VLAN getting IP but no internet (pfSense, EdgeSwitch8XP, UniFi AC LR) with screenshots

Grimson

Your using a VPN, probably setup by following some crap guide that tells you to switch outbound NAT to manual? If yes, check your outbound NAT rules and add one for your new VLAN.

sethelyon

Hi Grimson! I did setup VPN and followed a guide. :(

Anyway, I've put a screenshot on my outbound rules. Correct me if Im wrong but it is still set on auto right? If not, should I add my VLAN 30 on Mappings?

here's a screenshot.

0_1552752682406_outbound nat.jpg

Grimson

Show the actual outbound NAT rules then. Edit: also do some basic connectivity tests:
https://docs.netgate.com/pfsense/en/latest/routing/connectivity-troubleshooting.html#client-tests

sethelyon

Hi Grimson, apologies if Im doing some mistake here but is this what you're asking for?

0_1552753405602_outbound 2.jpg

Grimson

Outbound rules look OK. Although I'm wondering why 192.168.11.0/24 shows twice, are you using the same IP space for two different OpenVPN tunnels?

And the results of the connectivity test?

sethelyon

@grimson said in VLAN getting IP but no internet (pfSense, EdgeSwitch8XP, UniFi AC LR) with screenshots:

Outbound rules look OK. Although I'm wondering why 192.168.11.0/24 shows twice, are you using the same IP space for two different OpenVPN tunnels?

And the results of the connectivity test?

Client (my iphone)

IP:192.168.30.10
Subnet mask: 255.255.255.0
Router/Gateway: 192.168.30.1
DNS: 192.168.30.1

I'm only using one OpenVPN tunnel right now. It could be that when I was following a guide, I double send some data and ignored it when it worked the 2nd time. Could retrace where the mess i left. :(

Connectivty test for client's ip address to LAN, VLAN30 and WAN.

Only VLAN30 has a reply when pinged.

0_1552757381290_ping test for LAN.jpg
0_1552757546240_ping test for WAN.jpg
0_1552757481964_ping test for vlan30.jpg

Grimson

I linked you to the client tests, so test from a client on VLAN30.

sethelyon

@grimson said in VLAN getting IP but no internet (pfSense, EdgeSwitch8XP, UniFi AC LR) with screenshots:

I linked you to the client tests, so test from a client on VLAN30.

My bad.

Connected my laptop on my wireless VLAN30 which provided me these credentials

IPv4 Address. . . . . . . . . . . : 192.168.30.11
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.30.1

Pinged my LAN IP, RTO
Pinged WAN IP, RTO
Pinged WAN Gateway, RTO
Pinged 8.8.8.8, RTO
and lastly pinged www.google.com, RTO.

I can only ping 192.168.30.1 which also redirects me to pfSense.
I appreciate the time and help you're doing Grimson. Thank you for the patience. :D

Grimson

Any floating rules? Any errors during the filter reload progress? Output of Diagnostics -> Routes?

sethelyon

@grimson said in VLAN getting IP but no internet (pfSense, EdgeSwitch8XP, UniFi AC LR) with screenshots:

Any floating rules? Any errors during the filter reload progress? Output of Diagnostics -> Routes?

No floating rules. It's taking some time to load though.

stephenw10

Which ports on the switch are connected to what?

I expect to see two ports tagged with VLAN30 there. Packets are tagged to pfSense and tagged to the AP. I'm not really sure how DHCP is working there without that.

Steve

johnpoz

Why are you showing port 1 on your switch as T for vlan 1?

Why are things showing as grayed out on port 1?

Here is how it works.. Vlan 1 should be untagged since that is your management port for your AP right.. your LAN..

