Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Mikrotik + Pfsense troubles

    Scheduled Pinned Locked Moved General pfSense Questions
    6 Posts 2 Posters 716 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      celin
      last edited by

      Hi guys, i don't know much about network configuration at all, thats my first timing setting a a captive portal and i found some troubles.

      On the company network, I have a MikroTik as the default gateway, which is connected to a switch where devices are wired and receive IP addresses via DHCP from the MikroTik in the 192.168.1.0/24 network. For Wi-Fi, I use pfSense with a captive portal.

      The pfSense has the IP address 192.168.1.204, its WAN interface is in the 192.168.1.0/24 network, and its LAN interface is in the 192.168.50.0/24 network. PfSense assigns IP addresses via DHCP to clients connected to Wi-Fi.

      The networks can communicate with each other, but there is a significant drop in speed when traffic goes from the 192.168.1.0 to the 192.168.50.0 network. Additionally, network discovery does not work correctly. Printers and Wi-Fi cameras cannot be discovered by devices connected directly to the MikroTik, and when configured manually, they work but with extremely low speed.

      Firewall rules are configured directly on the MikroTik, with pfSense used solely as a captive portal and for logging user activity.

      Any ideas why this happen?

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        What are you using for the wifi hardware? A wireless NIC in pfSense?

        Devices discovery generally doesn't work between subnets like that. Additionally the Mikrotik would need a route to 192.168.50.0/24 via 192.168.1.204 to be able to reach it at all. Anything in the 192.168.1.0/24 subnet trying to access 192.168.50.0/24 will end up with an asymmetric route. That can cause low speeds.

        Steve

        1 Reply Last reply Reply Quote 0
        • C
          celin
          last edited by

          Thanks for the reply!

          We are using unifi ac pro for the wifi, connected directly in a second network adapter from the server.
          We will verify the routing rule.

          1 Reply Last reply Reply Quote 0
          • stephenw10S stephenw10 moved this topic from Wireless on
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            Ok this is not a wireless specific issue then it's a routing problem.

            Why have you added pfSense here? Usually that's done to add separation between wired and wireless networks but to do that correctly you need to have both networks going to one router directly.

            C 1 Reply Last reply Reply Quote 0
            • C
              celin @stephenw10
              last edited by

              @stephenw10

              We added the pfsense to use the captive portal and get access log using squid proxy

              1 Reply Last reply Reply Quote 0
              • stephenw10S
                stephenw10 Netgate Administrator
                last edited by

                Ok. You still need to do something to avoid route asymmetry. So that would be either putting LAN onto a pfSense interface or moving the pfSense WAN to a different interface on the Mikrotik router.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.