Unable to get OPT1 to work

viragomann

@a-networking-noob
Are you running pfBlockerNG or similar on pfSense? Maybe it blocks what the devices try to connect to to determine internet connection.

a-networking-noob

@SteveITS said in Unable to get OPT1 to work:

@a-networking-noob On OPT do you have firewall rules allowing access? LAN has default allow-to-any rules for IPv4 and IPv6.

Yes I do. Here's what I set up:

a-networking-noob

This post is deleted!

a-networking-noob

This post is deleted!

a-networking-noob

@viragomann said in Unable to get OPT1 to work:

@a-networking-noob
Are you running pfBlockerNG or similar on pfSense? Maybe it blocks what the devices try to connect to to determine internet connection.

Not to my knowledge. I'm just using pfSense as is...

a-networking-noob

@a-networking-noob said in Unable to get OPT1 to work:

@SteveITS said in Unable to get OPT1 to work:

@a-networking-noob On OPT do you have firewall rules allowing access? LAN has default allow-to-any rules for IPv4 and IPv6.

Yes I do. Here's what I set up:

And here are my LAN firewall rules:

SteveITS

@a-networking-noob Well the allow OPT1 Net to any rule says it's handled 2 GB of traffic which verifies that part is OK, also you did with a wired device.

Getting different results with different devices is unexpected. Are those devices getting a DHCP address in your OPT1 range? (did you set up DHCP on it?) Do you have any floating firewall rules? If so try disabling those.

Gertjan

@a-networking-noob said in Unable to get OPT1 to work:

and my OPT1 port is assigned to 192.168.49.1

So this is what you have :

The /24 at the right side is important ( this one is often set wrongly ...... and the interface doesn't seem to "work" any more )
For example, a /32 will "break everything".

When you create/activate an interface, you also 'have to' set up a pfSense DHCP server for that (OPT1) interface :

Goto Services > DHCP Server > OPT1 and check "enable"
Check that these show these numbers :

Subnet 192.168.49.0
Subnet mask 255.255.255.0
Available range 192.168.49.1 - 192.168.49.254

and select a pool range, for example

From 10 To 100

Save - and Apply.

From now on, when you connect a device on the OPT1 interface, check that the device got a DHCP lease.
A Windows PC : type

ipconfig /all

Any other device : you should now how to check network settings.

On pfSense : Goto Status > System Logs > DHCP and you see the device you've connected doing the DHCP request.

Btw : I presume your devices all use "DHCP", as already said above, and don't have a static IP setup. Static is also possible, but you are not allowed to make mistakes ^^

a-networking-noob

@Gertjan Thanks for trying to help by walking me through all that. I had all the correct settings already including the /24 for the IPv4 Address, DHCP server enabled for OPT1, the subnet and subnet mask values all matching what you showed, and a pool range set from 100-254.

When I then switched my smartphone to try to connect to the WiFi (on OPT1) and checked the phone it said the IP address assigned was 192.168.49.101 which matches what I found under the Status - DHCP Leases on pfSense - 192.168.49.101, lease type Active and Online. But the phone still says it's connected but no internet access.

Still baffled...

a-networking-noob

@SteveITS said in Unable to get OPT1 to work:

@a-networking-noob Well the allow OPT1 Net to any rule says it's handled 2 GB of traffic which verifies that part is OK, also you did with a wired device.

Getting different results with different devices is unexpected. Are those devices getting a DHCP address in your OPT1 range? (did you set up DHCP on it?) Do you have any floating firewall rules? If so try disabling those.

No floating firewall rules. And yep, DHCP is set up and my smartphone does show up in the DHCP leases, but the phone still says no internet access.

gfvalvo

Not sure if it's the same issue(s) folks in this thread are having, but I just resolved my own "OPT1 Problem". See: This Thread

Brett 1

Sorry I forgot to reply. I restored the device, set up interfaces in the terminal, and changed the firewall rules. All interfaces are working.

Gertjan

@a-networking-noob said in Unable to get OPT1 to work:

connect to the WiFi (on OPT1)

There is another device between your phone and pfSense : the access point .....

Also : can you connect to 192.168.49.1 and see the login page of pfSense ?

DNS works on your phone ?
Does it use "192.168.49.1" = the resolver, or something else ?

