Wi-Fi connection necessary?

[Mustang65]

Polisy seems to be running properly at the moment and I noticed that I have both a network connection x.x.x.2 and a Wi-Fi connection x.x.x.4 active. I do not want the Wi-Fi connection, one less security issue to worry about. Is there anything that needs the Wi-Fi connection to be active? Is it OK to disable it?

Thanks

[gviliunas]

I disabled mine and Polisy seems to continue working properly. Maybe in the future I will have need of this interface. For now, it is disabled.

[Michel Kohanim]

I would like to hear from more people about using WiFi instead of the Ethernet jack.

With kind regards,
Michel

[MWareman]

In my case, I had my Polisy wired.

WiFi auto connected to my guest WiFi network and caused all kinds of havoc. WiFi took priority on most things causing Polisy to be unable to communicate with anything (like package updates). Devices directly connected to the Ethernet network worked (routing precedence) but I have to make two observations.

1) WiFi should never auto-connect to open WiFi. Most have a captive portal.

2) If both WiFi and Ethernet have an active connection - the Ethernet interface should have a lower interface metric so it becomes preferred.

I also have to hard disable the WiFi interface to have things work when wired to Ethernet.

Michael.

[ThisIsTheWay]

On 12/27/2019 at 9:41 PM, gviliunas said:

I disabled mine and Polisy seems to continue working properly. Maybe in the future I will have need of this interface. For now, it is disabled.

How did you disable wifi?  Would very much like to do the same (I'm not a linux guy).

[gviliunas]

Well, I thought that I did....

There is a checkbox on the Polisy Settings / Polisy Configuration page that says "Interface enabled" 

I unchecked the box and then clicked Save. Then saw a green pop-up banner stating that interface ath0 was disabled.....until I looked at another interface and came back to ath0.

When coming back to this page, ath0 was again showing as enabled.

I tried this several times with the same result. Looks like a bug - can't disable the ath0 WIFI port using the Polisy Configuration checkbox.

[ThisIsTheWay]

8 minutes ago, gviliunas said:

Looks like a bug - can't disable the ath0 WIFI port using the Polisy Configuration checkbox.

I am also seeing this bug.

[whywork]

Hi,

I use and enjoy my ISY every day.

So far, I have NOT been able to connect my new Polisy Pro via wifi.

Polisy up and running with active Nodeservers via hardwire ethernet reserved DHCP address - all seems to work

Version 2.2.8 Status: Connected
Frontend Version: 2.2.8
ISY Version: 5.0.16B

wifi SSID  "Galefront"

Asus router RT-AC86U with hardwired RT-AC68U access point with Raspberry Pihole DNS at 192.168.1.222

Update/upgrade polisy via web interface - took reboot to show updates completed

 

From polisy web interface tried connecting wifi 

 

IPv4 Networking
Network Interface
MAC Address
ffffff90:48:ffffff9a:33:ffffff8d:49
Interface Type
WiFi
Interface Enabled

DHCP Enabled

IPv4 Address
0.0.0.0
Netmask
0.0.0.0
IPv4 Gateway
0.0.0.0
DNS Server 1
0.0.0.0
DNS Server 2
0.0.0.0
DNS Server 3
0.0.0.0

WiFi
Currently Connected SSID
Not Connected
WiFi Forget All Networks
Forget all Networks
Available WiFi Networks

Galefront
Key
 

Click on Connect - green bar flashes and NO Connection

Tried forget all networks and reconnect - still no joy.

 

