pfSense Gold Subscription

Author Topic: pfsense setup over an existing wired network  (Read 3847 times)

0 Members and 1 Guest are viewing this topic.

Offline hchady

  • Jr. Member
  • **
  • Posts: 76
    • View Profile
pfsense setup over an existing wired network
« on: January 31, 2007, 03:23:50 am »
Hello,

I need to configure pfsense to work with an existing LAN network.
the existing LAN is a university network that have it's DHCP server

pfsense server is now connected to this network on the WAN port (WAN adress 134.214.116.x/22)
the LAN side have DHCP and captive portal enabled (DHCP range 192.168.10.x/24) and is connected to an access point (WRT54G) to serve only wirless clients.
to extend the range of my wirless network, I am using many WRT54G connected by WDS.
Everything work great, I don't have any problem with this configuration
But over WDS my transfer rates are around 4Mbps.
Now I would like to modify my configuration and find a way to connect my access point by LAN to have higher transfer rates (on wan side I have ~45 Mbps)

The idea is to use the existing university network (physical network) to connect my APs to Pfsense without changing any settings on the existing university LAN. So only wireless clients gets their DHCP leases from pfsense and other PC connected to the existing LAN get their leases from the univsersity DHCP server. i.e. in other words, i need a way to access to the pfsense LAN side (dhcp and captive portal) from the its WAN side
In this case, and if it is possible, I will be able to connect my APs anywhere on the existing university network.
My access points are VLANs, openVPN and EoIP compatible, but i am not the administrator of the existing university network.

Thank you for your suggestions !

Chady

Offline hoba

  • Administrator
  • Hero Member
  • *****
  • Posts: 5837
  • What was the problem to this solution again?
    • View Profile
    • pfSense
Re: pfsense setup over an existing wired network
« Reply #1 on: January 31, 2007, 03:29:11 am »
I don't think the administrator of the university network would want you to use his infrastructure for such a setup.  The best thing to achieve this would be working with vlans to use the same infrastructure but to have seperate networks. However you really should check this with the administrator of the campus net as you also have to provide DHCP to the clients.

Offline hchady

  • Jr. Member
  • **
  • Posts: 76
    • View Profile
Re: pfsense setup over an existing wired network
« Reply #2 on: January 31, 2007, 04:45:51 am »
actually it's not possible to obtain a dhcp leases from the campus dhcp server. they use a kind of dhcp static leases and unknown clients (wired or wireless) could not obtain any dynamic ip adress.

with VLANs, all used switches should be vlan compatible ? or just the switch connected to the pfsense and the end switch ?
pfsense can do site to site VPN ? (or something like EoIP developed by mikrotik)
there is no way to access to pfsense lan side from the wan side ?

thanks

Offline hoba

  • Administrator
  • Hero Member
  • *****
  • Posts: 5837
  • What was the problem to this solution again?
    • View Profile
    • pfSense
Re: pfsense setup over an existing wired network
« Reply #3 on: January 31, 2007, 06:15:00 am »
You really should consult the network administrator of this network. Anything that we are discussing here is not worth anything if he doesn't allow you to run this on his network.

Offline hchady

  • Jr. Member
  • **
  • Posts: 76
    • View Profile
Re: pfsense setup over an existing wired network
« Reply #4 on: January 31, 2007, 07:17:47 am »
the administrator of the network is ok to modify some setups, but he cannot modify any material (switches or something like that)
DHCP leases from the university server are also possible

Offline hoba

  • Administrator
  • Hero Member
  • *****
  • Posts: 5837
  • What was the problem to this solution again?
    • View Profile
    • pfSense
Re: pfsense setup over an existing wired network
« Reply #5 on: January 31, 2007, 07:27:58 am »
Ask him if he can setup tagged vlans on the ports that you hook up your devices on. One vlan for the network that already is non vlaned present there. One additional vlan for your captive portal lan. Then setup 2 vlans at your pfSense. One for the incoming WAN and one for the captive portal LAN. Setup your accesspointdevices to be in the captive portal vlan. This way you onl need 1 nic for this setup at your pfSense and it's also pretty secure as though only using one physical wire  the both networks are seperated.

