pfSense Support Subscription

Author Topic: Google WiFi and pfsense  (Read 1670 times)

0 Members and 1 Guest are viewing this topic.

Online toyebox

  • Jr. Member
  • **
  • Posts: 28
  • Karma: +0/-0
    • View Profile
Google WiFi and pfsense
« on: May 18, 2017, 06:27:16 pm »
Hey all! Been a pfsense user for a year now abouts. Just invested in a new Google WiFi mesh network system which works great! I move every 2 or 3 years for the military so pretty difficult to run wired backbones for basic repeaters. Anyway, I am super happy with google WiFi! Only thing so far is I can't access my host overrides for my local esxi machine and freenas box that hosts 10 or so web apps . I would assume it has to do with google WiFi using NAT.. Unfortunately it looks like in a mesh network it needs to run in a NAT. Is there anything I can do ?

Online JKnott

  • Hero Member
  • *****
  • Posts: 881
  • Karma: +29/-4
    • View Profile
Re: Google WiFi and pfsense
« Reply #1 on: May 19, 2017, 10:08:27 am »
It shouldn't make any difference whether a mesh is using NAT or not.  While I haven't worked with Google WiFi, in general mesh networks move some of the "smarts" from the access point to a central controller.  So, instead of logging into the AP, you log into the controller, with the AP acting as just a bridge to it.

Online toyebox

  • Jr. Member
  • **
  • Posts: 28
  • Karma: +0/-0
    • View Profile
Re: Google WiFi and pfsense
« Reply #2 on: May 19, 2017, 02:07:03 pm »
It shouldn't make any difference whether a mesh is using NAT or not.  While I haven't worked with Google WiFi, in general mesh networks move some of the "smarts" from the access point to a central controller.  So, instead of logging into the AP, you log into the controller, with the AP acting as just a bridge to it.

I hear what your saying.. There is no "controller" perse, like ubiquiti, I know there is a separate controller . what I think is the problem is is it runs on a its own subnet and has its own dhcp server.  There is no way to turn it off. Its completely controlled via the phone app you install. The only thing I can really set is the DNS servers .

Online JKnott

  • Hero Member
  • *****
  • Posts: 881
  • Karma: +29/-4
    • View Profile
Re: Google WiFi and pfsense
« Reply #3 on: May 19, 2017, 02:41:21 pm »
That's dumb.  What about people with IPv6, where you don't need NAT?  If it can handle IPv6 without NAT, it should be able to handle IPv4 without it too.

Online toyebox

  • Jr. Member
  • **
  • Posts: 28
  • Karma: +0/-0
    • View Profile
Re: Google WiFi and pfsense
« Reply #4 on: May 19, 2017, 02:47:48 pm »
That's dumb.  What about people with IPv6, where you don't need NAT?  If it can handle IPv6 without NAT, it should be able to handle IPv4 without it too.

It is a bit silly. The way they explain it, they need it for the features it provides. I did test it, and auto switching clients to the closest station works fantastic . there is also priorities,limiting and a bunch of other useful stuff.. Its besides the point though.

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 14259
  • Karma: +1327/-191
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: Google WiFi and pfsense
« Reply #5 on: May 19, 2017, 03:12:25 pm »
From my very limited research into google wifi is really designed to be the home router at the edge that supplies your wifi as well.  If you bridge it I do believe you loose many of the "mesh" features.

If you ask me its designed for the typical user that just wants a black box and be done with it.  If you like to tinker/power user you would be better off getting real AP that supports wireless uplink if you have issues with running wires.  This allows you to have a "mesh" but not a multi-hop wireless uplinks?

I do not believe the google wifi devices actually do multiple hop uplink? Can someone confirm or deny? I can not seem to find a definitive answer.  You can do it with unifi but you need their "mesh" devices the uap-ac-m or uap-ac-pro-m.  But their other ac line pro, lr and lite all support wireless uplink.  Which allows you to place AP around your home without a wire and not run into the typical /2 bandwidth that your typical soho repeater/extender does.  But it does need a connection to an AP that is wired.

With wireless uplink you use one of the bands as your uplink and the other band is used for clients in the area of that AP.

So depending on you requirements of wifi this is where you need true mesh or just wireless uplink.

network -wire - AP --wireless-- AP --client
network -wire - AP --wireless-- AP --wireless-- AP --client

ie can you daisy chain the AP wireless, or multihop wireless.

