Mesh WiFi for pfSense – The Ultimate Guide for beginners. If you are not sure what pfSense is, then we will go through all of the basics and explain what it is and why you would want to use it!
pfSense is a free, open source, and highly configurable firewall distribution. It has a very active and supportive community, many of whom are happy to help those who are newer to the platform or who have questions.
One of the most commonly asked questions about pfSense is how to set up a compatible mesh WiFi system with it, and what are the best mesh WiFi options for your needs.
Mesh WiFi gives your network the ability to extend its range over larger areas of your home to reach devices in the furthest each of your living spaces. It allows you to use your existing WiFi access points and distribute the WiFi signal over a larger area.
Table of Contents
- pfSense With Mesh Networks And Your Setup
- WiFi 6 Mesh AP Recommendations
- Adding A Mesh WiFi Network to pfSense
- Conclusion: Mesh WiFi for pfSense
pfSense With Mesh Networks And Your Setup
There is one problem with using Wi-Fi technology to provide wireless access in a home or small office: the signals are too weak to penetrate most walls, especially ceilings. Luckily, adding Mesh WiFi for pfSense is not all that difficult with the right gear.
That’s where mesh networks come in. Mesh networks connect devices directly to one another, typically through radio waves that are more powerful than those of conventional wireless networks.
In addition to providing better coverage, mesh networks also are more secure. They use encryption to keep communications private, and they can block unencrypted or malicious data packets from reaching the network.
Mesh networks are typically deployed through Wi-Fi Protected Access (WPA) or Wi-Fi Protected Access 2 (WPA2), the two major security protocols for wireless networks.
There is one problem with using Wi-Fi technology to provide wireless access in a home or small office: the signals are too weak to penetrate most walls, especially ceilings.
Mesh networks connect devices directly to one another, typically through radio waves that are more powerful than those of conventional wireless networks.
In addition to providing better coverage, mesh networks also are more secure. They use encryption to keep communications private, and they can block unencrypted or malicious data packets from reaching the network.
Mesh networks are typically deployed through Wi-Fi Protected Access (WPA) or Wi-Fi Protected Access 2 (WPA2), the two major security protocols for wireless networks.
WiFi 6 Mesh AP Recommendations
You’ve probably already heard of 802.11ax, which is Wi-Fi 6. Most of us are familiar with how it works and what it promises to bring.
What we might not know is that the new standard, which is currently still being rolled out, has a huge impact on how people use wireless networks today.
| Image | Title | Description | Check Price |
|---|---|---|---|
 Top | TP-Link Deco WiFi 6 Mesh System(Deco X20) - Covers up to 5800 Sq.Ft. , Replaces Wireless Routers and Extenders(3-Pack, 6 Ethernet Ports in total, supports Wired Ethernet Backhaul) | TP-Link Deco WiFi 6 Mesh System(Deco X20) - Covers up to 5800 Sq.Ft. , Replaces Wireless Routers and Extenders(3-Pack, 6 Ethernet Ports in total, supports Wired Ethernet Backhaul) | Check Price |
 Top | ASUS ZenWiFi AX6600 Tri-Band Mesh WiFi 6 System (XT8 2PK) - Whole Home Coverage up to 5500 sq.ft & 6+ rooms, AiMesh, Included Lifetime Internet Security, Easy Setup, 3 SSID, Parental Control, White | ASUS ZenWiFi AX6600 Tri-Band Mesh WiFi 6 System (XT8 2PK) - Whole Home Coverage up to 5500 sq.ft & 6+ rooms, AiMesh, Included Lifetime Internet Security, Easy Setup, 3 SSID, Parental Control, White | Check Price |
 Top | ASUS ZenWiFi AX6600 Tri-Band Mesh WiFi 6 System (XT8 2PK) - Whole Home Coverage up to 5500 sq.ft & 6+ rooms, AiMesh, Included Lifetime Internet Security, Easy Setup, 3 SSID, Parental Control, White | ASUS ZenWiFi AX6600 Tri-Band Mesh WiFi 6 System (XT8 2PK) - Whole Home Coverage up to 5500 sq.ft & 6+ rooms, AiMesh, Included Lifetime Internet Security, Easy Setup, 3 SSID, Parental Control, White | Check Price |
 Top | Netgear Nighthawk Whole Home Mesh WiFi 6 System, 3-Pack (MK63-100NAS) | Netgear Nighthawk Whole Home Mesh WiFi 6 System, 3-Pack (MK63-100NAS) | Check Price |
 Top | NETGEAR Orbi Whole Home Tri-band Mesh WiFi 6 System (RBK752) – Router with 1 Satellite Extender | Coverage up to 5,000 sq. ft., 40 Devices | AX4200 (Up to 4.2Gbps) | NETGEAR Orbi Whole Home Tri-band Mesh WiFi 6 System (RBK752) – Router with 1 Satellite Extender | Coverage up to 5,000 sq. ft., 40 Devices | AX4200 (Up to 4.2Gbps) | Check Price |
Top Top | NETGEAR Orbi Whole Home Tri-band Mesh Wi-Fi 6 System (RBK853) – Router with 2 Satellite Extenders, Coverage Up to 7,500 Square Feet, 100 Devices, AX6000 (Up to 6Gbps) | NETGEAR Orbi Whole Home Tri-band Mesh Wi-Fi 6 System (RBK853) – Router with 2 Satellite Extenders, Coverage Up to 7,500 Square Feet, 100 Devices, AX6000 (Up to 6Gbps) | Check Price |
 Top | Linksys Atlas Pro 6, Dual-Band Mesh WiFi AX5400, 3-Pack | Linksys Atlas Pro 6, Dual-Band Mesh WiFi AX5400, 3-Pack | Check Price |
