Wi-Fi Access Point (AP) connects but doesn't load Internet



  • I bought a Wi-Fi AP to extend router1's Wi-Fi range. I set router2 to AP, which connects to devices but doesn't load Internet?
    Router1's IP is LAN 192.168.1.170 and WIFI 192.168.10.1, router2's IP is 192.168.0.254. I change router2's IP to 192.168.1.175.

    Should I change router2's IP to 192.168.10.2?



  • What does any of this have to do with PFsense?



  • Router1 is pfSense with LAN and WIFI.
    Router2 is supposed to be a Wi-Fi extender, but router2 won't work.
    I'm not clear on what configuration to give router2, based upon router1's configuration.



  • The pfSense router currently has LAN 192.168.1.170 and WIFI 192.168.10.1. This WIFI 192.168.10.1 is prohibiting the AP to send Wi-Fi to the more distant devices.


  • LAYER 8 Netgate

    Did you place pass rules on the wireless interface? There are no rules by default on interfaces other than LAN. You must add them.


  • LAYER 8 Global Moderator

    "Router2 is supposed to be a Wi-Fi extender, but router2 won't work."

    So is it a AP properly placed for the coverage you want, or it some sort of wifi repeater you after that extends wifi via wifi?

    If its an AP and or a repeater why would there be different networks?  Why don't you draw up how you have your stuff connected, what interface in pfsense is connected, etc.. Are you using wifi on pfsense via a wifi interface?  Do you have it on its own network or did you bridge it to your lan? etc..

    If your using some wifi router as AP, its IP address would depend on what network its on..  I would have an IP on that network, it does not nat it does not route - its an AP..  Your dhcp would come from pfsense, your gateway for devices would be pfsense, etc.

    Simple way to use any wifi router as AP.  Turn off its dhcp server, connect it to your network via one of its LAN ports = AP..  If you want to make it easier to manage then you would set its LAN IP to be on the network your connecting it too..



  • Ok, here's the topology.
    pfSense is the router.
    AP
    https://www.google.com.au/search?q=TL-WA801ND&client=ubuntu&espv=2&biw=1024&bih=701&source=lnms&tbm=isch&sa=X&ved=0ahUKEwjWuO-Rs4TRAhVDEpQKHXp3BroQ_AUIBygC#imgrc=5doJIUQ9pLINdM%3A is the Wi-Fi extender, to be added to the topology.
    The AP has 1 LAN port and receives a 192.168.1.xxx IP. This may be the issue, as the Wi-Fi devices currently connect to the Wi-Fi 192.168.10.1 network?

    The pfSense LAN is a different network to the pfSense WAN.

    I'm using the Wi-Fi extension as an Ethernet cabled AP, rather than a repeater, to ensure faster speeds on Wi-Fi in the extended areas.

    The attachment/diagram does not include the new AP device, which is to be added.

    ![Network topology.jpg_thumb](/public/imported_attachments/1/Network topology.jpg_thumb)
    ![Network topology.jpg](/public/imported_attachments/1/Network topology.jpg)



  • Router1 is pfSense with LAN and WIFI.

    Ok this might be not the strange part here, but if you are setting up this both WiFi networks, are they in VLANs?
    Are this two different SSIDs called multi-SSIDs?

    Router2 is supposed to be a Wi-Fi extender, but router2 won't work.

    This router should be running then in the so called WLAN AP mode otherwise it makes also SPI/NAT and this is not what
    you want to do!

    I'm not clear on what configuration to give router2, based upon router1's configuration.

    Can be a good choice to have only one or two WiFi networks based on VLANs and let us say for private usage
    and your own devices secured over a Radius Server and the other one is for guests and secured over the Captive Portal!



  • Hello, I don't think I have any VLANs setup, unless pfSense has automatically done something.

    The 2 SSIDs are different names.

    The AP is set with AP mode and the following IPs:
    IP 192.168.1.175
    Subnet 255.255.255.0
    Gateway 192.168.1.170
    DNS 192.168.1.170

    The mobile device connects the to AP.
    Mobiles IPs:
    IP 192.168.1.102
    Subnet Mask 255.255.255.0
    Gateway 192.168.1.175
    DNS 192.168.1.175

    The mobile does not load browser pages.

    The AP can ping the router at 192.168.1.170, www.google.com and 8.8.8.8.
    I'm checking firewalls, but not sure how to check the AP and pfSense router's firewall.
    I'm in pfSense > Firewall > Rules > WAN > and there's about 20 rules.


