[Solved] VLAN10 cannot access internet (over VPN)
-
I am using a 2 NIC network card in my pfSense and in one of the NICs I have a Ubiquiti UAP-AC-PRO connected which I am connected to WLAN writing this post now. I want to setup a VLAN for my IOT-devices and I have followed this guide: https://www.youtube.com/watch?v=b2w1Ywt081o
Although I do not have a Smart Swith as the creator of that video, but I guess that shouldn't matter? The only thing between my UAP and the pfSense is the PoE-injector to get it powered.
I've looked into this old post and when connected to the VLAN I can access my NAS and other devices and I when I type "ping google.com" in CMD it gives me back googles IP but it cannot ping it, so I guess DNS is working but it stops there? The rules in outbound NAT are there too, set to manual.
https://forum.pfsense.org/index.php?topic=47057.15Please see attached screenshots for my settings.
Any suggestion what I have made wrong?
Do I need to buy a smart switch?Any help greatly appreciated!
-
Is that dual-NIC card capable of VLANs, and is it compatible with FreeBSD/pfSense?
Something about your DHCP is weird - you should have a 'WAN' option, but all I can see is LAN / WLAN / VLAN10 .. no WAN.
-
Is that dual-NIC card capable of VLANs, and is it compatible with FreeBSD/pfSense?
Something about your DHCP is weird - you should have a 'WAN' option, but all I can see is LAN / WLAN / VLAN10 .. no WAN.
Thank you for your reply!
I have a "Lenovo Intel Ethernet Server Adapter I350-T2 4XC0F28730" and as far as I can google I believe it's supports vlan?
Could it be a drivers issue that pfSense doesn't have the drivers? Can I install the drivers manually? https://downloadcenter.intel.com/download/17509/Intel-Network-Adapter-Gigabit-Base-Driver-for-FreeBSD-?product=59062When I look at the DHCP settings on my LAN and WLAN I cannot see anything about WAN, could you show me a printscreen of your WAN option you think of please?
-
i350 looks ok, from what I can tell.
Are you using a VPN service as your WAN? If so, then vlan10 probably isn't allowed to traverse that.
-
i350 looks ok, from what I can tell.
Are you using a VPN service as your WAN? If so, then vlan10 probably isn't allowed to traverse that.
Thanks again for reaching out!
Yes I am using a VPN for my whole network. Connected via OpenVPN to ovpn.com's servers.
Although if I disable the OpenVPN connection (Status -> OpenVPN -> Stop openvpn service) I cannot reach internet. Maybe there's a more correct way to disable the VPN to test out if it works without VPN?Yes, you are absolutely right, I tried yet again to disable the VPN connection although I've tried this some days ago without any change. Now It works with the VPN disabled though. Thank you! :D
So now I wonder if it's possible to traverse vlan through the VPN?
-
just policy route and put rule allowing the access you want to access a vlan above the rule that sends traffic out the vpn.
-
just policy route and put rule allowing the access you want to access a vlan above the rule that sends traffic out the vpn.
I found this https://philsheets.me/blog/multi-vlan-vpn-endpoint-pfsense-network/ and added 2 new NAT rules in outbound, see attached screenshot and highlighted rules I added and now it works. :D
I gotta be honest I don't understand what you are suggesting. But since it's working now, and I already have multiple auto-created rules in Outbound i guess this will qualify as a fair solution? :P
![NAT outbound.PNG](/public/imported_attachments/1/NAT outbound.PNG)
![NAT outbound.PNG_thumb](/public/imported_attachments/1/NAT outbound.PNG_thumb)