After a hardware upgrade I ended up with a spare mini pc. Noticed these two icons and thought I might be able to use it as a WiFi access point with VLANs using OPNsense.
Is that possible? If so, what do I even need to buy to plug into there?
I don’t need it to do any fancy dhcp, dns or firewall stuff, I just need a WiFi access point with support for VLANs.
yes do it.
depending on what you get for a wifi card, you might want to virtualize some flavor of linux like openwrt to run the wifi.
bsd (opnsense, pfsense) is notoriously bad for wifi support.
the biggest challenge here is selecting the right wifi hardware imo.
It is possible but not recommended. The hardware is designed to world as a client so it is likely missing a lot of modern features. You can but the quality of the signal will suck. It might be fine as a temporary solution for a single device but that’s it.
Exactly. A DIY router is fine, don’t DIY the AP.
You can absolutely “DIY” the AP. You just need the right hardware. Take something that has good wifi hardware and flash OpenWRT.
Mine has those, but it was a different model that had the hardware required to do WiFi. Likely it’s not included and unless the device was designed to modify, it’s likely that the motherboard doesn’t have a way to add it easily and there won’t be much space to do your own WiFi card and soldering if the board does have the connections and support in the firmware/BIOS. Best bet would be a USB WiFi card.
Before you start with this project, consider the power use of a full X86 system even at idle and compare that to a standard router.
If you are looking to run this as an access point permanently, the cost of power may add up.
I am not saying that you shouldn’t do it, but take it into account before deciding.
The architecture doesn’t determine the power draw so much as the system design. I’ve got a Chromebox running an i3 and sipping 4.5w at idle.
I get that, it was just something I noticed when looking to build a NAS a few months ago, I was considering the power usage over time when compared with a Synology, and I seem to recall the Synology being much more power efficient, and when I saw OP talking about using a full X86 machine for an AP, I just thought it sounded very inefficient.
That’s a good point, I’ll see if I can figure out the power draw of this system somehow. Any tips?
Since you have the equipment at home you can just get a power meter and measure the computer and a router to see which uses most power over two hours.
Make sure to install the baseline for the computer before the test so it is fairly representative
Not all of these mini PCs have a wifi card in them even if they have the antennas for it. You might start by opening it to check whether the wifi antennas are connected, or whether you need to add a WiFi card.
I think OPNsense would do what you’re looking for. I use it on a mini PC as my router, and it’s great, but I have not used it for WiFi (I run a separate access point). The limitation is WiFi hardware support. You will need to make sure your mini PC’s WiFi card has a driver in FreeBSD. Intel hardware is often a better bet than Realtek etc.
https://docs.opnsense.org/manual/how-tos/interface_wireless_internal.html
I also use opnsense on a mini pc as a firewall, works great :)
Seems that using it for WiFi is a little iffy based on most of these comments though. The guide you linked also didn’t cover much info about hardware, and I can’t see VLAN-support either, so maybe I should just give in and buy a ubiquity one instead.
Intel AX200/210 cards do work on FreeBSD but people are having problems with it in AP mode, even on Linux. I didn’t try, but I planned to do the similar thing on NanoPi R5S with OpenWRT and gave up after the research.
iirc anything after 802.11ac doesn’t allow AP mode on client devices. Something about not being able to scan for restricted channels in 5/6ghz
opnSense and WiFi don’t play too well due to limited BSD WiFi support.
OpenWRT is a much better choice for an AP.
At least make sure the WiFi on the minipc is supported by opnSense before attempting that…
I don’t mind which software, I could absolutely use openwrt instead. Assuming I do, which hardware might I need?
I only used OpenWRT on netgear (arm) hardware… So for x86 I have no idea, but they have great forums you can lurk or inquire…
It should support all WiFi chipsets supported by Linux.
Thanks, I’ll try to get more info on their forums then
Openwrt generally works great on x64 PCs. Thiss machine will most likely be more beefy than your home router and could become your main firewall. It can handle adblocking and vpn client for all PCs on the network as well or whatever your need, as openwrt can do many nice things no commercial router can do out of the box. Install openwrt on your home router as well and use that as access point (connected via cable). You will improve your wifi signal as well. If your machine does not come with rj45 lan ports, install usb3 to rj45 adapters to the usb3.0 ports. They will give you the full 1000 mbit speeds.