So pfsense -- 1U,30T -- switch -- 1U,30T -- AP

You would have 2 trunked ports here.. 1 that goes to pfsense, and another that goes to AP.. Per thread on unifi.. Might be old but setting trunked allows all vlans and vlan 1 would be untagged. etc

Grimson

@johnpoz said in VLAN getting IP but no internet (pfSense, EdgeSwitch8XP, UniFi AC LR) with screenshots:

Why are you showing port 1 on your switch as T for vlan 1?

Why are things showing as grayed out on port 1?

He has set port 1 as a trunk port with native VLAN on ID 1, so that should be OK.

Port 8 has VLAN ID 1 as untagged and 30 as tagged, so as long as he has pfSense and the AP each on one of these two ports it should work.

Though I haven't worked much with Unifi switches, so I could be wrong there.

But as he can ping from his VLAN to pfSense and back, and can reach the WebUI from a client on that VLAN it looks good to me.

Sadly he hasn't really answered two of the three questions I asked him last.

johnpoz

Yeah but sure looks like it shows T on the vlan 1... And U for 30 on port 1.. Which sure wouldn't be right.. If that is where pfsense or AP is connected too.. We just had this discussion - not very normal to tag vlan 1.

Once you click trunked maybe doesn't matter - but its kind of BS info its giving you then.

Grimson

@johnpoz said in VLAN getting IP but no internet (pfSense, EdgeSwitch8XP, UniFi AC LR) with screenshots:

Once you click trunked maybe doesn't matter - but its kind of BS info its giving you then.

Guess why I keep away from Unifi switches

sethelyon

@sethelyon said in VLAN getting IP but no internet (pfSense, EdgeSwitch8XP, UniFi AC LR) with screenshots:

@grimson said in VLAN getting IP but no internet (pfSense, EdgeSwitch8XP, UniFi AC LR) with screenshots:

Any floating rules? Any errors during the filter reload progress? Output of Diagnostics -> Routes?

No floating rules. It's taking some time to load though.

Port 1 is the trunk port and is grayed out so no matter what the letter stands for as long as it is on trunk port it doesnt matter. But beats the purpose of changing it. Very confusing.

@Grimson I appreciate the help sir. Here's the screenshot of Diagnostics > Route. I blacked out my public IP.

@johnpoz I though that putting Untagged on port 8 VLAN ID 1 and tagging VLAN ID 30 on port 8 should do the trick, it does. It gives the correct IP but no internet connection. Yeah, confusing about the grayed port when it is enabled as a trunk port. Changes are not valid if it is grayed. i tried doing it away (even the grayed tagging) still doesnt work.

Im so lost why it is not working. :(

I am so sorry for the late reply because I had to deal with some medical issues. I appreciate everyone for taking in the time for helping.

sethelyon

Here's some graph that happening now.

my iPhone is currently connect to VLAN 30 and has the right IP but no internet.
laptop is connected to LAN WIFI which is working as expected.

Created a new vlan with a different AP (old dlink ap) and it worked. But is it on a different vlan and untagging that port works.

So the issue may come to when I have 2 vlans on a single port (port 8). Which I dont know if the switch is to blame which gave the right IP.

johnpoz

So do your non vlan have internet? And its just the vlan that doesnt?

johnpoz

@sethelyon said in VLAN getting IP but no internet (pfSense, EdgeSwitch8XP, UniFi AC LR) with screenshots:

I can only ping 192.168.30.1 which also redirects me to pfSense.

What does this mean exactly - redirects you to pfsense?

Are you running proxy? Any other packages?

sethelyon

@johnpoz said in VLAN getting IP but no internet (pfSense, EdgeSwitch8XP, UniFi AC LR) with screenshots:

So do your non vlan have internet? And its just the vlan that doesnt?

Non VLAN has internet, just that this VLAN 30 doesn't have internet.

Made a new test where I created a new vlan with a different AP (old dlink ap) and it worked. But is it on a different vlan and untagging that port (different port) works.

So the issue may come to when I have 2 vlans on a single port (port 8). Which I dont know if the switch is to blame which gave the right IP anyway.