pfSense + Unifi network, LAN works not WIFI
-
@johnpoz It was like that I set it up.
Just to kick start the network I removed all the vlans (kids...).
That works just fine. But to explain my Unifi setup:
pfSense running inside a VM on Proxmox, it has 2 physical NICs all for it self.
I created one vlan, using tag 10, 10.10.10.0/24.
Assigned it to the lan network, as seen in the image. I setup two DHCP servers one for the base-lan and one for vlan.10.From lan to Unifi Switch 8 port, ports untagged, to Switch 8p POE.
From the Switch 8p POE to a Unifi Flex Switch which has 2 more APs connected to it. All ports are still untagged.In the controller I had (yes had) three networks setup, one base-lan, one for wifi, hedmanvlan, tag 10, and one guestnet, tag 111.
In the setup of the wifi-network I tell the wifi network to use hedmanetvlan. -
So I did remove all the vlans and assigments.
Remade the vlan, assigned it, created the dhcp server.Started a VM with Ubuntu to connect to vlan 10, the VM can not connect to the network.
This is my issue, the clients cannot connect to vlan network. On the dashboard Traffic graph there no activity on the vlan.
What is missing? Firewall rules? Gateway? Please help. :)
-
@swemattias said in pfSense + Unifi network, LAN works not WIFI:
pfSense running inside a VM on Proxmox, it has 2 physical NICs all for it self.
Given you have two NIC just for pfsense have you tried passing them through to the VM running pfsense. It is actually easy to do
- Enable pass through in Proxmox
- Create a VM without any NIC
- For that VM goto hardware -> add pci device to add each NIC
- Install pfsense on that VM
- Restore pfsense configuration from backup
- Goto VM console to reassign the NIC
-
@patch No I have not, but that I will try. Did you have to do that to get VLANs to work over LAN?
-
@swemattias
No but it simplifies the network interface.Currently the Vlan must be passed through
- hardware NIC
- Proxmox
- pfsense
A configuration error in which could stop it working.
With pass through the only components are- hardware NIC
- pfsense
-
@patch I agree, but my setup atm:
hardware NIC: dedicated to pfSense VM, LAN is vlan aware.
Proxmox: Set up the VM as of what Netgate recommends for Proxmox.
pfSense - here the issue lies. I think. -
Run a packet capture on LAN for UDP port 67 with promiscuous mode enabled.
Try to connect client on the VLAN and pull a DHCP lease.
You will see the incoming tagged dhcp requests in that capture. If you do not then the VLAN traffic is not being passed to the VM either in the switches or in Proxmox.
Our guide for installing in Proxmox does not include any VLAN config. Since you have set the bridge as VLAN aware it will probably be filtering VLAN tagged traffic unless it's configured to pass VLAN 10.
https://pve.proxmox.com/wiki/Network_Configuration#_vlan_802_1qSteve
-
@stephenw10 Thank you for your anwser.
I did do a package capture as you said, and the result was a blank box of nothing.So then it is a Proxmox problem, good to know, at least a fall forward instead of nothing. So I will head over to their forums to seek for a solution.
While writing those questions I added the proxmox guide from Netgates forums and this is when I discovered that I had misread the Hardware Checksum Offloading box and I had unchecked the box, not checked it.
That is now taken care of.
Also the guide sais VirtIO Block as hard drive, I missed that and created a SCSI one. Do I need to change that? -
So the solution...
I got it from Reddit (where else...)
A user there told me that he to all the tagging inside Proxmox and run everything inside pfSense untagged.
Like this: https://imgur.com/a/YbZpaxbSo in short this has nothing to do with pfSense or Netgate, I just thought it would be a good idea to post the solution if someone else searches and finds this thread.
-
Ah OK so you just added an extra virtual NIC that's tagged as VLAN10 in Proxmox. Nice.
-
@swemattias nic pass though to pfsense is simpler imo. Hardware off loading can also then still be used
