Cant get new AP working
-
"So I'm still thinking there is confusion as to how things are connected. See attached."
No I understood what you said you connected your laptop to a lan port on your wifi router your using as AP, so those ports become a downstream switch is all. If your saying that is stopping from working that has ZERO do to with the wifi portion of the router..
If you can not ping pfsense from your laptop connect to switch that is connect to pfsense which what you have.. Then you have either something wrong with that port, or something wrong with the switch (of your wifi router) or something wrong with your laptop..
So looking at your rules.. They don't make a lot of sense.
You stated that this network is only a /29
10.10.250.1 /29 = PFSense
10.10.250.4 /29 = Wifi RouterBut then you have a rule to 10.10.100.1 - what is that? Is that another interface of pfsense a different device on a different segment? Which ok.. That rule could work, but if its too a specific interface to pfsense - what about its other interfaces like its wan IP or other segment(s).. That rule doesn't stop access to those IPs. Says no ssh management. But your any any rule at the bottom allows anything to go to say 10.10.250.1 for ssh on pfsense, etc.
But these rules that have source 10.10.250.11 and .12 ?? Huh? You stated your on a /29 so those devices are NOT on that network.. Do you have a downstream router somewhere?? 10.10.250.0/29 gives you .1 through .6 as IPs, with .7 being broadcast. .11 and .12 are not on that network.
If you can not ping the ipv4 address of pfsense it has ZERO to do with ipv6..
-
My apologies. I'm not sure why I was thinking /29 when I wrote this. :P Explains why you were saying a few hosts… :)
To correct myself:
Direct from my DHCP pool:
Subnet
10.10.250.0
Subnet mask
255.255.255.192 or /26
Available range
10.10.250.1 - 10.10.250.62The 10.10.100.1, yes it is a different network interface. Actually this looks like the firewall rule did get a little messed up. I had earlier on tried changing the network block/IPs to see if that would solve my issue (nope) and I guess this got somehow changed or happened when I restored my configuration (changed from 32bit to 64bit to try that) in any case I have changed it to reflect the correct interface (10.10.250.1)
My thought on ipv6 was that if ping is trying to use ping6 instead but that would really be silly if the wireless routers were forcing ipv6 while having an ipv4 ip.
Cheers!
-
There is no forcing of ipv6.. While yes many OS prefer ipv6 over ipv4 and will try that if they believe they have an address. Can can cause you issues for sure.
If you can not ping the ipv4 address of pfsense wired.. Then you need to fix that issue before you even look at what could be wrong with wifi. My guess would be once you fix your issue with your wired then your wifi will work fine.
Can you ping other things.. So for example with your laptop can you ping the wifi routers IP? When you can ping pfsense IP?
-
There is no forcing of ipv6.. While yes many OS prefer ipv6 over ipv4 and will try that if they believe they have an address. Can can cause you issues for sure.
If you can not ping the ipv4 address of pfsense wired.. Then you need to fix that issue before you even look at what could be wrong with wifi. My guess would be once you fix your issue with your wired then your wifi will work fine.
Can you ping other things.. So for example with your laptop can you ping the wifi routers IP? When you can ping pfsense IP?
Hi there,
So I did some more testing. I added various firewall rules with LOG on to allow things like DNS, DHCP, and ICMP explicitly from my wireless network to my wireless network. Still don't see anything abnormal. As soon as I switched from the working access point to the new one I could see DNS hitting my DNS rule. Ping from my laptop also worked although it did seem a bit iffy every few packets seemed to drop. This time it did seem to stay working for 15 minutes or so but wireless connectivity through my phone was really slow and eventually everything stopped working again.
I do also notice that this interface is listed as MASTER where none of my other interfaces are.
All my other interfaces are listed just as: 1000baseT <full-duplex>Where the wireless one shows this: 1000baseT <full-duplex,master>Not sure if this would have anything to do with it?
