Smart TV - Mobile connection

ashima

I think in your pfsense box you need to create vlans.

For NIC 4 create two vlan - One with vlan id 10 (AP_WIFI) with ip 192.168.4.1
                                            Second with vlan id ??? (AP_WIFI_GUESS)  with ip 192.168.5.1

Create firewall rules accordingly.

In DHCP server for AP_Wifi , set the Gateway as 192.168.4.1
and for AP_Wifi_Guess, set the Gateway as 192.168.5.1

Let me know if you have any doubts.

Good Luck,
Ashima

divsys

I thought the traffic always goes to pfsense. So, if I want to deny traffic between 192.168.4.10 and 192.168.4.11?.

Traffic goes through pfSense when it's between NICs. LAN<->WAN, LAN<->AP, AP<->WAN, etc.
Everything else is handled by switches attached to the NICs.

In your case you only have a single device tied to each NIC except the AP which has a wireless switch, your TP-Link.
There's no need for the TP-Link to ask pfSense anything about 192.168.4.10 <-> 192.168.4.11, it knows the MAC addresses of the devices and their wireless links.
So traffic goes through TP-Link directly and pfSense has no chance to block/redirect/analyze at all.

Can you post a screen shot of your NIC configurations?
Also your DHCP Leases would be useful.

I'd like to know how a device gets a 192.168.5.x address if there's no DHCP running on the TP-Link.

kipTry

Hi,

Interfaces: http://postimg.org/image/u5cc35941/
Interface AP_Wifi: http://postimg.org/image/wleivb7zh/
DHCP Server for AP_WIFI: http://postimg.org/image/o7u4msus3/
Mappings (dhcp server ap_wifi): http://postimg.org/image/wx0kltdt9/
*AP_LinAP is AP_WIFI and AP_LinInvitados is AP_GUEST in the previous diagram.

Both devices are connected to AP_LinAP.

I remember that I have internet connection in tv and mobile and I can ping the tv from mobile. The problem is connecting the mobile to the tv using the app.
Also, if I setup a wireless zone with my mobile, and I connect the tv and another mobile to that wifi, everything works, so TV and app is working properly.

If the traffic never goes to pfsense, the problem must be in TP-LINK. But, the configuration in TP-LINK is very simple…

Thanks

divsys

Can you post your "Status->DHCP Leases" page?

kipTry

DHCP Leases: http://postimg.org/image/sewvkn9kt/

Right now the tv is off, for that it appears as offline.

divsys

That all looks Ok.

If your TV is actually using the address assigned by pfSense (can you check the config on the TV menu?) and your phone is doing the same (again, check it) then the TP-Link is the only thing between that traffic.

It might be worthwhile moving the TV or your phone to the 192.168.5.x subnet, then you could log the traffic from one to the other through pfSense.
Unfortunately, it's entirely possible that your TV or your phone won't like it if they're on different subnets.
Can't hurt to try though.

Other than that, get a different WAP (even a single SSID one) to try and prove the TV can work with your phone in this setup.

Guest

My mobile IP: 192.168.4.2
My tv IP: 192.168.4.3

And if now the client isolation is activated the both devices could not connect or play nice each with another one!
Please be sure that the "WiFi client isolation is off".

kipTry

Hi,

well, I reset my TP-LINK. Now, without vlans and without security (open wifi).

pfsense -> TP-link: Interface AP (192.168.3.0/24).

I tried 2 ways: DHCP in pfsense and disabled in tp-link, and dhcp enabled in tplink and disabled in pfsense.  I have internet connection and so on, but the app doesn't work.

AP isolation is disabled.

I don't understand what the hell is happening here…

divsys

I tried 2 ways: DHCP in pfsense and disabled in tp-link, and dhcp enabled in tplink and disabled in pfsense.  I have internet connection and so on, but the app doesn't work.

If you setup DHCP on the TP-Link (and disabled on pfSense) then a full power cycle of all TP-Link attached devices should force them onto one subnet managed by the TP-Link.
In that case either the TP-Link is stopping traffic, or the "TV-app" has to communicate through the internet rather than directly to the TV, in which case you should see something from the phones app going out WAN (and an attempt back in through WAN that's probably blocked).

What's the make and model of the TV?

I still think it's worthwhile trying to find another cheap/simple WAP and remove the TP-Link variable from the equation.

kipTry

Well, I did a lot of test and I can't find the problem.

Definitely, it is not a problem of pfsense. As divsys said, I'm going to use another AP to see what happens.

I did these tests:

• No vlans
• No security in TPLINK
• DHCP in tplink or DHCP in pfsense
• Review of logs…

TPLINK allows these operation modes:  (1)Access Point (2)Multi-SSID (3)Client (4)WDS Repeater (5)Universal Repeater (6)Bridge with AP

I tried with 1 and 2. Should I try with another one?

Thank you all for you help, I learnt a lot.
Regards.