Wired APs drop internet access but not LAN, help
-
@Live4soccer7 said in Wired APs drop internet access but not LAN, help:
Deselect, so that Allow DNS server list to be overridden by DHCP/PPP on WAN is not checked
Select, so that Do not use the DNS Forwarder or Resolver as a DNS server for the firewall is checkedThanks!
If I'm reading your statement correct, then the following would be the correct selection for those two options:
Check This Box: Allow DNS server list to be overridden by DHCP/PPP on WAN
Do NOT Check this Box: Do not use the DNS Forwarder or Resolver as a DNS server for the firewall
Edit, I believe the issue was a cert/security algorithm issue with PIA. For whatever reason it wasn't negotiating the correct algorithm, but was still compensating for it on the PIA side. I was seeing an error associated with this. I had to change the cert, port, algo etc... Since doing that, I haven't seen any errors.
Jul 9 00:50:56 openvpn WARNING: 'cipher' is used inconsistently, local='cipher AES-128-CBC', remote='cipher BF-CBC'
I currently have a ticket open with them to hopefully get the correct algos working properly. As of now, I have not seen near as much in the logs.
-
Your not reading it right - why would you want dhcp to override your dns - that should always be unchecked to be honest.. And by default should be unchecked.
Both boxes should be UNchecked..
In pretty much any configuration. Its going to be very odd setup to check those..
-
Thanks! So far the connection is still good and hasn't dropped. I would say if it stays up a few weeks then the issue is resolved.
-
Hmm. No idea how that could affect things coming over wifi only....
-
it couldn't!!
-
The last setting discussed is just an afterthought on something I saw online. It wasn't really too relevant to the issue or setup.
Here's a question. By DEFAULT all traffic is routed through VPN with openVPN on pfsense. I have setup manual rules to route traffic around the VPN. Is there any way that the address of the AP (not set to be routed around VPN, nor am I even sure that would work that way) could be getting misinterpreted when it goes down and making all traffic from the AP go through the VPN, hence making it appear that everything wireless is not able to connect to the internet.
One thing I did not try was connecting a device via ethernet to the back of the AP when wifi devices can't connect.
-
@Live4soccer7 said in Wired APs drop internet access but not LAN, help:
By DEFAULT all traffic is routed through VPN with openVPN on pfsense.
No not by "default" if you do not pull routes, or your vpn server doesn't hand that out then no it all traffic is not sent out the vpn.
Most vpn services do want all your traffic though - how else would they make any money if info was given to them that they could monetize ;)
Not sure what you think the AP IP has to do with anything? The only reason an "access point" has an IP is for management of that AP... It has zero to do with clients connecting to that AP.. Unless your natting and NOT actually using it as an AP..
Your policy routing if using the AP IP it would only route the AP traffic, maybe it checking for an update?? Have no idea why an AP would need to talk to anything other than the IP of its controller.. It has zero reason to talk to the internet - unless maybe you told it to pull an update or something.. Or it checks on its own for update? Or maybe sync time with ntp?
I think your AP are more than like natting your traffic and not actually AP.
-
@Live4soccer7 said in Wired APs drop internet access but not LAN, help:
Is there any way that the address of the AP (not set to be routed around VPN, nor am I even sure that would work that way) could be getting misinterpreted when it goes down and making all traffic from the AP go through the VPN, hence making it appear that everything wireless is not able to connect to the internet.
Not a chance. The router address is only used to access the management interface. In AP mode, it's 100% irrelevant. A device attached via WiFi AP appears exactly as though it were wired to the network. There is absolutely no difference.
-
@JKnott said in Wired APs drop internet access but not LAN, help:
There is absolutely no difference.
Not sure I would say that ;) Its going to be slower and have more latency then its wired buddies ;) heheh
-
Thanks. It was just a though of possibility. I'll post up if it drops again and with some more relevant troubleshooting info/logs.
-
@johnpoz said in Wired APs drop internet access but not LAN, help:
@JKnott said in Wired APs drop internet access but not LAN, help:
There is absolutely no difference.
Not sure I would say that ;) Its going to be slower and have more latency then its wired buddies ;) heheh
haha, that's the truth. I wired the house last year for that reason.
-
@Live4soccer7 said in Wired APs drop internet access but not LAN, help:
haha, that's the truth. I wired the house last year for that reason.
The point of my comment was there is no difference in the addressing of the packet or frame. I could also reduce the performance by putting a 10 Mb hub on the network. I have one here.
-
Very true - pfsense not going to be able to tell if wired or wireless device...
-
For sure.
Thank you to everyone here. I appreciate the assistance. You have helped my sanity for the time being. pfSense is great and by far the best experience I've had with a router in any setting I've worked in, which isn't a whole lot. Still, I always recommend pfSense to anyone that has the ability to install and work with it.
