Opt1 No internet access
-
Sorry for probably posting a question that has been posted a million times. I've probably looked through twenty five different posts and they all seem to say the same thing which I believe I've setup correctly but I can't seem to get it working. Lan1 is working fine and is able to connect to the internet without any issues.
I added in the rules to match lan1 for opt1 as that seemed to be the biggest thing on the forum people ran into. I've attached the screenshot for that.
Also I added in a screenshot of my nat rules however I have not made any changes besides clicking manual.I appreciate your help and again sorry for probably a dumb question.
-
Also if it is relevant here are my pings as well. I'm unable to ping anything while connected to the opt1 network. While connected to lan1 I can ping both routers.
Any help is greatly appreciated. Been racking my brain for a few hours trying to figure this out.
Thanks in advance.
-
Hi,
Have you setup a gateway for your interface? if yes, is this the IP of the lan1 or the opt1?
Can you post your route table and a tracert test?jyrandrianiaina
-
Thank you for your reply jyrandrianiaina.
I have the default gateway setup so I'm assuming this is for lan1. I've attached a screenshot for that. (I've since added PIA back on to my server so I could use my unraid box and watch a show… haha) Also I read on one of the related troubleshooting that it's important for the opt1 to use the gateway so I added that into my firewall rule. I've attached a new screenshot for that.
I've attached the ipv4 and ipv6 route tables below. The window was too big so they are separated.
As for the traceroute I'm unfamiliar with how to use that. I've attached a screenshot of what I put but it timed out. If you can give me any advice on what to put here that would be helpful.
Thanks again.
-
"I have not made any changes besides clicking manual."
Why would you do that??
And why do you have a gateway setup on your opt1 rules now?
What is your client on your opt1 network pointing to for gateway/dns? Does it get its info from pfsense dhcp?
There is nothing you need to do extra on creating a new opt1 interface other than creating firewall rules to allow traffic everything else is automatic. Well and setup dhcp if you want to use that.
Are they 2 physical interfaces or are you trying to setup vlans? Can device ping pfsense IP on the opt1 network?
Why are seeing reply from 10.0.0.1 ??? When your on the opt1 network?? Please describe/draw how your network is connected together. What switch(es) etc..
-
Hi,
Please post the gateway for your PC you send ping not the gateway in pfSense.
If you are on windows, open a cmd and run :- route -n
- tracert google.com
If you are on linux/Unix, install mtr and run: - mtr google.com
and please post the screenshot. I think, it is a problem on your PC's gateway.
Regards,
-
yeah gateway on the client is most likely 10.0.0.1??? Which would mean a odd ball mask as well.. since that would not be in his clients network unless he was using a 255.0.0.0 mask or /8
-
"I have not made any changes besides clicking manual."
Why would you do that??
I will be setting up PIA through OpenVPN on LAN1 and on OPT1 I'd like to have it setup with no encryption for a seperate network in my home. I'll have to switch to manual settings for the PIA so that's why it switched it to manual.
And why do you have a gateway setup on your opt1 rules now?
I saw something on another post that said it might be the problem. I tried it. It didn't work but posted it in the event that I was on to something. I can remove it.
What is your client on your opt1 network pointing to for gateway/dns? Does it get its info from pfsense dhcp?
I don't fully understand the question as networking is not really my strongest point - more in to other computer things but I'm a quick learner so I'll do my best to figure it out. As for the gateway/dns if I understand that correctly it should be the gateway table in the 4th post. The DNS i used in the setup wizard was 209.222.18.218 and 209.222.18.222. (Used from this article - https://www.privateinternetaccess.com/forum/discussion/18111/openvpn-step-by-step-setup-for-pfsense-firewall-router-with-video). When I setup PfSense from the non-gui I did setup both Lans to use DHCP. Lan1 is 10.194.50.101:200 and Opt1 is 10.194.51.101:200.
Are they 2 physical interfaces or are you trying to setup vlans? Can device ping pfsense IP on the opt1 network?
They are physical devices.
I have not tried the ping yet, I'm not at home right now but I'll try that when I get there and post new results for that.Why are seeing reply from 10.0.0.1 ??? When your on the opt1 network?? Please describe/draw how your network is connected together. What switch(es) etc..
I'm pretty sure the 10.0.0.1 is being handed out by the wireless router. As for the setup it looks like this currently.
Modem
PfSense connected to modem via WAN.
Lan 1 - Physical 1000 LAN card connected to WNDR3700 Netgear Router (This currently also has three wired computers plugged into it, this should be distributing the PIA VPN service on this network)
Opt 1 - Physical 100 LAN card connected to DIR-868L D-Link Router (This currently has nothing hooked up to it as it isn't working)I have two switches coming tomorrow as well as a new 1000 LAN card to replace the 100 card. My plan is to put them in between the NIC cards and plug the routers into them for wireless access on each network.
Beyond that I've got a standard slew of wifi connected devices in the home, tablets, phones, connected devices, etc
Also for what its worth I did change the connections from LAN 1 to the second router to make sure I didnt' have a problem with the router and it worked. Connecting Opt1 into the first router still did not function.
-
Hi,
Please post the gateway for your PC you send ping not the gateway in pfSense.
If you are on windows, open a cmd and run :- route -n
- tracert google.com
If you are on linux/Unix, install mtr and run: - mtr google.com
and please post the screenshot. I think, it is a problem on your PC's gateway.
Regards,
Jyrandrianiaina,
I've attached the tracert. The route -n didn't seem to do much except data dump some instructions on me. I attached the first one i did of those as well. The second posted the same information from what I could tell.
Lan1 appeared to contact without any issue. Opt 1 could not resolve the host.
-
Hi,
For windows, use route print (sorry, route -n is for linux/unix).