  • Banned

    No, the devices should NOT have the AP as gateway. They should use pfSense for GW (i.e., 192.168.1.170). Ditto for DNS if you expect internal LAN resolution to work. There's nothing that'd register the other LAN hosts on the AP.

    IOW, they should be configured exactly the same way as the AP. The AP is not a router, cannot act as a GW. It's just a dumb WiFi <-> Ethernet bridge.


  • LAYER 8 Global Moderator

    The mobile device connects the to AP.
    Mobiles IPs:
    IP 192.168.1.102
    Subnet Mask 255.255.255.0
    Gateway 192.168.1.175
    DNS 192.168.1.175

    How are they getting this info.. Are you setting pfsense dhcp to hand that out as gateway and dns?  Or is dhcp running on your AP?  If your AP is in the 192.168.10 network.. How are they getting 192.168.1 addresses??

    Seems more like your running this AP as a router/gateway..

    To use any old wifi router as just an AP.. Give its lan IP an address on the network its connected too.. In your case that sounds like it would be 192.168.10.something.  If you can set a gateway on the device so you can manage it from another network then the gateway would be pfsense IP in that network.

    Turn OFF its dhcp server..

    Connect one of its LAN ports to your network.  Shazam you have a AP..

    Clients connecting to its wifi would get IP from pfsense dhcp server on this network, they normally would point to pfsense as their gateway and dns.



  • The mobile in DHCP doesn't allow the gateway to be change from 192.168.1.175 to 192.168.1.170.

    The AP has DHCP on.
    I set the AP to static IP to set the below details on the AP:
    IP 192.168.1.175
    Subnet 255.255.255.0
    Gateway 192.168.1.170
    DNS 192.168.1.170

    I turned off the AP's DHCP server, but now the mobile doesn't connect to the AP's Wi-Fi?


  • Banned

    The AP most certainly should NOT have DHCP on. Your clients should NOT point to your AP as GW. Nothing changed here since my last reply.



  • Thank you for the clarification.

    So the AP has:
    IP static: 192.168.1.175
    Subnet mask: 255.255.255.0
    Gateway: 192.168.1.170
    DHCP server turned off.

    Router:
    IP static: 192.168.1.170
    Subnet mask: 255.255.255.0
    Gateway: 192.168.1.170
    Wi-Fi: 192.168.10.1

    Mobile:
    Wi-Fi is DHCP:
    SSID 1 (the router): connects and loads browser pages.
    SSID 2 (the AP): Connection attempt but doesn't connect and shows
    IP: 169.254.253.87
    Subnet mask: 255.255.0.0
    Router: blank
    DNS: 192.168.1.170.


  • Banned

    Uh. Did you enable DHCP on pfSense WIFI interface?



  • Yes, the router has the DHCP server enabled.

    The router's Wi-Fi 192.168.10.1 gives SSID 1 the following:
    IP: 192.168.10.131
    Subnet mask: 255.255.255.0
    Router: 192.168.10.1
    DHS: 192.168.10.1.


  • Banned

    I'm starting to get completely confused yet again. What router?

    IP: 192.168.10.131
    Router: 192.168.10.1

    Eeeh?



  • Yes,
    the router's LAN has DHCP enabled.
    the router's WIFI has DHCP enabled.


  • Banned

    Dude that's not what I'm asking about? Why are the IPs constantly changing between your posts? And can you finally produce a network diagram because this just doesn't go anywhere? (No need to draw mobile phones and irrelevant junk, just the pfSense box, the AP and whatever is between those two.)



  • The network is the same as Reply #6.

    The IPs are only changing on the mobile device Wi-Fi connection's IP.


  • Banned

    Sir, reply #6 does NOT show your AP, which is the only relevant thing in here.

    @eiger3970:

    The attachment/diagram does not include the new AP device, which is to be added.

    As such, it is utterly USELESS.



  • Sorry, I mentioned earlier the AP is not in the network topology, as this is the question I am asking about in this forum thread.

    So, the AP details are:
    IP: 192.168.1.175
    Subnet mask: 255.255.255.0
    Gateway: 192.168.1.170
    DHCP server: Disabled
    SSID 2.


  • Banned

    So the AP is hanging in a blackhole unconnected to anything? Or what?



