. It'll tell you what the problem is.

Hi there, i just now tried the 2 USB interfaces on a bare metal install. I noticed that one of them (a TP-Link)  dont get detected in the baremetal. some random number pops up when i connect it. 

 

The second USB interface, which is a Prolink did get detected however it could not be added. Getting that No link-up detected message like in that virtual box.

 

I did check the chipset of both USB interfaces to see if they are in the compatible list of pfsense,

 

The TP-Link was not in the list 

The Prolink was in the list and still Im unable to assign it as an interface even on baremetal. Heres a screenshot of it:

 

IMAG1165.jpg

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

I'll admit I've never tried using a Wireless NIC on a pfSense box but if it does show up in the supported list then there's good potential for it to work.

 

What it means by No link-up detected is that although it sees the NIC it sees that the NIC isn't connected to anything. What you would need to do is connect the NIC to a network then try adding it.

 

How do you connect a Wireless NIC from a Terminal? I have very little idea. I imagine there's a config file somewhere and you'd have to edit it. 

Guides & Tutorials:

PROXMOX - Rebuilding ZFS RAID rpool After Disk Failure

Mass Deploying Customized Windows 10/11 Installs

Building a GNU/Linux Based Windows Deployment Server

GNU/Linux Installer Server: Installation & Configuration

How to: Use (i)PXE to Install Windows from a Network

Why Memorize IP's When You Can Self-Host DNS Instead?

Ventoy - The USB Multi-Boot Utility!

Introduction to PXE/iPXE Network Boot Featuring FreeBSD & Ubuntu Server

 

Don't see what you need? Check the Full List or *PM me, if I haven't made it I'll add it to the list.

*NOTE: I'll only add it to the list if the request is something I know I can do.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted (edited)
8 hours ago, Shammikit said:

OK, i believe this is what i first tried for like 3 days. I think I messed this up so bad that I never got it working properly. This is what i tried:

My ISP router is a wireless router. so my plan also was as u said, use the ISP router as an AP. so i disabled the DHCP server from the isp router and set dhcp in pfsense. And in the dhcp server settings I set the static IP of my pfsense as the default gateway so that this IP will be distributed for the connecting clients. After doing this the clients successfully got IPs from the dhcp in pfsense however they cannot get online. For the defaut gateway of PFsense i have put the static IP of my ISP router and im able to ping google dns and other online sites from the pfsense box itself. So i was thinking, if my pfsense can get online, using it as the default gateway could get the connecting client devices online too. I may have been wrong.(Probably :P)

 

Because this failed I put the static IP of my ISP router in the DHCP server default gateway for the clients to receive. Now they were able to get online, however none of the rules i set in my pfsense were working. And i did ensure they were correctly applied and saved when i set them up. I believe as i set the default gateway for the clients to receive the IP of my ISP router, they are directly going out to the internet without going to pfsense. 

 

I have attached an image of this setup. And as u can see here I have setup the WAN interface only and not setup a LAN on the pfsense, which probably is another problem. Another question I have is the interface that connects the pfsense to the internet is the WAN yes? And the LAN is what the clients connect to? I dont know about this but can u setup the same interface to act as the LAN & WAN both because here in my case Im using the ISP router to access internet and to use as the AP for the LAN and their is only 1 interface in my router.

 

PS: This is my first ever PFsense setup, so mind me if i have asked or done something stupid. Thanks

 

 

isp rtrt as AP.PNG

So there are quite a few considerations to make with the setup for it to work as intended.  The short answer to your question is no, you cannot setup the same interface as the WAN and LAN on a pfSense.  The long answer is potentially.  You can create rules for either interface of course, so if there is a way to enable hairpinning you could potentially create a WAN rule to allow the filtering and routing of traffic on the same interface.  I have never looked for this option in pfSense, so it may make for an interesting exercise down the road. 

 

As a precursor, my apologies if I repeat anything you already know or have done.  I like to go through the steps to make sure nothing is missed ?.

 

To make it work, you will need to create two bridged network interfaces for the pfSense VM in VirtualBox with separate MAC addresses.  This will give your guest psSense its LAN and WAN interfaces so your rules can be applied to one side or the other.  You will also need to statically assign different IPs to either interface since your pfSense will be the DHCP server for your LAN and the WAN interface will not be able to pull an IP from another DHCP server.  Since the IPs are being set statically, your pfSense box will not have any dynamic routes to know where to forward traffic, meaning you will need to also configure a default static route towards your ISP router across your WAN interface (along with making sure NAT is applied to the outbound traffic so the router sends return connections to the correct interface).  This will allow the pfSense to take traffic, know where to forward traffic, and allow the rules to be applied.  Then, configure your DHCP server on the pfSense and verify that it is disabled on all other devices in the LAN.  One other consideration is how your DNS is setup.  If you are using the pfSense, make sure that the LAN interface address is set in your DHCP options and you have either the DNS resolver or forwarder enabled along with upstream servers for recursive lookups.   If you want the ISP router to be your DNS, just make sure you have it configured in your DHCP options.  Personally, I would let the pfSense handle this so everything is going through one place.  

