DNS Issues With AP Mode (Nighthawk XR1000) Wireless Clients
-
Hello everyone,
For about week now I have been researching and hunting down a fix of what I consider to me a weird issue. First off my network setup...
ISP -> pfsense (installed on Protectli Vault FW4B) (both in family/sitting room) -> UniFi USW 24 PoE (Standard 24 PoE) (in master bedroom closet, with TrueNas Server, all LANs, and IP Cams connected) -> Netgear GS308EP (8-Port Gigabit Ethernet PoE+, PoE is turned off and is a dummy switch) -> Nighthawk XR1000 in AP Mode (in family/sitting room for maximum WiFi coverage) connected via LAN port on both AP and 8 port. The reason for the 8 port is because I gave my old server to stepson and he said its too loud/no space for his room.
Hope that made sense lol.
My issue, AP and all wireless devices gets IP, DNS, and Gateway addresses from pfsense (both DNS and Gateway addresses for clients is pfsense IP 10.0.0.0). They can connect to internal network (including AP) but no Internet access and cannot ping/connect to pfsense. LAN devices are working flawlessly, but here is where I am confuse.... my personal cellphone (S24) has Internet access and can ping/connect to everything without issues... why though.... and it is connected to same the AP and the other wireless device consist of iPhones, MacBooks, Android phones, and Google tablets (Amazon and Samsung). Why is my phone the only wireless device that has zero issues?
I have tried disabling the firewall option, pfBlockerNG, DNS resolver, adding firewall rules to Pass all LAN connections with Any protocol via WAN and LAN. DHCP Server - Enabled, DHCP Relay - Disabled, DNS resolver - Enabled, DNS forwarder - Disabled, -UPnP & NAT-PMP - Enabled (I did disable this and nothing changed). Also on the Interface page I only have option for WAN and LAN no Wireless option. The XR1000 AP mode acts as a wireless access point, extending an existing network's WiFi coverage, but disables features like DumaOS, VPN, parental controls, also saw no options for client isolation.
Any help would be greatly appreciated. I tried providing as much info I could to help quicky diagnose this issue.
Thank you.
-
Fixed, just did a factory reset for pfsense. Not sure what was broken.
-
@Kevo89 Glad you got it sorted.
For the record allowing all inbound on WAN is a Bad Idea, unless maybe you have double NAT from the ISP router.
-
@SteveITS said in DNS Issues With AP Mode (Nighthawk XR1000) Wireless Clients:
@Kevo89 Glad you got it sorted.
For the record allowing all inbound on WAN is a Bad Idea, unless maybe you have double NAT from the ISP router.
Yeah figured as much but I was trying EVERYTHING I saw online. But yes, after A LOT of thinking I was like... "Is my ISP firewall still on... that is a double NAT".... It was and put my pfsense router in DMZplus within my ISP gateway and of course did not fix the issues... Went to work the next day and came home to no Internet on my PC (which always had Internet connection) and that is when I said YOLO and reset pfsense.
Came home today and no network and Internet on all devices, did some GoogleFoo and came across adding Watchdog to restart the DHCP Server when it fails (Which is what I think happened because I could not access pfsense or my Unifi Switch unless I hard restart the pfsense router). So fingers cross when I get home tomorrow from work lol.
-
@Kevo89 Are you using Kea for DHCP? I don't think it's still technically out of "feature preview" even in 2.8, but 2.8 should bring several improvements. Or you can use ISC DHCP. At least, the release notes for CE and Plus haven't mentioned it leaving feature preview that I've noticed.
Point is, you shouldn't have DHCP crashing. :) If it stops you can set a static IP on your PC and then connect to pfSense.
-
@SteveITS said in DNS Issues With AP Mode (Nighthawk XR1000) Wireless Clients:
@Kevo89 Are you using Kea for DHCP? I don't think it's still technically out of "feature preview" even in 2.8, but 2.8 should bring several improvements. Or you can use ISC DHCP. At least, the release notes for CE and Plus haven't mentioned it leaving feature preview that I've noticed.
Point is, you shouldn't have DHCP crashing. :) If it stops you can set a static IP on your PC and then connect to pfSense.
No, I'm not using Kea. There is the notification at the top about isc dhcp and I did try to switch but all the ip leases were gone and didn't seem to work so I was like, nope not switching yet ill wait lol. I'm running pfsense 2.7.2.
I did set my computer to static ip, gateway, dns etc and I got internet but was not able to connect to pfSense (another reason why i did a factory reset lol) or my unifi switch, and I think it was because my unifi switch (which everything is connected to except the pfsense router) was not getting an ip from pfsense and defaulted to a 192 ip and 10 that i have my lan set too.
Ill post back tonight when I get home after work if my house to has a network lol (so far yes, because I'm connected via tailscale to see if could connect to pfsense) and I do it's probably because watchdog restarted the isc dhcp server. Also, thanks for replying.
-
So far so good, I'll know tomorrow for sure.