I have quad-port nic set up with a WAN, LAN1, LAN2 and W_LAN. The entire network is setup to go through a VPN (ExpressVPN) except LAN1. The PC I am trying to use to connect to the modem is on LAN1.
For LAN1 I have my LAN1 net any any rule set to use the WAN_PPPOE gateway so that it does not go through the VPN.
I do not understand why the following allowed me to access the modem from LAN1 but what I ended up doing was creating a new rule with my LAN1 pc IP address as the source and Modem_Access net as the destination. On this new rule I left the gateway as default. This causes the connection to go through the VPN but it works.
So, though I do not understand why it wouldn't work using the WAN_PPPOE gateway it does work when not setting a gateway for the above rule.
If anyone understands why creating a rule with no gateway chosen works please let me know so that I have a better understanding.
Things that tripped me with Unifi APs before were:
Make sure your clients firewall is off…I couldn't access my AP when using a Mac unless I turned off my Mac firewall(I have read similar issues with a PC firewall)
Unifi doesn't work well on VLANs i.e. controller and AP need to be on a non VLAN and on the same L2(same IP interface)
Also explore their CloudKey pretty slick and despite the name doesn't require you to access it via the "Cloud"....
Good luck....
And the culprit is….. the NIC :(
I've disabled it and used a - gasp - USB3 one I had knocking around.
So far, so good. Get a shade over 200Mb/s throughput which is more than ample for my needs (IoT wifi)
I wanted to follow up on this issue. I noticed some of my other 2.4Ghz devices were offline after a few days and restarted the router I was using as a wireless AP. That seems to be the issue. It has dropped service again after just a day but only the 2.4Ghz band. It looks like it may be on the way out.
If you have a network 192.168.x/24 lets call it - and your on 192.168.x.100 and plex is on 192.168.x.101 - no pfsense would never see that traffic. The only thing plex might have to do is resolve plex.whatever.tld your using to 192.168.x.101
Yes if your .100 box is talking to your .101 plex server the dest would be 32400.. That is IT.. and the source would be whatever random high port your client is using for that session.. Something above 1024 and below 65515..
The only time pfsense would be involved in the traffic is if it was routing it.. so clients on 192.168.x/24 while your plex is on 192.168.y/24
It looks like your currently just running a specific vlan for each AP based on what switch you plugged it into. Any dumb AP could do that, even some wifi router being used an AP. The brief 2 seconds I looked at the specs of that AP model is it supports vlans. So you should be able to run I would think at least 4 different vlans on the AP based upon SSID.
Depending on the AP features - you could also do dynamic vlans based upon auth or mac, etc.
But sure each of your AP should be able to do all 4 of those vlans.
SSIDA - vlan5
SSIDB - vlan10
SSIDC - vlan15
SSIDD - vlan20
you should be able to do that on each AP.. Not sure how many SSID those AP support. The unifi stuff can do 8 per band.. So if you wanted you could do 8 on 2.4 and 8 on 5ghz.. for a total of 16.. You will have to read the specs on your specific AP on how many SSID you can use on the same AP.
192.168.3.1.53: UDP, length 39
So that is your client at 192.168.3.3 asking for dns.. Pfsense does not answer - so no how would the client go to any website? if can not look it up. So looks you do not have unbound running or forwarder working at all.
Or you don't have any firewall rules on this interface to allow access? The lan interface would have a default any any rule on it. Some new interface you created would not have any rules you would have to put either an any any or the rules you would like to allow.
Pfsense will create behind the scene firewall rules to allow for dhcp to work.. But I only see this
23:37:25.457114 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 300
23:37:25.457435 IP 192.168.3.1.67 > 192.168.3.3.68: UDP, length 300
there should be more.. from what have to assume is the discover there to FF:67, the answer would be a offer - but you should then see a request and ack..
But clearly from this whatever .3 is sending traffic to .1 (pfsense).. I take it .3 is a wifi client? So where are the rules on this interface on pfsense?
It is always usefull to run a fsck on a system.
At best, it finds nothing to do. Your disk is marked clean again and the system will boot.
At worst, it will tell you it could repair things and you know you won a trip to the local "new disk store".
The situation is pretty identical to what we have been seen the last two decades with a non-clean shutdown of a Windows PC. It's CHKDSK time ;)
Hi,
Can you detail what method you have chosen for authentication ?
Try this:
Read https://doc.pfsense.org/index.php/Captive_Portal_Troubleshooting (this is the doc that explains everything - never leave home without it)
Access console and run
ipfw table all list
See that _auth_up tableand _auth_down table contains IP AND MAC of every authenticated device.
Disconnect all users.
Set soft time out on portal interface to 10 minutes.
Set hard time out on portal interface to 15 minutes.
Use a device (the PC, Smartphone, pad, whatever) to authenticate.
Run
ipfw table all list
again and see that your device is on the list - the two tables. Is this MAC and IP the IP and MAC of your device ??
Shut down wifi on your device.
After 10 minutes probably and 15 minutes sure the tables will be empty.
Run
ipfw table all list
every minute or so to to check.
Activate wifi on device and check that connection to the Internet is lost.