 Top | NETGEAR Orbi Pro WiFi 6 Mini Mesh System (SXK30B3) | Router with 2 Satellite Extenders for Business or Home | VLAN, QoS | Coverage up to 6,000 sq. ft., 40 Devices | AX1800 802.11 AX (up to 1.8Gbps) | NETGEAR Orbi Pro WiFi 6 Mini Mesh System (SXK30B3) | Router with 2 Satellite Extenders for Business or Home | VLAN, QoS | Coverage up to 6,000 sq. ft., 40 Devices | AX1800 802.11 AX (up to 1.8Gbps) | Check Price |
 Top | NETGEAR Orbi Whole Home Tri-Band Mesh WiFi 6 System (RBK653) – Router with 2 Satellite Extenders, Coverage Up to 6,000 Square Feet, 40 Devices, AX3000 (Up to 3Gbps) | NETGEAR Orbi Whole Home Tri-Band Mesh WiFi 6 System (RBK653) – Router with 2 Satellite Extenders, Coverage Up to 6,000 Square Feet, 40 Devices, AX3000 (Up to 3Gbps) | Check Price |
Adding A Mesh WiFi Network to pfSense
What if you wanted to install mesh networking hardware on your network and have your pfSense firewall handle it all? Here’s a hypothetical way that you could possibly do it.
Mobility is one of the main problems with wireless networks and trying to set up Mesh WiFi for pfSense. Fortunately, there are two main ways to address this problem. You can move the router physically.
Creating a mesh network is the second way you can connect your nodes. Mesh networks are direct connections between nodes on the network.
We will use a Linksys WRT1900ACS Wireless-AC Dual Band Gigabit Router in this tutorial as a mesh wireless access point.
Three radios are available on this router: 2.4GHz radio (A/B), 5GHz radio (A/B), and a USB port. The mesh network is implemented using the 5GHz radio.
1. Let’s begin by setting up the router. Port 1 is where we will set up our WAN connection. IP address 1 is where the router can be reached from the outside. Static IP addresses can be found by opening the Network utility on your router.
Now that our LAN port is set up on Port 2, let’s configure it. We will use this IP address in pfSense.
This IP address must be assigned to the LAN. You can do this by going to Advanced > Ports. Select the IP address of the LAN port by clicking on the LAN button. By doing so, the router will be able to connect to pfSense.
2. The next step is to configure the WAN port of the router to forward to a public IP address. We must first add a gateway to the Internet. An IP address needs to be assigned to the new subinterface on the WAN port.
If the router will be forwarding to a public IP address, that should be the address used. For this tutorial, we are going to use 192.15.23.22 as a public IP address. Ensure that TCP/IP is enabled on the WAN interface next.
3. On the WAN interface, we are going to enable DHCP. The router will then be able to obtain a public IP address from the ISP for the WAN interface.
When this option is enabled, the router will create a temporary subnet on the WAN interface. In this tutorial, we will use a subnet of 192.168.100.0/24.
4. Our next step is to set the default gateway of the LAN interface to the router’s external IP address.
You can do this by clicking the WAN interface and then clicking on Advanced Settings. You will need to set the Router’s external IP address as the Gateway under the General Settings.
5. Next, we will configure the router with a DNS server. The router will then be able to obtain a domain name and resolve it to its public IP address. This can be accomplished by enabling the DNS Server service on the router. Go to Services > Services. Click on DNS Server.
6. Last but not least, we will give the router a domain name. Go to the Domain Name Service Settings and click on “Add New Domain.”
7. The next step is to enter the domain name we would like to use. “pfSense.local” will be used in this example.
For the value, enter the subnet of the LAN port. 192.168.100.0 is the domain name we are using here. Select Save Changes after adding the domain name.
8. Let’s connect to the Internet to test the network. You can check your configuration by typing http://198.15.23.22 into your web browser.
If it matches your public IP address, then everything is working as it should. Changing the domain name in step 7 to match the IP address of the router is required if the domain does not exist.
9. You should now be up and running! You can connect your primary WiFi 6 mesh router into your pfSense router and have your traffic be routed through there for added security and control.
Conclusion: Mesh WiFi for pfSense
In summary, adding a mesh WiFi network to a pfSense router can provide expanded wireless coverage throughout a home while also benefiting from pfSense’s security and monitoring capabilities. As outlined in the steps above, configuring the WAN and LAN interfaces properly allows the mesh router to connect to the internet through pfSense.
Once set up, users can connect the primary mesh node to pfSense via ethernet, then place additional satellite nodes around the home, creating a robust mesh network. With this setup, all wireless devices will connect through the mesh system which in turn routes traffic through the pfSense router.
This provides the benefits of a commercial mesh system as well as taking advantage of pfSense’s firewall rules, traffic shaping abilities, VPN access and more. For those seeking to combine the convenience of mesh WiFi with the control of pfSense, integrating the two together as described here can be an ideal solution.
