Tutorials

Creating both an internal and a guest Wi-Fi network on a Sonicwall

I have a hate-hate relationship with Sonicwall. They’re annoying when they don’t work. I recently had to conjure up a procedure about how to configure a new Wi-Fi enabled Sonicwall with two different Wi-Fi networks, one for internal use, and the other isolated for guests. Here is that tutorial. It assumes an out-of-the-box Sonicwall config, starting with the initial setup wizard…

 

1. When going through the initial setup wizard, do NOT specify any Wireless settings.

2. For the internal wireless, use the Wi-Fi wizard. Set its IP Assignment to “Layer 2 Bridged Mode”; bridge to X0. Give it a useful SSID and be sure to use the WPA/WPA2 mode and give it a password. Do NOT create an additional virtual AP in this wizard.

3. Go to Zones, then Add a new zone. Set its security type to Wireless. Defaults are fine; if you’re being fancy, the Guest Services page allows for a captive portal to be set.

4. Go to Interfaces, then Add Interface, and choose Virtual Interface. Assign it to the Zone you just made, and give it a VLAN tag (10 is what I tend to use). Make its parent interface W0, and set its subnet mask to something bigger than a Class C (255.255.252.0 is what I tend to use). Click OK, and confirm the notice saying the Sonicwall can’t be configured from the VLAN.

5. Go to Network->DHCP Server. Click ‘Add Dynamic’. Check the ‘Interface Pre-Populate’, and choose the VLAN you just made. Go to the DNS tab, and add some public DNS servers, especially if you’re in a network with a domain controller.

6. Go to Wireless, then Virtual Access Point. Click ‘Add’ under the Virtual Access Point section. Give it a name and an SSID, and set the VLAN ID to the one you made earlier. Under Advanced’ settings, set the Authentication type to WPA2-PSK, the cypher type to AES, and the ‘Maximum Clients’ to 128. Add a passphrase, then click OK. Also, you might want to edit the original SSID to allow 128 wireless clients as well, instead of the default 16.

7. Still in the Wireless->Virtual Access Point area, Edit the “Internal AP Group” in the Virtual Access Point Groups” section. Add the additional SSID you just created to the Internal AP Group. Click OK to exit.

8. Go to the Wireless->Settings area. On the drop-down labeled “Virtual Access Point Group” on the bottom, select the Internal AP Group option. Click Accept on the top.
(note: if you get an error saying “Status: Error: Too small 802.11 Beacon Interval for Virtual Access Point”, go to Wireless->Advanced, change the Beacon Interval to 500, and try this step again).

It will take about one minute for all SSIDs to be visible to devices…but you will have properly configured everything when you are done.

Redirect all HTTP traffic to HTTPS

Have you ever wanted to ensure all your http traffic goes through https instead? I have, and it took me forever to figure out how to do this.

 

These are the exact steps I used to do this on a web server I host, running on the excellent Turnkey LAMP appliance. Thus, it is Debian-based.

 

From the linux shell, type: sudo a2enmod rewrite
restart Apache
sudo nano /etc/apache2/sites-available/000-default.conf
Add the following in the <VirtualHost *:80> config, commenting the existing lines out:
RewriteEngine On
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
restart Apache again.

 

You’re done!

pfSense Adblocking tutorial

This is more a bookmark for me than anyone else. I’m torn on the topic of ad blocking. I do want to support websites that provide useful content, but at the same time, I’ve seen far too many misleading and malware-laden ads on reputable websites to not have my guard up. So, as I’ve got a pfSense box up at box up at my house, as well as my mom’s, and two parents who are far more likely to erroneously hover over a malicious ad than buy a product based on an ad (though I must say, I’ve never actually had to do a major malware cleaning on either of their computers so far), my greater concern is for them, so ad blocking is something I am okay with.

 

Thus, I shall implement this at my next opportunity:
https://forum.pfsense.org/index.php?topic=19756.0

I look forward to the task. Now if only I could find a tutorial for having a pfSense box create multiple isolated LANs….

x  Powerful Protection for WordPress, from Shield Security
This Site Is Protected By
Shield Security