To use the gateway as lan1 in your pc, change your gateway as lan1's address.
And for opt1, change the IP address of the gateway of the PC as opt1's address.For example: if the lan1 IP is: 10.10.10.1, and your PC is 10.10.10.2, the gateway must be 10.10.10.1 (lan1 ip).
if the opt1 IP is: 10.10.20.1, and yours is 10.10.20.2, your gw must be 10.10.20.1 if you want to connect via the opt1.
You can't ping the LAN1 IP if your gateways is opt1 and if you have not setup a route.Jyrandrianiaina
-
So your wireless router is handing out dhcp?? That is not how you should be doing it… Use your wireless router behind pfsense as AP only... turn off its dhcp server, connect it to your network via lan port and setup its lan ip to be on the network you connected too.
As for your clients, do an ipconfig /all so we can see what IP it has, what gateway, what dns and what the dhcp server was, etc..
-
Ok so update - Got my switches and the new NIC. Setup my routers(had to get new ones since the ones I had didn't have AP mode) in Access point mode and everything is working the way I want it to.
Two questions and it's unrelated to the internet access not working - just the next steps I want to do with my network and I should be finished.
-
I've got my PIA network (50.1) and my open network (51.1) setup and computers on each one. How do I share files on them internally? Basically I've got my unraid box on 51.1 with plex media server so it can serve outside of my network - I've got transmission and sonarr on 50.1 and I need to get the files from there to the unraid box.
-
Secondly if for any reason the VPN on 50.1 goes out or stops working for whatever reason is there a firewall rule or something else I can set so it will no longer access the WAN? I don't want transmission still downloading files in the event that it is showing my IP to the world due to the VPN stopping.
Thanks again for all your help. (If you don't have the full answer or if you know what I should be looking for that will help too. Just not familiar with the terminology I should be searching for)
-
-
"had to get new ones since the ones I had didn't have AP mode"
Huh?? Every single soho wifi route on the planet can be just an AP.. Turn off its dhcp server connect it network via one of its lan ports..
So did you get a REAL AP or just some soho router you click AP mode on?? Just curious..
-
"had to get new ones since the ones I had didn't have AP mode"
Huh?? Every single soho wifi route on the planet can be just an AP.. Turn off its dhcp server connect it network via one of its lan ports..
So did you get a REAL AP or just some soho router you click AP mode on?? Just curious..
I wasn't aware of that for the routers. The DIR-868L specifically said on Cnet it didn't support being an access point. Possibly that just meant it didn't have the "easy mode" that you just click. I was having problems with random disconnects and the other one had two lan ports actually fail so it was time to upgrade. I ended up picking up new AC1750 routers. I toyed with the idea of getting the ubiquiti access points but I kept reading that the fall off on the range was terrible. Great for a room or two but if you didn't overlap them then you could expect speeds to drop dramatically as you lost signal. None the less it seems everything is working now with the new routers so I'm happy. Would you be able to point me in the right direction for my other questions?
Thanks again.
-
Ok so new problem… not sure if this is my settings or a limitation but if one of you could look it over.
So I've got everything setup and I've got the two lans working however I am constantly losing connection to the PIA OpenVPN, not entirely sure what is causing it as when I ran it all by itself it stayed connected without any issues and now it's shutting off every 10-20 minutes and reconnecting after a few. My problem is when it dies it also kills the connection to the WAN entirely for the other network.
I've taken a screenshot of my settings if you could check and advise.
Thanks again for all your help.
-
Well couple things I notice from a quick look is why do you have your outbound nats like that, so do you need pfsense itself to go out the vpn connection? Why do you have your other network that you don't want going down the vpn connection setup with a outbound nat?
So I have vpn client setup to one of my vps, you see the nat I have setup for it attached.
You also have your networks going out specific gateways, but not even allowing access to pfsense? Nor any rule to allow your network to talk to each other? You send everything out specific gateways. Also if setup your vpn as a gateway, and you tell pfsense to reset connections on loss of gateway then yeah your going to have problems with 1 gateway going down all connections being reset.. Advanced, misc section.
And looks like your client isn't even running so how would you have a vpn connection? Look into your log why its stopping.
-
Hey Guys,
So I thought I had the internet working on the second lan but I guess i didn't. I went away for a few weeks for work and am back trying to figure this out. I feel like I'm missing something stupid but I can't figure it out.
I switched to the hybrid NAT and added the VPN to that like your last screenshot johnpoz. I've also got the any rule set for that opt1 lan. I've attached the route print like you previously asked for, I'm able to ping the network and access the pfsense gui from the second lan but unable to access the internet still(windows does seem to think I have internet).
Also the VPN hasn't gone down in quite awhile, I killed the config file and restarted it and it seems to have worked like a charm since.
Thanks again and sorry to keep bothering you. Just would love to get this working.
-
where did that mac come from.. that can not be correct all 88 with one 87.. No did you hide that?
Why does this machine have not only an IP address 10.194.51.1 but also a 192.168.56.1 ??
Why don't you do the basics here.. Clearly your resolving google to IP from your ping. Ok follow the traffic. Sniff on pfsense opt1 interface when your pinging do you see the pings? Sniff on pfsense wan do you see the pings go out?
-
Hey johnpoz. Thanks for the reply.
Have no clue about the 88 and 87s. Also not sure about the two IPs. These were direct screenshots.
Would you be able to give me further instructions on how to do a sniff on PfSense to the opt1 and WAN? I tried googling it but didn't come up with anything.
Thanks.
-
diag, packet capture. Pick your interface, follow the bouncing ball.
What box is this on… That is not a registered mac address... 88:88:88 doesn't belong to anyone.. Its not registered that I can find..
Is this a virtual machine? If so what software?