SSH into polisy

sudo pkg update

sudo pkg upgrade

sudo ifconfig
Password:
igb0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=e527bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6>
        ether 00:0d:b9:53:36:9c
        inet6 fe80::20d:b9ff:fe53:369c%igb0 prefixlen 64 scopeid 0x1
        inet 192.168.1.194 netmask 0xffffff00 broadcast 192.168.1.255
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
igb1: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=e527bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6>
        ether 00:0d:b9:53:36:9d
        media: Ethernet autoselect
        status: no carrier
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
igb2: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=e527bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6>
        ether 00:0d:b9:53:36:9e
        media: Ethernet autoselect
        status: no carrier
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
        inet 127.0.0.1 netmask 0xff000000
        groups: lo
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
pflog0: flags=0<> metric 0 mtu 33160
        groups: pflog
pfsync0: flags=0<> metric 0 mtu 1500
        syncpeer: 0.0.0.0 maxupd: 128 defer: off
        groups: pfsync
wlan0: flags=8c43<UP,BROADCAST,RUNNING,OACTIVE,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether 90:48:9a:33:8d:49
        inet6 fe80::9248:9aff:fe33:8d49%wlan0 prefixlen 64 scopeid 0x7
        groups: wlan
        ssid "" channel 157 (5785 MHz 11a)
        regdomain FCC country US indoor ecm authmode OPEN privacy OFF
        txpower 23 bmiss 7 mcastrate 6 mgmtrate 6 scanvalid 60 wme burst
        bintval 0
        media: IEEE 802.11 Wireless Ethernet autoselect (autoselect)
        status: no carrier
        nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>

 

Shows connection via ethernet to 192.168.1.194

Shows NO connection wlan0/wifi

 

 sudo ifconfig wlan0 scan list
SSID/MESH ID                      BSSID              CHAN RATE    S:N     INT CAPS
Galefront                         e0:3f:49:97:ac:08    1   54M  -78:-96   100 EP   RSN BSSLOAD HTCAP WPS WME
Galefront                         78:24:af:ee:38:a8   11   54M  -74:-96   100 EP   RSN BSSLOAD HTCAP WPS WME
Galefront                         e0:3f:49:97:ac:0c   36   54M  -83:-96   100 EP   RSN BSSLOAD HTCAP VHTCAP VHTOPMODE VHTPWRENV WPS WME
Galefront                         78:24:af:ee:38:ac  149   54M  -72:-96   100 EP   RSN BSSLOAD HTCAP VHTCAP VHTOPMODE VHTPWRENV WPS WME
0x00000000000000000000000         46:00:49:ee:89:c3  149   54M  -78:-96   100 EP   RSN HTCAP VHTCAP VHTOPMODE VHTPWRENV WME
                                  c6:98:5c:8b:67:7a  149   54M  -82:-96   100 EP   RSN HTCAP WME WPS
0x00000000000000000000000         46:00:49:e0:84:c1    1   54M  -70:-96   100 EPS  RSN HTCAP WME

OK - wifi card can see my SSID

ctrl_interface=/var/run/wpa_supplicant
eapol_version=2
ap_scan=1
fast_reauth=1
network={
        ssid="Galefront"
        psk="mypassword"
        priority=3
 

OK - looks like SSID and password are set correctly

also rc.conf

#Networking
#Enable IPv6 router solicitation
rtsold_enable="YES"

#Make sure dhclient is run in the background
background_dhclient="YES"

#Network Interfaces (default)
wlans_ath0="wlan0"
ifconfig_wlan0="DHCP"
create_args_wlan0="country US regdomain FCC"
ifconfig_wlan0_ipv6="inet6 accept_rtadv"
ifconfig_igb0="DHCP"
ifconfig_igb0_ipv6="inet6 accept_rtadv"
#disable starting igb1/2 at startup
ifconfig_igb1_ipv6="NOAUTO"
ifconfig_igb1="NOAUTO"
ifconfig_igb2="NOAUTO"
ifconfig_igb2_ipv6="NOAUTO"

 

 

So wlan0 can see my SSID

wpa_supplicant.conf has SSID and password

rc.conf is starting wlan0 for DHCP

But wlan0 even after cold boot or service netif restart does NOT connect

Suggestions?

 

 

 

 

[gviliunas]

I tried to take this one step further by configuring my WIFI connection, disconnecting the wired Ethernet cable, and power-cycling Polisy. This did not work.

I was able to configure the WIFI connection on the Polisy Configuration page. Polisy is telling me that I am connected to the proper SSID, Channel 6 and 108 WIFI bars.

BUT...like @whywork, after power-cycling, I cannot find Polisy anywhere on my network. As Polisy is rebooting, I hear 1 beep and then another 1 beep.

Plugging in the Ethernet cable and I can again reach Polisy. The Polisy Configuration page is still telling me that I am connected to the proper SSID, Channel 6 and 108 WIFI bars.

<Edit - I got this working>

Just to make sure my router DHCP client table was keeping up, I opened an ssh session on Polisy. 

ifconfig showed wlan0 connected to a valid DHCP IP (192.168.1.158)

Was able to successfully ping this from my desktop.