Can you wire up (using the cable) a device to OPT1, and then check ?

a-networking-noob

@gfvalvo said in Unable to get OPT1 to work:

Not sure if it's the same issue(s) folks in this thread are having, but I just resolved my own "OPT1 Problem". See: This Thread

Seems you lucked out! I tried the DNS trick you used but didn't solve my issue. :/

Thanks anyway...

a-networking-noob

@Gertjan said in Unable to get OPT1 to work:

@a-networking-noob said in Unable to get OPT1 to work:

connect to the WiFi (on OPT1)

There is another device between your phone and pfSense : the access point .....

Also : can you connect to 192.168.49.1 and see the login page of pfSense ?

No - I only have one extra firewall rule set up for OPT1 to block access to pfSense

But even after disabling that rule, I still can't connect to the WiFi on OPT1.

DNS works on your phone ?
Does it use "192.168.49.1" = the resolver, or something else ?

Yes. The IP address my phone gets is in the pool range I set, and the DNS is 192.168.49.1 which matches what is shown on pfSense DNS resolver.

I've tried it with a 2nd phone and got the exact same result - can connect to the WiFi but no internet access.

Can you wire up (using the cable) a device to OPT1, and then check ?

Connecting my laptop to my OPT1, either by direct cable connection, or through WiFi, I can access the internet fine.

Gertjan

@a-networking-noob said in Unable to get OPT1 to work:

Connecting my laptop to my OPT1, either by direct cable connection, or through WiFi, I can access the internet fine.

Ok, good
This excludes cables, the access point, pfSense, the OPT1 interface.

Ditch the phones, and done. (joking of course).
You didn't tell anything about these phones, but they are (most probably) the issue.
They do communicate just fine : the DHCP exchange was happening.
(still hoping that you still can confirm that it did received a correct IP, and gateway, and DNS - and that you could do a DNS lookup with them, just to know that it does communicate with pfSense)

The solution might be available in the phones : delete the Wifi entry - and re-connect to that wifi SSID again.

a-networking-noob

@Gertjan said in Unable to get OPT1 to work:

@a-networking-noob said in Unable to get OPT1 to work:

Connecting my laptop to my OPT1, either by direct cable connection, or through WiFi, I can access the internet fine.

Ok, good
This excludes cables, the access point, pfSense, the OPT1 interface.

Ditch the phones, and done. (joking of course).
You didn't tell anything about these phones, but they are (most probably) the issue.

I'm using a couple of Android phones. One an older LG G6 stock, the other a Pixel 5a running CalyxOS. I can't believe the phones are the problem since I've never had issues with them connecting to the internet via WiFi at home, at work, etc...

They do communicate just fine : the DHCP exchange was happening.
(still hoping that you still can confirm that it did received a correct IP, and gateway, and DNS - and that you could do a DNS lookup with them, just to know that it does communicate with pfSense)

Yes, I did confirm that the phones do get an IP address, gateway and DNS that match what is shown in pfSense and lines up with the OPT1 settings.

The solution might be available in the phones : delete the Wifi entry - and re-connect to that wifi SSID again.

Unfortunately, this did not solve it. After deleting the WiFi entry, and re-connecting to the WiFi on OPT1, I get the exact same result - connects to WiFi but no internet.

Gertjan

@a-networking-noob said in Unable to get OPT1 to work:

Unfortunately, this did not solve it.

Another test :

Goto Diagnostics> Packet Capture

Select the OPT interface, like :

and enter the IP of your phone :
Like this :

and then hit the green start buton.

From now on, at the bottom, you will see everything that pfSense receives at the OPT1 from your phone (device with IP 192.168.49.x).

You will see the DHCP negotiation traffic, a couple of packets.
And then : what did you see ?

johnpoz

@a-networking-noob said in Unable to get OPT1 to work:

gateway and DNS that match what is shown in pfSense and lines up with the OPT1 settings.

I have seen users setup a nat router as their wifi.. Where the network wifi router is handing out is the same as what pfsense network is.. So yeah looks correct, but yeah never going to work..

Or they their wifi setup as guest, and can not talk to wire, and while dhcp might work - when they actually go to talk to pfsense IP for dns or to get out to the internet, doesn't work..

Gertjan

@johnpoz said in Unable to get OPT1 to work:

I have seen users setup a nat router as their wifi..

I'm presuming the Access Point is set up as an access point (! ) and doesn't have any firewall / router / dhcp capabilities activated. If so, all bets are off.

The packet capturing would show the MAC address of the phone (not the AP !!) and show the DHCP request from the phone etc.