Operationally speaking the main problem was that when the pfSense AP would go South there was no way to get it working again short of rebooting the router. While that may have been a relief to my wireless users, it was a definite downer for anyone on the wired network. Especially when it would happen two or three times within the space of a few hours.
The integrated AP was also limited in that it couldn’t do either 802.11n or 5GHz operations. This was mostly due to a lack of support for these features in pfSense 2.1.5, the latest stable version of the software.
My solution was to do what the pfSense doc and so many on the forums had recommended: use a separate hardware AP. In my case an inexpensive TP-Link TL-WA-801ND that although it could “only” work on 2.4 GHz, would support 802.11n as well as b and g.
After removing the integrated wireless interface, the AP’s single 100 Mbit/s wired network port was joined to the unused 1Gbit port on the router by a CAT6 patch cord and assigned a new virtual interface. Once the hardware was connected I went about the tedious job of reconfiguring things (a couple of new firewall rules, and some additional entries in DNS and DHCP) so that the wireless LAN was now assigned to that port (and the new AP). A second TP-Link AP of the same model was added downstairs to act as a repeater for clients in the other half of the house.
So far, a few days into these changes, everything has been stable. I’ve now got a few pairs of wireless antennae and yet another wifi PCI-e card in the parts box to find some use for (or to put up for auction on eBay). Although I don’t like to admit it, I could have avoided all this grief if I’d just gone with a separate AP from the beginning. I’m still bullish on pfSense in general, and the x86_64 PCEngines hardware I’m using to host it in particular. Except for the AP issue it has been very stable and its configurability is unmatched, even when compared with other firmware options like OpenWRT or DD-WRT. It’s also nice to be able to run a DNS server right on the router, a feature not available in any off-the-shelf SOHO router without replacing the firmware.
Our network shelf in the home lab. From left to right: the TP-Link WAP, Arris/Motorola cable modem, PCEngines APU running pfSense, TP-Link 8 port Gbit switch, and Grandstream VOIP adapter. Is this setup ready for Gbit ethernet? Just about (the Access Points seem to be able to handle close to the full 300 Mb/s advertised (tested using iperf3), and the PCEngines board has been benchmarked by one forum poster to provide just short of 1 Gbit/s and by another as providing “only” 676 Mbits/s throughput across a WAN (either would be a miracle even if Google were to bring fibre right to my door). What about IPv6? Mostly, I’d say (the Access Point firmware doesn’t appear to support it, but those access points may be flashable with OpenWRT — a possibility I’ll need to investigate further).