VLAN accessed wirelessly can not access internet
-
@Gblenn You mean this?
-
Have you created access control lists on the interface you assigned your vlans?
-
@JonathanLee Well I do not know what you mean, so no. How to do it please? Maybe If I install OpenWrt on my wap it will be easier to config?
-
@hasekd What is listed on your interfaces tab?
-
@JonathanLee I have there the VLAN, LAN and WAN
-
@hasekd Do you have any rules listed for your VPN like this..?
I am sure you do just checking
-
@JonathanLee Only this
-
@hasekd run a trace route and see where the packets fail.. Did you set your DNS to allow resolution form your IOT side also?
Does Network interfaces have IOT selected?
-
Also have you enabled DHCP on that interface?
-
@JonathanLee I have everything allowed and enabled. Maybe the WAP is the problem I will try to change for a different one and maybe install OpenWrt on it and I will see. On this I can not install it. I did not find any tutorial to set up this on tp-link, but for OpenWrt tutorials are available
-
@hasekd said in VLAN accessed wirelessly can not access internet:
Maybe If I install OpenWrt on my wap it will be easier to config?
At least I can tell you, that I'm successfully running an OpenWRT WAP with 5 VLANs behind pfSense.
Maybe you should try to change your VLAN ID 1 into something else. Some devices don't work properly, when you have tagged and untagged packets on the same interface.
-
@viragomann Okay, I will try it with the OpenWrt and also try to change the VLAN id 1 to something else
-
OpenWRT works fine I tested it out with AP dummy mode on mine.
-
@hasekd does your AP have the DNS set as the firewall and or is it in bridge mode or is it handing out dhcp also?
-
I could not find any of these settings on the AP. I have now disconnected it and will change for some else. I will let then know if I figure it out with the other one.
-
@hasekd that ACL allows access to everything any VLAN or interface fyi
-
@hasekd Some TP-Link switches have an MDIX port and some require a crossover cable. And some have a line above two or three ports which mean you can use only one of these two or three ports for WAN/LAN.
-
@HLPPC Also, I don't think any port should be tagged except the one from the pfSense, which is doing the tagging and untagging on that port. This guide also recommends disabling vlan 1: https://youtu.be/5ohLAFHnOHg
He has a TL-SG108E which can use a straight through cable with the pfsense but on my ISP router 100% needs a crossover. The TL-SG105E has an MDIX port though, and connecting two of those switches likely needs a crossover cable, or at least it matters between the two different types of TP-Link switches. MDI to MDI.
Those are like, my favorite switches for now but easy af to softlock yourself out if you disable vlan 1, and doing so messes with pfBlocker and maybe VPN
-
@hasekd
also I got a tplink wap working with vlans through pfsense itself but it has some lib-c issues maybe with beamforming or mu-mimo and compression. I think their library is zlib or libz or something. The firmware is online but I'd rather have this omada setup entirely for it. Omada controller, jetstream switch.
The lack of the library or whatever is missing for it in pfSense can cause some videogames to bug out but it worked rather swell otherwise (A+ bufferbloat with traffic shaping) (could have been my jank mobo too
). Begged for ntp and upnp constantly but can be port forwarded to pfsense. Also tries talking over strange high range subnets like 224.0.0.0-239.0.0.0 last time I tried it. -
@HLPPC tagging the wifi traffic also may require devices to be tagged which is overkill for trunking. Trunking and retrunking is a headache.
