OPT1 - Unifi Access Point - No Internet Access
-
Can you resolve domain names on your WIFI clients? If not, can you ping public IP addresses?
-
No i am unable to resolve any domains, i can only ping internal addresses not external addresses such as 8.8.8.8
-
Any floating rules that may mess with the WIFI net, do a filter reload on Status -> Filter Reload and check if there are any errors. If you recently updated to 2.4.4 check that the default gateways are properly set at System -> Routing.
-
there was two rules in floating but i have disabled them and reset states with no luck...
Filter reload did not return any errors and my firmware is 2.4.3-RELEASE-p1
Gateways are configured correctly in Routing
should i try updating to 2.4.4?
-
@wireis said in OPT1 - Unifi Access Point - No Internet Access:
should i try updating to 2.4.4?
Sooner or later you will have to, but make sure you read the release notes and the update guide before you do.
Do a packet capture on your WIFI interface and check if any request for the internet arrive there, if not it's a problem with your client. Also you are running two wireless LANs at the moment, make sure the test client is only connected to one at a time. If it's connected to both you may end up with routing problems on your client, the same goes for wired connections.
You can also disconnect the R7000 and connect the Unifi AP to your switch, this should put clients connecting to it into your working LAN network. If they then still fail to connect to the Internet you need to check the AP configuration.
Edit: You mentioned you have Outbound NAT in hybrid mode, in that case show your user rules for it too.
-
@Grimson thankyou for your advice on this so far i really appreciate it, i'll try this out and will report back tomorrow, yes my Unifi AP does work simply connecting to my LAN Ethernet switch however i intend to use VLAN on the Unifi AP and my switch doesn't support it so i thought i would use one of my two spare OPT ports on my NIC
Regards,
W -
-
Ok, quite a few superfluous rules in there. Do you pull the default routes via OpenVPN, so that all the traffic is routed over it? In that case you need to add a outbound NAT rule for your WIFI network too, or specify your normal WAN gateway in the default rule of the WIFI network.
-
@grimson said in OPT1 - Unifi Access Point - No Internet Access:
Ok, quite a few superfluous rules in there. Do you pull the default routes via OpenVPN, so that all the traffic is routed over it? In that case you need to add a outbound NAT rule for your WIFI network too, or specify your normal WAN gateway in the default rule of the WIFI network.
Ok we have this solved @Grimson, i am using OpenVPN at default across my main LAN network and i create static leases and force WAN Gateway for devices i wish to bypass the VPN otherwise anything else that connects to my LAN network gets forced down the tunnel.
I changed the gateway from "default" to "WAN_DHCP" under the advanced settings tab in Firewall > Rules > WIFI and this has fixed my issues!
See below screenshot;
Many thanks for the support, i am not an IT technician i am merely an enthusiast when it comes to this sort of stuff.
Apologies if i have been a total idiot with this but hopefully it will help out another idiot some day.
Regards
W -
Ok, now that we found the cause you need to make sure your rules on the WIFI net are right. If you don't intend to route the devices on that network through your VPN connection, but want them to talk to devices on another local network you will need an additional rule. That rule needs to be placed above the default rule, with the source of your WIFI net, the destination will be your local network(s) and it's gateway needs to be "default". That is because currently all connections coming from your WIFI net will be routed out of your WAN gateway.
For more in-depth details you better read up on policy routing.