As for ping. If I set a static IP on my laptop I can ping the access point fine. No issues. But pinging 8.8.8.8 or 10.10.250.1 do not work after a bit. Even now after resetting the interface it still appears broken. Seems almost random if it will work or not.
Tried disabling PF (pfctl -d) and still nothing so I don't believe this is a firewall issue.
Thoughts?</full-duplex,master></full-duplex>
-
I don't see any mention of make model of the AP router..
Reason I mention is that the last few Linksys routers I have purchased for AP's have a "Bridge" mode you can set on the WAN that effectively makes the unit an AP/switch only. Its a one click fix.
Helps if the loose nut behind the wheel missed something.
-
Master?? So yo have a carp setup? You said nothing of a carp setup..
You clearly F'd up something.. This is out of the box stuff. Do you have some sort of switching loop? You say your running other networks on your other interfaces.. Where do you plug those? And what is your wan plugged into?
-
Hi all sorry for the late reply. Bit busy with holidays…etc. :)
I don't see any mention of make model of the AP router..
Reason I mention is that the last few Linksys routers I have purchased for AP's have a "Bridge" mode you can set on the WAN that effectively makes the unit an AP/switch only. Its a one click fix.
Helps if the loose nut behind the wheel missed something.
I left out the make and model as I've tried two completely different manufactures with the exact same result.
Since you asked:
1. TP-Link Archer 2600
2. Amped Athena RTA2600I can check for bridge mode and the likes once I have some time.
Master?? So yo have a carp setup? You said nothing of a carp setup..
You clearly F'd up something.. This is out of the box stuff. Do you have some sort of switching loop? You say your running other networks on your other interfaces.. Where do you plug those? And what is your wan plugged into?
I have not setup any CARP features. As far as I know each interface is acting as a standalone interface.
Checking CARP status I see this:
No CARP interfaces have been defined. High availability sync settings can be configured here. and clicking the above nothing appears configuredAll other networks are plugged directly into their own interface on PFSense. There are no VLAN's…etc configured either.
The WAN is plugged directly into my CPE/Modem. PFSense initiates and authenticates the connection. (that works fine, wired connections or older AP have no issues)
One thing I have noticed now is that the "working" AP (D-link DAP-1650) the interface configures itself as 100baseTX <full-duplex>instead of 1000base. The AP LAN ports are all gigabit rated. I'm wondering if this could be why the newer AP's are having issue? Could there be some hardware related issue with the NIC? Ex maybe some driver issue with using gigabit?
For reference the interfaces are listed as RE0/RE1/RE2...
Thoughts?</full-duplex>
-
"I have not setup any CARP features. As far as I know each interface is acting as a standalone interface. "
Then why is your interface showing "master" I do not have a lot of experience with CARP.. But your interface should not list master if you do not have carp setup.. Did you try to set it up in the past and then removed it..
"All other networks are plugged directly into their own interface on PFSense"
And you don't have any loops in this sort of setup?? None of your interfaces plug into the same dumb switch, or wifi routers your using as AP none of their lan ports are connected to other lan ports on other AP? Or connected to some common device that could be bridging?
Your not trying to link any of your wifi together that could also cause a loop.
-
Yes, your problem is related to realtek drivers included into freebsd. Use google and you will find the answer.
Solution is to change link speed to 100 or you must compile and add new realtek driver into pfsense.
https://forums.freebsd.org/threads/55861/ -
@w0w:
Yes, your problem is related to realtek drivers included into freebsd. Use google and you will find the answer.
Solution is to change link speed to 100 or you must compile and add new realtek driver into pfsense.
https://forums.freebsd.org/threads/55861/That's a shame. I'm thinking I will probably just try upgrading to a newer appliance in the near future anyway. Thanks for the info!
Cheers!
-
So just to update you all.
I took apart my atom box and found a PCI slot. Stuck an intel based gig card in there and it worked perfectly with my wifi. So confirmed it was the Realtek NIC's causing the issue.
Thanks all for taking the time to try and help. Will likely upgrade to a faster box at some point in the future with intel nics but for now PCI card is doing fine. :)