Offline jeroen234

  • Sr. Member
  • ****
  • Posts: 505
    • View Profile
Re: pfsense setup over an existing wired network
« Reply #6 on: February 01, 2007, 12:51:05 am »
Hello,

I need to configure pfsense to work with an existing LAN network.
the existing LAN is a university network that have it's DHCP server

pfsense server is now connected to this network on the WAN port (WAN adress 134.214.116.x/22)
the LAN side have DHCP and captive portal enabled (DHCP range 192.168.10.x/24) and is connected to an access point (WRT54G) to serve only wirless clients.
to extend the range of my wirless network, I am using many WRT54G connected by WDS.
Everything work great, I don't have any problem with this configuration
But over WDS my transfer rates are around 4Mbps.
Now I would like to modify my configuration and find a way to connect my access point by LAN to have higher transfer rates (on wan side I have ~45 Mbps)

note that every added ap with wds will cut youre transfer rates in two
and that wireless is one way thafic and cabled is 2 way trafic
with one 54 mb ap(11g) you get a max transfer rate of 27 mb
example with 54 mb ap's
1 ap 27 mb
2 ap 13,5 mb
3 ap 6,7 mb
4 ap 3,4 mb
etc
« Last Edit: February 01, 2007, 12:57:01 am by jeroen234 »

Offline hchady

  • Jr. Member
  • **
  • Posts: 76
    • View Profile
Re: pfsense setup over an existing wired network
« Reply #7 on: February 01, 2007, 03:23:51 am »
yes sure, I know that wds cut transfer rates. but i didn't have another option !

now i am trying to setup VLANs but i am not really familliar with this kind of setup

also we have some installed switched that are not vlan compatible so i can only play with start and end switches... any chance to work ?
« Last Edit: February 01, 2007, 03:26:48 am by hchady »

Offline hoba

  • Administrator
  • Hero Member
  • *****
  • Posts: 5837
  • What was the problem to this solution again?
    • View Profile
    • pfSense
Re: pfsense setup over an existing wired network
« Reply #8 on: February 01, 2007, 02:02:10 pm »
Most non vlan capable switches will pass the traffic unchanged. it might work though you won't have the security level that real vlan switches would provide you with.

Offline hchady

  • Jr. Member
  • **
  • Posts: 76
    • View Profile
Re: pfsense setup over an existing wired network
« Reply #9 on: February 01, 2007, 02:59:43 pm »
and what about PCs connected to non-compatible VLAN switches ? they get their dhcp leases from pfsense or from the campus network dhcp ?

thanks

Offline hoba

  • Administrator
  • Hero Member
  • *****
  • Posts: 5837
  • What was the problem to this solution again?
    • View Profile
    • pfSense
Re: pfsense setup over an existing wired network
« Reply #10 on: February 01, 2007, 03:12:49 pm »
They should get it from the campus server and ignore the vlan traffic though they might see them. Nics that support VLANs could be configured to reside in the VLAN though, so it depends on how the client is configured or what the client supports.

Offline hchady

  • Jr. Member
  • **
  • Posts: 76
    • View Profile
Re: pfsense setup over an existing wired network
« Reply #11 on: February 06, 2007, 05:14:22 am »
it didn't work as expected,

wireless clients always get their dhcp leases from pfsense, but other PCs connected to the university switches get sometimes their leases from pfsense too ...
« Last Edit: February 06, 2007, 06:20:59 am by hchady »

Offline hoba

  • Administrator
  • Hero Member
  • *****
  • Posts: 5837
  • What was the problem to this solution again?
    • View Profile
    • pfSense
Re: pfsense setup over an existing wired network
« Reply #12 on: February 06, 2007, 05:46:19 am »
Sorry, no other solution that I can think of then.

Offline hchady

  • Jr. Member
  • **
  • Posts: 76
    • View Profile
Re: pfsense setup over an existing wired network
« Reply #13 on: February 06, 2007, 06:23:52 am »
Thank you anyway

I will try to use EoIP between dd-wrt routers and see if it works

Chady

Offline hoba

  • Administrator
  • Hero Member
  • *****
  • Posts: 5837
  • What was the problem to this solution again?
    • View Profile
    • pfSense
Re: pfsense setup over an existing wired network
« Reply #14 on: February 06, 2007, 06:45:57 am »
Not sure if the DD-WRT's support dhcp relay. Maybe that would work too.