OpenWRT isn’t quite as reliable as opnsense because it doesn’t have dual partitions. In the future that might change but for now OpenWRT focuses on max compatibly.
In practice what this means is that you must be careful not force off OpenWRT when flashing firmware.
My current setup runs OPNsense on an x86 machine with 2.5Gbps ports (as an LXC inside proxmox), whereas the one in my post only has 1Gbps ports. But the location of it isn’t great for wifi, which is why I want to use this separate machine for wifi only. So there’s really no need for me to do firewall etc. on this one, I really just want something that can do VLAN’d wifi networks.
You might want to check what the actual hardware is first. You’ll probably be fine, but client 802.11 hardware can sometimes be underwhelming for hosting because they don’t have good stuff like beefed up MuMIMO.
Although that’s assuming you will have a lot of traffic going through it, so you could always just test throughput and latency with iperf to see how well it functions.
I’d probably have to buy something before it supports WiFi. It’s built to run pfsense (has 4 ethernet ports) so I imagine that it would run just fine if I got it a good antenna, but who knows.
You should probably open it up and see if there’s even a Wi-Fi radio in there it’s probably not there because when they’re installed those plugs are removed and the screw terminals for the antenna are in their place
These are probably just rubber nubs where you could install wifi antennas. You would still need to buy the antennas and a pcie m2 wifi addon card.
Yea I did specifically ask what I would need to buy in the post, so I wouldn’t mind that.
I’ve done this before on Ubuntu. You can install nftables for routing, then install hostapd for a wifi AP.
Sounds like a pain to configure compared to some of the more designated systems. Is the advantage that you use Ubuntu for other things as well, so it’s a more multifunctional system?
That’s basically it. My Ubuntu server is a router, NAS, plex server, public statum-1 NTP server, wordpress server, nextcloud server, security camera NVR, SMTP/IMAP mail server, CUPS print server, tor relay, and probably a few other things I forgot about.
You can do a lot with a single CPU from 2015.
I don’t have hostapd on it anymore. I now have dedicated APs on OpenWRT. The main problem with using a WNIC for an AP is that they don’t typically have a very strong broadcast output. I had to add an amplifier, and even then it wasn’t great.
You’d probably be a lot better off buying a decent access point (unifi, mikrotik, Aruba instanton).
Are any of those open source? I was hoping to go the open source route
Many devices support OpenWRT
Pick something that you like and then check support. If it is not supported there is probably a similar supported device.
Not really. If that’s a hard requirement, check out what is supported by openwrt or freshtomato.
There was a similar question a few days ago with some points about wifi adapters vs access points brought up.
It’s mostly just a strong preference, so if I can reasonably do it I’d like to. Some great info in that post, thanks for finding it!
Nyes?
GL-iNet devices run DD-WRT, with an added (probably not open source) web interface. However, if you ssh into any of their routers, it’s BusyBox and DD-WRT. And if you click go into the admin web page and click System->Advanced you end up with a link that takes you to luci, the raw DD-WRT web UI for the device. The company’s UI is just a simpler, more pretty UI on top of DD-WRT.
They run a custom version of OpenWRT. However, I would run stock OpenWRT since it is better supported.
@sxan @elyviere In particular, there are two gl.inet models that you can install openwrt on: https://forum.openwrt.org/t/best-newcomer-routers-2024/189050/2
The other models run modified openwrt but don’t necessarily allow you to install a stock openwrt release.
Use it for a firewall / router, but don’t bother with WiFi. There are no antenna connectors, so it probably doesn’t have a card installed and normal WiFi cards make terrible access points anyways.
If you want to use OPNsense, make sure the NICs are supported. If it has Realtek NICs, you will probably have to use a Linux based firewall.
I already have opnsense on another one like this, so I don’t need a second firewall. Also, for the WiFi one, it doesn’t have to be opnsense. Someone mentioned openwrt which I wouldn’t mind using.
I personally would sell it and buy a proper WAP
Install fresh tomato to this and you’ll get a much better AP with very good firewall and QOS and traffic inspection. Also good SNMP for monitoring
Freshtomato is very out of date. I would highly recommend against it.
What would you suggest instead?
OpenWRT
Thanks for the suggestion
I already have an opnsense router as firewall, so I don’t really need that part. Was just looking to add a WiFi access point.
Haven’t heard of freshtomato before but this seems like a nice option. I’ll look into it, thx for the suggestion!