I do not believe the google allows for multiple vlans either, think you can do a guest but am not clear that you can do multiple different ssids and then tied to different wired networks like you can with normal AP that has vlan support.
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.3.4_p1 (work)
1x 2.4.1-RELEASE on VM esxi 6.5 (home)

Online toyebox

  • Jr. Member
  • **
  • Posts: 28
  • Karma: +0/-0
    • View Profile
Re: Google WiFi and pfsense
« Reply #6 on: May 19, 2017, 03:16:13 pm »
From my very limited research into google wifi is really designed to be the home router at the edge that supplies your wifi as well.  If you bridge it I do believe you loose many of the "mesh" features.

If you ask me its designed for the typical user that just wants a black box and be done with it.  If you like to tinker/power user you would be better off getting real AP that supports wireless uplink if you have issues with running wires.  This allows you to have a "mesh" but not a multi-hop wireless uplinks?

I do not believe the google wifi devices actually do multiple hop uplink? Can someone confirm or deny? I can not seem to find a definitive answer.  You can do it with unifi but you need their "mesh" devices the uap-ac-m or uap-ac-pro-m.  But their other ac line pro, lr and lite all support wireless uplink.  Which allows you to place AP around your home without a wire and not run into the typical /2 bandwidth that your typical soho repeater/extender does.  But it does need a connection to an AP that is wired.

With wireless uplink you use one of the bands as your uplink and the other band is used for clients in the area of that AP.

So depending on you requirements of wifi this is where you need true mesh or just wireless uplink.

network -wire - AP --wireless-- AP --client
network -wire - AP --wireless-- AP --wireless-- AP --client

ie can you daisy chain the AP wireless, or multihop wireless.

I do not believe the google allows for multiple vlans either, think you can do a guest but am not clear that you can do multiple different ssids and then tied to different wired networks like you can with normal AP that has vlan support.

It is multi uplink in a sense that its redundant. Unless you mean something else. Currently I have my primary google WiFi ap connected via Ethernet from a switch ,then the other two link to whichever is AP is closest in distance.

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 14259
  • Karma: +1327/-191
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: Google WiFi and pfsense
« Reply #7 on: May 19, 2017, 03:39:11 pm »
what I mean by multihop is 2nd ascii diagram

network -wire - AP --wireless-- AP --wireless-- AP --client

so your saying it is multihop ie your 3rd AP can connects to the AP that is also wireless to your base AP that has a wired connected to it.
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.3.4_p1 (work)
1x 2.4.1-RELEASE on VM esxi 6.5 (home)

Online JKnott

  • Hero Member
  • *****
  • Posts: 881
  • Karma: +29/-4
    • View Profile
Re: Google WiFi and pfsense
« Reply #8 on: May 19, 2017, 04:00:08 pm »
Quote
t is a bit silly. The way they explain it, they need it for the features it provides. I did test it, and auto switching clients to the closest station works fantastic

Providing a mesh does not require NAT.  Cisco mesh WiFi does fine without NAT.  What "features" can they provide that require NAT?

With Cisco access points, they come out of the box ready to used in a mesh, with controller software installed on a switch.  In order to use them as stand alone APs, different firmware has to be loaded.

Online toyebox

  • Jr. Member
  • **
  • Posts: 28
  • Karma: +0/-0
    • View Profile
Re: Google WiFi and pfsense
« Reply #9 on: May 19, 2017, 04:05:56 pm »
what I mean by multihop is 2nd ascii diagram

network -wire - AP --wireless-- AP --wireless-- AP --client

so your saying it is multihop ie your 3rd AP can connects to the AP that is also wireless to your base AP that has a wired connected to it.

I'll run a few tests. It gives readouts for strength of the ap to client and ap to AP.. From what I'm reading, yes it does hop. But I'll try staging them far enough away so they have no choice but to not have enough strength to reach the base ap so It has to use the wireless ap.

As for Cisco, I have never personally used their mesh APS.. But I have used their switches which are great. I really want to give these google WiFi APS a chance because I get my 350Mbps line speed through them anywhere in the house lol.

Online toyebox

  • Jr. Member
  • **
  • Posts: 28
  • Karma: +0/-0
    • View Profile
Re: Google WiFi and pfsense
« Reply #10 on: May 19, 2017, 06:46:38 pm »
So i did verify that "daisy chaining" is supported. I both tested and spoke to a rep. When placing a wifi AP in between the base wired AP and a wireless, it not only increased my speed on one, but on the further one as well. I put in a request feature to have all mesh features in bridge mode only.. Representative said its been a requested feature numerous times and they will try and work on it.

As for my initial issue.. Has no one ever ran a double NAT and had this problem? Or different subnets?

