VLAN accessed wirelessly can not access internet
-
@HLPPC try not using port 5 with the 5 port switch at all. Whichever one has the square around it. 1 or 5. It is evil. Unless you plug the mdix port directly into the pfsense with a straight through cable. And yeah your vlans are overkill. I sent photos of the controller gear.
-
@hasekd
Here is some random help if you want to view what country DNS or OSPF and MD5 hashes are trying to go to. It is easier to capture them in Windows but in a sterile environment. But maybe weird stuff only procs when WAPS are plugged into windowshttps://youtu.be/z6MzIDwjUmc?si=pxvOlySudx5QpDS1
Plugging stuff into IOMMU and SR-IOV motherboards may trigger loads of C++ routing, Linux ELF binaries, and stuff causing radix or patricia tree overloads or something idk. Lawd knows what it does to linux Wireless access points, BUT WAPs are pretty cool.
-
@hasekd next time I try VMs with static IP blocks I'll try giving all local hosts different IP addresses.
-
Tried many things until now and nothing have worked. Now I dont use tplink firmware, but installed OpenWRT and still have the same problem, that I am getting ip address from the network, but still can not connect to the internet. The port on switch that is connected to router should be tagged, when I made it untagged I was only able to get ip address from iot network. So I think there should be problem in the OpenWRT configuration, but I dont know where, maybe the interfaces. I can provide screenshots if you write what specificly I should show
-
@hasekd
So how did you configure the OpenWRT? As a router or as an access point? Each requires different VLAN settings. -
@viragomann as access point
-
@hasekd
So you might have a bridge device (br-lan), where you have to configure the VLANs on:
Network > Interfaces > Devices
br-lan > configure > Bridge VLAN filtering
Enable VLAN FilteringHere you have to set connected network port as tagged for your VLANs.
Then create interfaces for your VLANs:
Network > Interfaces > Add new interface > Name [give it a name] > Protocol [Unmanaged] > Device [select your Sofware VLAN: br-lan.xx]Then use these interfaces in the VLAN configuration.
Did you configure it this way?
-
@viragomann I tried it this way. Now I am connected to the wifi with the IoT interface, but I get IP from my main network. This is the configuration:
-
@hasekd
Did you also create an interface, with the VLAN device?
And is it selected in the respective WLAN settings? -
@viragomann I thought that this what I created is the interface with the VLAN device. It is selected in the WLAN
-
@hasekd
So the Wifi is connected to the VLAN and should be properly separated on the OpenWRT.However, if a Wifi device, which is connected to this SSID, gets an IP of another network it might lack anywhere else. Maybe on the switch?
-
@viragomann
This is my switch conf. On port 1 I have pfsense port 5 - homeassistant that is connected via ethrnet cable, port 4 - OpenWRT -
@hasekd
I don't know this switch, but looks plausible so far.Anyway, to investigate just plug the OpenWRT directly into the pfSense NIC port and see if you get an IP out of the VLAN then.
-
@viragomann
Still have the IP from main lan -
@hasekd
Did you even renew it?Can you post screenshots from the OpenWRT Interfaces page and the WLAN interface settings?
And as well from pfSesse Interface assignments. -
@viragomann
I did
-
@hasekd
Seems, you did all right.
So I don't understand, why the Wifi device gets an IP from the LAN.Are you sure, it got the IP from pfSense?
Check Status > DHCP Leases
The lease should be shown up there if it's from pfSense. -
@viragomann
I have it there
Or it could be something wrong with my firewall setting?
-
@hasekd
I don't think so. DHCP requests from the client go to the broadcast address. If this IP is coming from the IoT network it would only be able to go to the main DHCP server (to the other network) if you have bridged both on pfSense, which wouldn't make any sense if you intend to separate the networks. -
@viragomann
I tried to make renew again and now I get IP address from OpenWRT I think, because it is not listed in the pfsense leases and also I have DHCP from 10.64.27.10 - 10.64.27.60 and I have 10.64.27.130