Thanx

The solutions (yet at least for my problem) was as simple as it could be.

On TPLink WDR 4300 with OpenWRT under "Network" - "Switch" Port 1 is the WAN. And this one should for all uplinked VLANs be tagged as even as the CPU is.

Anyway, DHCP Server leases its adresses and at least my Problem is soluted.

If anyone in the further should run into issues with OpenWRT on TPLink Routers but is sure that everything is accurate configured...check out the Switch Tab and make sure CPU && WAN (this is Port 1) are both tagged.

The CPU is the Routerboard itself and Port1 as mentioned above the Uplink on WAN for delivering the segmented VLANs.

I am just still wondering why it worked with static IPs. The only way I might suggest would be that the CPU might have processed here? I am just a little bit unsure if this should be a "missed feature" or might be a bigger (security breaching / breachable ?) bug... It wasn't as fast as it was without VLAN Tags on pfSense and as fast as it responds now. So might it really have been the CPU that worked that missconfigured VLAN switching out in this case.. ?!?

BTW & (at least) TPLink WDR4300 related: if your router isn't capable of VLAN for WIFI (you aint got a Wifi Port on the Switch Tab) you can check under the "Interfaces" Tab if it is bridged (br) on LAN.
A simple workaround I did to get Wifi on a VLAN separated from LAN was to deconfigure the BRIDGE WIFI - LAN and take an unused Port (in my case the 4th and last one), bridge this to Wifi and put this port in a VLAN.
This way you might separate your Wifi (2.4GHz or 5GHz or both as I did) from your LAN and be able to route it through a VLAN either.

What I found out till now...but first my setup.

pfsense with e.g. WIFI on VLAN20
OpenWRT assigned and bridged, eth0.20 (VLAN ID 20)
DHCP Server on pfSense set, range set etc.

Anyway it works but just with an static IP assigned to the Client behind OpenWRT (TP-Link WDR4300, CC 15.05)

The DHCP Server is not serving. Or at least what I found out is that there are none Requests forwarded to it.

So as I see the Requests get stuck at OpenWRT Level as they are not reaching the pfSense. (FW Rule "default allow any" for VLAN-Interface created)

I just read a bit and it might be that the additional package relayd could be a problem, read sth about this on a different router.

Conclusions:

• with a static IP on the Clientsite Clients get access to the Web

• DHCP Server is not serving / several Packet Captures for Port 67 & 68 (DHCP) captured just nothing on the VLAN-Interface

Would be really appreciating if someone got an idea or yet even such a setup (OpenWRT via VLAN -> DHCP Requests / leases) running...

Thanks at all
BSA66

Anything we should take in to consideration?, firewall rules?, interface bridging?, etc.

I bridged the wan port on the AP (Lede) to the lan-interface (to make use of it) and deleted the wan and ipv6 inteface as I don't need them.
Might that be a problem? Or maybe I configured the vlan wrong? Take a look at my setup:
http://imgur.com/EdjDRfi
(Lan1 is connected to pfsense)

@kiowadriver: Does the dir-645 run stable with openwrt for you? I tried v.15.05 on my dir 645 some time ago and the wifi was way too slow to be usable. That's why I bought a new router as AP last week (the vanilla software on the dir-645 has not been updated in two years…)

I have the following hardware & software:
SG-2220 - pfsense
DIR-645 Running OpenWRT (latest) - running two SSID for HOME and GUEST networks
HW Procurve 1810G-24 port managed switch

My pfsense router is connected to the WAN, then to the managed switch (LAN) on port 1
my DIR-645 is connected to the managed switch (LAN) on port 2

I followed the tutorial and my guest users get an IP (eventually) over DHCP but have no DNS, LAN, or internet traffic

I assume that I need to setup something in the managed switch correct? ???