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 14259
  • Karma: +1327/-191
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: Google WiFi and pfsense
« Reply #11 on: May 20, 2017, 04:48:01 am »
What about vlan support?  So how many different wireless ssids can you have and how do you tied those to wired networks?  The system sounds good if didn't have to use them as actual router, and how do you put wired devices on the same layer 2 as specific wireless device?
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.3.4_p1 (work)
1x 2.4.1-RELEASE on VM esxi 6.5 (home)

Online toyebox

  • Jr. Member
  • **
  • Posts: 28
  • Karma: +0/-0
    • View Profile
Re: Google WiFi and pfsense
« Reply #12 on: May 20, 2017, 05:46:11 am »
What about vlan support?  So how many different wireless ssids can you have and how do you tied those to wired networks?  The system sounds good if didn't have to use them as actual router, and how do you put wired devices on the same layer 2 as specific wireless device?

Unfortunately at this time it seems multiple SSID's are not supported currently. There is a guest WiFi that can be setup though. 5 and 2.4 GHz channel clients are forced to use whichever is fastest, as they are not different names like traditional routers.I do believe the controller handles forcing clients to use the faster of the two .

No vlan support either. These seem to be an extremely easy option for the common user. I literally pointed my phone at it after plugging it in, and it expanded my network with every AP I added.

Adding wired devices on the same layer 2... I'm not sure If you mean having both wired and wireless backhauls for the APs but this is supported. It will use the faster of the two(obviously wired). Also, this is all automated, you hook it up wirelessly, once setup completes , you plug in a wired backhaul. Or, you can connect a wired client when its in wireless bridge mode. I believe you can use both ports for clients, or just run to a dumb switch.

Hope that answers your questions.

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 14259
  • Karma: +1327/-191
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: Google WiFi and pfsense
« Reply #13 on: May 20, 2017, 06:51:58 am »
"Adding wired devices on the same layer 2..."

If they do not support vlan tagging - then no they don't support putting wired and wired devices on the same vlan..  Other than their 1 ssid..

So for example I have ssid that is vlan 500.. this has both wifi devices and wired devices all on the same layer 2 network.. Some are wireless and some are wired through switching network  This is vlan 500 id in both my switching and wifi network.  So I have a device say in the guest room on wifi one side of the house, and then I have a device in my av cab in the living room that is also on this same network.  192.168.5.0/24

So you create this guest ssid - how do you have a wired device on only guest network?  And not on your normal ssid?  Can you put the wired interface on the them in either the lan or the guest network?

As to moving a client to either 5 or 2.4 yes that would be band steering.. Nothing really fancy there.. If they had vlan support and not having to use their base as you router doing nat, etc.  Prob be a very nice choice..  Without the ability to create different networks via wifi how do you isolate your iot devices from your normal network.. Just put all of that on guest?  I guess is better than nothing.

Do they support enterprise auth vs just psk? Seems only psk

Security
WPA2-PSK
Automatic security updates
Infineon SLB 9615 trusted platform module

It seems like a nice product for your typical home user - point and click.. My wifi stuff works, oh wow what pretty interface ;)  Now if they just gave it the ability to do real networking you might have something...  Doesn't seem to support DFS channels? So no 160mhz which kind of one the big things with wave 2 the increased bandwidth, and the mu-mimo is limited because its only 2x2.  Most of the wave 2 AP are suppose to be 4x4 for streams are they not..  So can you lag the 2 ports on them?  If not your limited to 1 gig shared between all your clients to the real network.. So you can not get your full bandwidth that is suppose to be possible with wave 2 higher PHY rates.. If you could lagg the interface then atleast you could use the 1 and 1 gig interface for multiple clients and actually max out..

Glad you are happy with it, and thanks for sharing some info on.. But seems more a high priced shiny home user device.. Turn it on and all your devices get on the internet ;)  What is happening in the background, actual performance for lots of devices, multiple networks with firewall between your segments, etc. etc..  Not so much ;)
« Last Edit: May 20, 2017, 06:58:14 am by johnpoz »
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.3.4_p1 (work)
1x 2.4.1-RELEASE on VM esxi 6.5 (home)

Online toyebox

  • Jr. Member
  • **
  • Posts: 28
  • Karma: +0/-0
    • View Profile
Re: Google WiFi and pfsense
« Reply #14 on: May 20, 2017, 07:12:50 am »
Yeah you nailed it. No, it doesn't support any sort of LAGG. It will probably be something I return to be honest. I love google products, and hesitant to return it, but what is the point of having it if I can't even utilize my pfsense features I use most, right. I might try an orbi , which has its own 5ghz back end channel for communication between APs. I haven't figured out if the orbi supports LAGG or not. Any last minute questions before I go back to the store?