VLAN accessed wirelessly can not access internet

hasekd · Jul 11, 2024, 4:37 PM

JonathanLee · Jul 11, 2024, 4:40 PM

@hasekd run a trace route and see where the packets fail.. Did you set your DNS to allow resolution form your IOT side also?

login-to-view

Does Network interfaces have IOT selected?

JonathanLee · Jul 11, 2024, 4:41 PM

login-to-view

Also have you enabled DHCP on that interface?

hasekd · Jul 11, 2024, 4:47 PM

@JonathanLee I have everything allowed and enabled. Maybe the WAP is the problem I will try to change for a different one and maybe install OpenWrt on it and I will see. On this I can not install it. I did not find any tutorial to set up this on tp-link, but for OpenWrt tutorials are available

viragomann · Jul 11, 2024, 4:59 PM

@hasekd said in VLAN accessed wirelessly can not access internet:

Maybe If I install OpenWrt on my wap it will be easier to config?

At least I can tell you, that I'm successfully running an OpenWRT WAP with 5 VLANs behind pfSense.

Maybe you should try to change your VLAN ID 1 into something else. Some devices don't work properly, when you have tagged and untagged packets on the same interface.

hasekd · Jul 11, 2024, 5:02 PM

@viragomann Okay, I will try it with the OpenWrt and also try to change the VLAN id 1 to something else

JonathanLee · Jul 11, 2024, 5:41 PM

OpenWRT works fine I tested it out with AP dummy mode on mine.

JonathanLee · Jul 11, 2024, 5:42 PM

@hasekd does your AP have the DNS set as the firewall and or is it in bridge mode or is it handing out dhcp also?

hasekd · Jul 11, 2024, 5:59 PM

I could not find any of these settings on the AP. I have now disconnected it and will change for some else. I will let then know if I figure it out with the other one.

JonathanLee · Jul 11, 2024, 8:13 PM

@hasekd that ACL allows access to everything any VLAN or interface fyi

HLPPC · Jul 12, 2024, 2:13 AM

@hasekd Some TP-Link switches have an MDIX port and some require a crossover cable. And some have a line above two or three ports which mean you can use only one of these two or three ports for WAN/LAN.

HLPPC · Jul 12, 2024, 2:57 AM

@HLPPC Also, I don't think any port should be tagged except the one from the pfSense, which is doing the tagging and untagging on that port. This guide also recommends disabling vlan 1: https://youtu.be/5ohLAFHnOHg

He has a TL-SG108E which can use a straight through cable with the pfsense but on my ISP router 100% needs a crossover. The TL-SG105E has an MDIX port though, and connecting two of those switches likely needs a crossover cable, or at least it matters between the two different types of TP-Link switches. MDI to MDI.

Those are like, my favorite switches for now but easy af to softlock yourself out if you disable vlan 1, and doing so messes with pfBlocker and maybe VPN

HLPPC · Jul 12, 2024, 3:36 AM

@hasekd also I got a tplink wap working with vlans through pfsense itself but it has some lib-c issues maybe with beamforming or mu-mimo and compression. I think their library is zlib or libz or something. The firmware is online but I'd rather have this omada setup entirely for it. Omada controller, jetstream switch.

The lack of the library or whatever is missing for it in pfSense can cause some videogames to bug out but it worked rather swell otherwise (A+ bufferbloat with traffic shaping) (could have been my jank mobo too ). Begged for ntp and upnp constantly but can be port forwarded to pfsense. Also tries talking over strange high range subnets like 224.0.0.0-239.0.0.0 last time I tried it.

HLPPC · Jul 12, 2024, 2:40 AM

@HLPPC tagging the wifi traffic also may require devices to be tagged which is overkill for trunking. Trunking and retrunking is a headache.

HLPPC · Jul 12, 2024, 3:37 AM

@hasekd https://youtu.be/8ht_myXKfvQ

time 1:20 explaining the switch ports if they are there. ~~You probably want a xover~~. Easy to cut.

Edit: mybad you have one switch. Jeeze I am daft sometimes

I can't say I had a good or bad time trying a crossover cable to the wap but some are POE, which I definitely wouldn't crossover directly. And because of that linux library issue got a compatible PoE switch and have yet to plug it all together.

HLPPC · Jul 12, 2024, 3:19 AM

@HLPPC try not using port 5 with the 5 port switch at all. Whichever one has the square around it. 1 or 5. It is evil. Unless you plug the mdix port directly into the pfsense with a straight through cable. And yeah your vlans are overkill. I sent photos of the controller gear.

HLPPC · Jul 13, 2024, 8:36 PM

@hasekd
Here is some random help if you want to view what country DNS or OSPF and MD5 hashes are trying to go to. It is easier to capture them in Windows but in a sterile environment. But maybe weird stuff only procs when WAPS are plugged into windows

https://youtu.be/z6MzIDwjUmc?si=pxvOlySudx5QpDS1

Plugging stuff into IOMMU and SR-IOV motherboards may trigger loads of C++ routing, Linux ELF binaries, and stuff causing radix or patricia tree overloads or something idk. Lawd knows what it does to linux Wireless access points, BUT WAPs are pretty cool.

HLPPC · Aug 2, 2024, 9:18 AM

@hasekd next time I try VMs with static IP blocks I'll try giving all local hosts different IP addresses.

hasekd · Aug 2, 2024, 9:18 AM

Tried many things until now and nothing have worked. Now I dont use tplink firmware, but installed OpenWRT and still have the same problem, that I am getting ip address from the network, but still can not connect to the internet. The port on switch that is connected to router should be tagged, when I made it untagged I was only able to get ip address from iot network. So I think there should be problem in the OpenWRT configuration, but I dont know where, maybe the interfaces. I can provide screenshots if you write what specificly I should show

viragomann · Aug 15, 2024, 1:11 PM

@hasekd
So how did you configure the OpenWRT? As a router or as an access point? Each requires different VLAN settings.