Not sure if the above is correct but can any wired device on the guest router access the client APs configuration page? If not what happens if you switch the cable from the WAN to a LAN port?

Explain what device you are talking about switching from WAN to LAN port. Also, you're mostly correct. The clientap is connected to clientrouter, where the guestap is connected to guestrouter. Other than that, the IP scheme is correct. Wired or wireless devices on each wireless router/AP, can get to the wireless router/AP page and the router page. You wouldn't plug in another device to the other ports in the pfsense routers as that gets into OPT configuration and acts as another LAN. You only have one LAN port, basically for each pfsense router. So if you were going to wire a device in, you would wire it into the wireless router/AP(s). Or an appropriate switch. You can watch my youtube videos on how it worked before I added the pfsense routers. My channel is under my name, "Dennis Earl Smiley", and I'm not the one talking about a criminal. Then you can see phyiscally around my place and see what it looks like. Yes, the wiring is a mess for now. I'll work on an updated video sometime next year. Now, the one other detail to give you about what I'm trying to do, is that from clientrouter, I can get to the pfsense router web pages for all subnets, but NOT the router/AP pages for each subnet. For a start, that's what I would prefer to be able to do. Beyond that, I'd like to be able to get to everything behind them. Not from the Internet though, unless I otherwise very specifically open it up for a reason I probably won't need to. It looks like I can get to homeassistant from the Internet, and for the forseeable future, that's probably the deepest server I will want to get to, though I am using the homeassistant cloud to get to that. Most servers I want to get to from the Internet, will be on the main subnet, or 192.168.1.0 subnet. Or maybe in the future the 192.168.0.0 subnet.

OK. Figured this one out! I had an option set, which says:

I had to disable it, and then, set redirection to LAN address. Then apply the changes.

Now everything works, and I have pfsense as the beginning of all subnets. And then the APs behind the routers. Thanks for the little bit of help you guys gave! On to the next problem, and for now, I'm getting close to problem free.

HOWEVER, I still have a few problems, and have lots of work to do to get the network working. Hopefully I don't run into a lot more problems! I have to at least, complete my current list.

Uh oh! While it seems to ping ips behind each router now, it thinks that connecting to the AP behind the router, should connect to the router, over http. In fact, connecting to ANY IP behind the router does the same thing if connecting over http or https!

I was tired, and didn't understand what I was doing because of that. I really want to just punch a whole in the firewall, I want NAT, because it's easier to setup, but I would like to punch a whole in the secondary firewalls, where despite nat, everything is still allowed through. For security reasons, it could be limited to coming from the first subnet only for that being allowed, but not the Internet, even if the other wholes are punched through. If I really want it comming from the Internet, I could make more rules to allow that.

However, I'm happy enough, if I could just port forward things, but no other communication unless specifically allowed later, just so I can configure my AP from any subnet. If I can do that, I'm happy enough, assuming all individual networks work. What I did in my previous example, was tell everything to redirect to the firewall, which is why every IP at https reached the same router web page, but I could ping any IP.

I should have known all this, but like I said, I was tired.

I'm finding now, that for some reason, my web pages for configuration, aren't working at all. Why???

Just as an aside, I would love to see opensense be more popular. But what would it take? A major youtuber like distrotube, focusing at least half the time on opensense, and keeping his followers, then it would take really good documentation right from the website to download it from, at least 10x better than linux mint's, forums dedicated to it, that were really popular plus a section here on LQ for opensense, dedicated, and finally schools teaching both opensense and pfsense, whenever the subject comes up at all, like they teach you about linux in general now. Just that much coverage would be enough. Without all those things, people can't possibly learn it enough, who can barely use pfsense right now, so pfsense has to be the one. Unless you're the developer of opensense and know that much about it. If someone could privately tutor me, in either, I'd take it, gladly.

It's not routers in general I need to learn more about, it's this pfsense stuff. Unfortunately, even a good buisness grade microtek or dd-wrt all the way can't do what pfsense is already doing for me. I'll get this problem, with enough troubleshooting, unless I'm trying to do something that's not possible.