Disconnected the wired Ethernet and opened https://192.168.1.158 and can now get to Polisy via WIFI

--------------------------------------

In the end, I was able to "connect" to Polisy over WIFI but noted that ISY could not access these node Servers since the IP address was different from what was configured in the ISY Node Server Configuration (slot) pages.

This is an argument for using either a static IP or reserved IP address for your Polisy any ISY in your router.

[whywork]

Hi

I am now connected to wifi.

I manually edited my rc.conf 

from 

ifconfig_wlan0="DHCP"

to

 

ifconfig_wlan0="WPA SYNCDHCP"

 

see https://www.freebsd.org/doc/handbook/network-wireless.html

Add entries to /etc/rc.conf to configure the network on startup:

wlans_ath0="wlan0"
ifconfig_wlan0="WPA SYNCDHCP"

 

ifconfig_wlan0="WPA SYNCDHCP" forces WPA and makes DHCP wait until wifi has connected/associated

your mileage may vary

hope this might be incorporated in polisy standard builds

 

[gviliunas]

@whywork Hmmm, I did not need to edit rc.conf or any file.

Something else might be taking care of this edit. Before I configured my Polisy WIFI in the Polisy Configuration page, the interface was always shown as "ath0." Now it is always listed as wlan0 in the Policy drop down.

My rc.conf already has the line:

wlans_ath0="wlan0"

but does is using "WPA DHCP"

true, your mileage may vary...

[Michel Kohanim]

@whywork, please do not use SYNCDHCP. This will cause your bootup to take inordinate amount of time while waiting for WPA and DHCP. If SYNCDHCP works, then DHCP will work as well. You just have to give it a little more time. 

In FreeBSD vernacular, you have a physical device (ath0) and then a logical device (wlan0). You cannot remove ath0 because it's plugged into your Polisy. You can remove the card and you won't see ath0. Once you disable wlan0, it becomes ath0.

WiFi connecting to any open network is definitely a bug.

Personally, I am not using WiFi. And, based on the initial feedback, more than 95% of those with WiFi are not using it either. 

With kind regards,
Michel

[MWareman]

It would be very neat if the Presence poly could be enhanced to put the wireless interface into promiscuous mode and be able to track the presence and rssi of clients in the area..... That’s my main future hope for the wireless interface to be honest.

Meanwhile - I’m glad the auto-connecting to open WiFi will be addressed. It’s was the cause of my early failures when using the pkg system to try to update packages (I hadn’t realized that the WiFi had obtained a connection to my guest network - and that was causing the invalid ssl cert issues I was originally seeing)

[TexMike]

2 hours ago, MWareman said:

It would be very neat if the Presence poly could be enhanced to put the wireless interface into promiscuous mode and be able to track the presence and rssi of clients in the area..... That’s my main future hope for the wireless interface to be honest.

Really like this idea too. I had high hopes for Presence-Poly (and still do for the future). I have presence working now on four phones, but it's a PITA. Wife and I on Android and kids just moved to iPhones and I have to configure it on each of the phones.

Looks like I dogged a bullet by not having any open WiFi AP's reachable from my Polisy.

[DaveStLou]

18 hours ago, MWareman said:

It would be very neat if the Presence poly could be enhanced to put the wireless interface into promiscuous mode and be able to track the presence and rssi of clients in the area..... That’s my main future hope for the wireless interface to be honest.

Meanwhile - I’m glad the auto-connecting to open WiFi will be addressed. It’s was the cause of my early failures when using the pkg system to try to update packages (I hadn’t realized that the WiFi had obtained a connection to my guest network - and that was causing the invalid ssl cert issues I was originally seeing)

Potentially using the wifi for polyglots such as @MWareman described was the main reason I thought wifi could be useful. As it is, it's on but I'm not using the wifi.

[mwester]

All critical network devices should be wired, IMO... so my Polisy is not currently using the wifi.  However, one of the things in the back of my mind was the future potential of the Polisy as a "single-solution" device for isolating IoT devices onto their own networks -- as suggested by Security Professionals, and most recently by the FBI.  With multiple LAN ports and a WiFi port, it's got all the right stuff.  But that's down the road, right now I'm just sort of messing around with it.