 

TLDR:

 

- Static IPs on LAN and WAN interfaces (bridged in Vbox with different MACs)

- Static default route for forwarding traffic to the ISP router

- NAT on outbound traffic (should be enabled by default if I am not mistaken)

- Rules for filtering traffic

- Enable DHCP on the pfSense and disable in all other devices

- DNS setup in DHCP options

 

Typically I use pfSense in Vbox to control a sandbox/lab, so one interface on the internal network with my other guest vms and the other bridged.  I have never really attempted what we are trying to accomplish here.  If I have some time this afternoon, I will try and set everything up like you have and verify I am not missing any steps.  Anyone reading this, feel free to correct me if I am mistaken or missing something!  It is still early so my brain may not be working at 100 % ?

 

Edit:

I forgot to answer your other question about the WAN interface.  My bad!  In your setup, the WAN and LAN titles are more for direction of traffic rather then what is on either side.  Traditionally, yes, the WAN interface is the Internet side with the LAN being the local side.  That is still somewhat true here since traffic going out the WAN interface will almost certainly be Internet bound, though its next hop is the ISP router.  Small detail, but worth mentioning. 

Edited by Tzomb1e
Left out one answer
Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author
8 minutes ago, Tzomb1e said:

So there are quite a few considerations to make with the setup for it to work as intended.  The short answer to your question is no, you cannot setup the same interface as the WAN and LAN on a pfSense.  The long answer is potentially.  You can create rules for either interface of course, so if there is a way to enable hairpinning you could potentially create a WAN rule to allow the filtering and routing of traffic on the same interface.  I have never looked for this option in pfSense, so it may make for an interesting exercise down the road. 

 

As a precursor, my apologies if I repeat anything you already know or have done.  I like to go through the steps to make sure nothing is missed ?.

 

To make it work, you will need to create two bridged network interfaces for the pfSense VM in VirtualBox with separate MAC addresses.  This will give your guest psSense its LAN and WAN interfaces so your rules can be applied to one side or the other.  You will also need to statically assign different IPs to either interface since your pfSense will be the DHCP server for your LAN and the WAN interface will not be able to pull an IP from another DHCP server.  Since the IPs are being set statically, your pfSense box will not have any dynamic routes to know where to forward traffic, meaning you will need to also configure a default static route towards your ISP router across your WAN interface (along with making sure NAT is applied to the outbound traffic so the router sends return connections to the correct interface).  This will allow the pfSense to take traffic, know where to forward traffic, and allow the rules to be applied.  Then, configure your DHCP server on the pfSense and verify that it is disabled on all other devices in the LAN.  One other consideration is how your DNS is setup.  If you are using the pfSense, make sure that the LAN interface address is set in your DHCP options and you have either the DNS resolver or forwarder enabled along with upstream servers for recursive lookups.   If you want the ISP router to be your DNS, just make sure you have it configured in your DHCP options.  Personally, I would let the pfSense handle this so everything is going through one place.  

 

TLDR:

 

- Static IPs on LAN and WAN interfaces (bridged in Vbox with different MACs)

- Static default route for forwarding traffic to the ISP router

- NAT on outbound traffic (should be enabled by default if I am not mistaken)

- Rules for filtering traffic

- Enable DHCP on the pfSense and disable in all other devices

- DNS setup in DHCP options

 

Typically I use pfSense in Vbox to control a sandbox/lab, so one interface on the internal network with my other guest vms and the other bridged.  I have never really attempted what we are trying to accomplish here.  If I have some time this afternoon, I will try and set everything up like you have and verify I am not missing any steps.  Anyone reading this, feel free to correct me if I am mistaken or missing something!  It is still early so my brain may not be working at 100 % ?

 

Edit:

I forgot to answer your other question about the WAN interface.  My bad!  In your setup, the WAN and LAN titles are more for direction of traffic rather then what is on either side.  Traditionally, yes, the WAN interface is the Internet side with the LAN being the local side.  That is still somewhat true here since traffic going out the WAN interface will almost certainly be Internet bound, though its next hop is the ISP router.  Small detail, but worth mentioning. 

Thank you for your interest in helping,this afternoon I did the setup in my Virtualbox again as described in my original post where I try to get my wireless USB to act as an AP and I have managed to get it working with the Pfsense supported USB wireless interface. For some reason it didnt show up in my Pfsense console when i tried to assign it from their. It was possible to set it up from the web configurator as a wireless interface working as an AP and then assign it as a LAN. 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
5 minutes ago, Shammikit said:

Thank you for your interest in helping,this afternoon I did the setup in my Virtualbox again as described in my original post where I try to get my wireless USB to act as an AP and I have managed to get it working with the Pfsense supported USB wireless interface. For some reason it didnt show up in my Pfsense console when i tried to assign it from their. It was possible to set it up from the web configurator as a wireless interface working as an AP and then assign it as a LAN. 

Very good!  I am glad you got it working.  I have never tried to use a wireless interface with pfSense, so good to know that it actually works!

Link to comment
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Networking

×