OTP1 Interface not working and not connecting to webGUI
-
@newbieuser1 said in OTP1 Interface not working and not connecting to webGUI:
All other interfaces on my pfSense are working, except OTP1. On the dashboard, there is no "down" signal or red arrow for OTP1. When, I connect the OTP1 socket to my laptop via an ethernet cable, I cannot connect to the IP address for OTP1 (I get a timeout request), nor do I have internet via OTP1. None of my devices that get connected to OPT (via cable) receive internet signal, or are able to connect to the webGUI.
For a device to "connect" some special actions need to happen first.
Like : the device, when you connect it, sends out a DHCP request. pfSense, on that OPT1 interface should answer a request, and give your device an IP, network, DNS, and gateway.
When you created OPT1, you had to assign it a static IP, like this :
Why 192.168.2.1 ?
Because 192.168.1.1/24 is already used by the LAN interface.
Double check that you've set the 'network' to /24 - leaving it to /32 will .... create the situation you have now - so /32 is not good.If you've set up this 192.168.2.1/24 network, you also have to activate a DHCP server for the OPT1/192.168.2.1/24 network, with a pool (of IPs) like 192.168.2.10->192.168.2.50.
Now, have a look at your device and ask it THE question : is the network fine ?
You do this by typing :ipconfig /alland then you see what IP it received, what the gateway is, and what the DNS is (both are probably 192.168.2.1 = pfSense OPT1).
On pfSense you can visit Status > DHCP Leases and see that your device was granted a DHCP "lease".There is another solution : set your device's IP settings to "static" : you have to set an IP in the pfSense OPT1 network range, like 192.168.2.2 - network /24 or 255.255.255.0 DNS = 192.168.2.1 and gateway = 192.168.2.1 and now the device is also connected.
You'll quickly understand that static IP static IP setting are very tedious to handle.Btw : DHCP will work out of the box, but you're not there yet.
If you want to do something with this OPT1 interface, you have to place at least a pass firewall, like the one you've found when you installed pfSense, on the LAN interface.
Something like this :
where LAN_Subnets should be OPT_Subnets.
Every other interface you add (OPT1, 2 etc) will have no rules so the default action will apply : traffic is blocked.
No "help me" PM's please. Use the forum, the community will thank you.
Edit : and where are the logs ?? -
Thanks. I had already set up those configuration when initially setting up pfSense. What else should I do? As mentioned, this problem happened all of a sudden, i.e. OTP1 not connecting to anything.
-
Be aware : I can't 'see' you setup, only what you show here.
So :
Did your device get a lease ?
Run for example :ipconfig /renewon the device (if it's a Windows device)
How did you set up OPT ?Like :
-
@Gertjan, thanks. Yes, the laptop that I connected to OTP1 gets an IP address from the OTP1 range when I run ipconfig/all and, yes, my set up looks like the one in your screenshot. On the dashboard, there is still green arrow up for OTP1. I also checked the "Gateway dashboard - everything is green there, too. Would appreciate your additional thoughts.
-
said in OTP1 Interface not working and not connecting to webGUI:
Btw : DHCP will work out of the box, but you're not there yet.
If you want to do something with this OPT1 interface, you have to place at least a pass firewall, like the one you've found when you installed pfSense, on the LAN interface.
Something like this :7224ddd2-a2ea-4c2b-867b-5c9e2bee3159-image.png
where LAN_Subnets should be OPT_Subnets.
Every other interface you add (OPT1, 2 etc) will have no rules so the default action will apply : traffic is blocked.
Can you confirm that the OPTx firewall rules are fine ?
-
@newbieuser1 so if your laptop gets an IP from the scope you set on your opt1 interface, and you setup a firewall rule of any any on your opt1 interface you should be able to ping pfsense IP address on the opt1 interface.
If you can not - please post up picture of your firewall rules on opt1, and do you have any rules in the floating tab that could override said rules.
Other thing that have seen as common mistake is blocking rfc1918 on the interface, bogon, etc those should not be enabled on a lan side interface.
Other problem have seen if you can ping pfsense opt1 interface - but can not ping say 8.8.8.8, user had at some point switched to manual nat vs auto - normally because they followed some stupid vpn guide at some point that said to do that.
-
If it was previously working and seemingly stopped without any change then it must be something dynamic. If your pfSense box is behind an ISP router make sure that subnet has not changed to something conflicting with OPT1.
-
Thanks a lot everyone for jumpin in! To confrim: no firewall blocking rules, no bogus networks enabled on LAN. Because it happened so sudden (and I had not changed anything for a while, actually), I am wondering whether it's because the VPN servers(set up for OPT1) went down and then it all started. I changed to a new working server (i.e. just the IP) but the loss of connection still persists...I have triple checked that the new VPN server is running and the green arrow is up on my dashborad. All my other interfaces are working fine. Hopefully, this gives a clue as to what I can try next?
-
What VPN servers? How are you using them with the OPT1 interface? Routing traffic from OPT1 clients over the VPN?
If so then changing the server might have changed the tunnel subnet to something that conflicts. Or you might need to change a NAT rule if it's not automatic.
-
@newbieuser1 said in OTP1 Interface not working and not connecting to webGUI:
wondering whether it's because the VPN servers(set up for OPT1) went down and then it all started.
You should of mentioned that in post 1.. So turn off the vpn, turn off any policy routing you have setup.. Do you now have internet via opt1, then create a post in the vpn section if you can not get whatever vpn your trying to use to work that is no longer working
-
@johnpoz Thanks, I will try that!