  • The AP has 1 LAN port with an Ethernet cable connected to the Switch, which is connected to the router.
    I.e. AP 192.168.1.175 > Switch > Router 192.168.1.170.


  • Banned

    Wonderful. Then why on earth are you setting up IPs that are TOTALLY out of the pfSense's LAN range on the AP?!

    (And yeah, you are having a design problem, you won't be able to roam/extend between those. If that is desired, you need to bridge the WIFI and LAN on pfSense.)



  • Sorry, I'm not clear how the AP's IP 192.168.1.175 is out of the pfSense's LAN IP 192.168.1/170's range?

    Oh, so AP Wi-Fi extensions aren't done anywhere else? I'm surprised this is so hard. Surely someone else has extended their Wi-Fi with an AP?

    Ok, so if bridging pfSense's WIFI and LAN, will that still allow Wi-Fi from pfSense and the AP?


  • Banned

    God almighty. What was 192.168.10.1 is now 192.168.1.175 yet again, just minutes later, after you edited your post yet again. Yeah, you are NOT clear and my patience is running thin.



  • The pfSense router has 3 interfaces:
    LAN 192.168.1.170
    WAN <public ip="">WIFI 192.168.10.1</public>


  • Banned

    Ugh. I'm talking about the AP. Let's summarize this:

    pfSense:

    1/ Bridge LAN + WIFI on pfSense.
    2/ Assign the BRIDGE to LAN interface. DHCP server MUST be enabled there.
    3/ Do the tunables magic: https://doc.pfsense.org/index.php/Interface_Bridges

    AP:
    4/ Connect the AP's LAN port to the switch connected to pfSense. The AP LAN should have a static IP (in the pfSense LAN range) or static DHCP lease on pfSense. Do NOT connect the AP via WAN port. WAN port should remain unconnected, preferably completely disabled, if not possible, just set it to DHCP. Do NOT connect the WAN port to anything.
    5/ Make sure DHCP server is disabled on the AP.
    6/ Make sure any firewall is disabled on the AP.
    7/ SSIDs and WPA2 PSK should be the same on both pfSense and the AP if you want roaming to work.



  • Thank you.
    Okay, I added a Bridge Interface with Members LAN,WIFI.

    I'm not clear how to follow your step 2/ Assign the BRIDGE to LAN interface?

    The AP is ready and has the SSID and password as the same as the router.


  • Banned

    @eiger3970:

    I'm not clear how to follow your step 2/ Assign the BRIDGE to LAN interface?

    Interfaces - Assign.



  • Yes, I followed the previous post about adding a bridge interface.
    I have added a bridge interface, however I'm not clear if I have assigned the correct LAN and WIFI to bridge?
    The pfSense setting is: pfSense > Interfaces > Bridges > Bridge Interfaces > Interface: BRIDGE0 > Members: LAN, WIFI > Description: Wi-Fi router and AP > Actions: Edit Delete.

    Also, do I have to set the AP to the same SSID and the router? I would prefer to have the AP with a different SSID, so users have to manually connect to the AP and so that users know they're on the AP and not the distant router.


  • Banned

    No, that is still NOT what I mean. You (re)assign the BRIDGE0 interface to LAN. Directly in Interfaces - Assign.



  • Ok, will research how to do this tomorrow when I have more time.
    Thank you again.


  • Banned

    See below (WIFI is just a name for LAN, i.e. the interfaces.php?if=lan iface). All the members are configured as None/None (Do NOT assign any IPs there.)






  • Ah, I just found your image attachment. The image wasn't appearing before (I guess I wasn't logged in?).

    I tried to assign a bridge, but received error: Cannot set port bridge0 to interface OPT2 because this interface is a member of bridge0.

    OPT2 is pfSense's WIFI port.


  • Banned

    OK…. I thought it'd be goddamn obvious, but let me repeat.

    (WIFI is just a name for LAN, i.e. the interfaces.php?if=lan iface).

    LAN. Not opt2, not opt27, not anything like that. LAN. LAN. LAN.



  • Hmm, I'm confused. I have assigned a bridge. I'll research how to assign the interface bridging WIFI to LAN.

    In Interfaces > Interface Assignments > Interface: LAN > Network port: re1 (I change to BRIDGE0), but error.


  • Banned

    "But error" is really a great description of a problem.



  • Sorry, the error is:
    Cannot set port bridge0 to interface LAN because this interface is a member of bridge0.


Log in to reply