Setting up a WLAN using Linksys (DD-WRT) on OPT1 - stuck for 3 days!



  • Please!  :)

    someone help me, spent 3 days trying to guess the settings and this is not working - my kids are screaming as they cant stream and my wife is v annoyed too!

    1. Setup so far which is working:

    pfSense (192.168.0.1) with WAN (DHCP, ok working); LAN 192.168.0.1/24. DHCP running on pfSense. GS724T switch connected to LAN, all devices working and pfSense assigning IP's and I can see them on DHCL leases. all good. Also WRT54GL connected from its LAN port into the switch as an access point. WIFI from the 54GL works.

    2. I want to connect my Linksys 1900AC into a separate interface on pfSense. say igb3, and have pfSense run DHCP on igb3, which should be a different subnet to the LAN.

    a. I have flushed dd-wrt on 1900AC.

    b. I set up WLAN interface on igb3 with static ip of 192.168.1.1/24 and have enabled DHCP on WLAN

    c. I set 'advanced routing' in dd-wrt to be 'Router'

    d. I have WAN disabled on dd-wrt and have 'network setup in basic settings' as :

    IP 192.168.1.2, subnet 255.255.255.0, GW 192.168.1.1, DNS 192.168.1.1

    e. On a physical level, from what I understand it has to be a LAN-LAN connection not (Linksys WAN port -> pfSense igb3). so, I have LAN-LAN connected.

    I have a PC connected also to another LAN port of the DD-WRT with static IP of 192.168.1.5, only to manage the dd-wrt and diagnostics for now. I cannot ping say from 192.168.1.5 to 192.168.0.1 or 192.168.1.1 ..

    PLEASE could you help me with the DDWRT configuration.

    thank you



  • I have no idea about DDWRT, but on pfSense check these things:

    1. The address that WAN is getting from upstream. Make sure it is not anything in 192.168.0.0/24 or 192.168.1.0/24 (because you are using those for your local subnets on LAN and OPT1)

    2. Add a pass rule on pfSense OPT1, like on pfSense LAN. There is a "pass all" rule on LAN by default to get people going, but on OPT1 everything will be blocked by default.

    3. Enable DHCP on pfSense OPT1, and make sure that the DDWRT device is not also serving DHCP on the OPT1 network.



  • Hey thanks. The WAN is not in the 192-range, its public IP from ISP.
    I've managed to get all things working, including FW rule to allow WLAN <-> LAN.
    I have enabled DHCP on WLAN (OPT1), but It is not handing out IP's ..
    what's a good way to diagnose DHCP issues ?



  • Plug a client directly into OPT1 and see if it gets DHCP. If it does, then pfSense is not the problem, if it doesn't then do some Diagnostics->Packet Capture on OPT1 to see if the DHCP request from the client is received, and the response that should go back to the client.



  • c. I set 'advanced routing' in dd-wrt to be 'Router'

    I'm no ddwrt expert but I'm guessing this is your problem. Disable the routing functions on the Linksys 1900AC router and assign it a static IP outside the DHCP range that you set in pfSense WLAN.



  • @Jailer:

    c. I set 'advanced routing' in dd-wrt to be 'Router'

    I'm no ddwrt expert but I'm guessing this is your problem.

    Unless major changes have been made that isn't the problem.

    "Router" is what I use on every DD-WRT that I use as access points behind my pfSenses. In DD-WRT what shouldn't be used is "Gateway", as that would assume the WAN port to be conncted to an ISP and doing NAT (not that it matters too much when only connecting the LAN ports…).


  • Netgate Administrator

    Yeah, router mode sounds wrong but between that and gateway mode it's definitely preferable. Is there not an 'access point' mode?

    This would seem to imply not: http://www.dd-wrt.com/wiki/index.php/Wireless_Access_Point

    If you are able to pull a dhcp lease from pfSense on a client connected to one of the 1900AC LAN ports but not the wifi then it's still doing something between those interfaces. Routing probably. They need to be bridged.

    Steve



  • @cs1212:

    e. On a physical level, from what I understand it has to be a LAN-LAN connection not (Linksys WAN port -> pfSense igb3). so, I have LAN-LAN connected.

    If you tick the "Assign WAN Port to Switch" option in Setup, Basic Setup, WAN Port, it can also be used as a LAN port.



  • @stephenw10:

    Yeah, router mode sounds wrong but between that and gateway mode it's definitely preferable. Is there not an 'access point' mode?

    No, there's no AP mode.

    This is from the online help: "If the router is hosting your Internet connection, select Gateway mode. If another router exists on your network, select Router mode.".

    In router mode with WAN disabled, DD-WRT is simply a single network router. There's nothing wrong with that.



  • @cs1212:

    I have enabled DHCP on WLAN (OPT1), but It is not handing out IP's ..

    You should have your DD-WRT Setup, Basic Setup, Network Address Server Settings (DHCP), DHCP Type set to "DHCP Forwarder" and pointing to the pfSense interface (192.168.1.1 if I'm not wrong). Is that what you have?


  • Netgate Administrator

    It's been a while since I used dd-wrt but on most soho routers like that the wifi is bridged to the LAN switch so they appear as a single layer2. If the wifi clients are broadcasting dhcp requests I would expect them to hit the pfSense dhcp server on opt1. If they don't then dd-wrt is filtering between the interfaces or routing between them. Something is getting in the way of that traffic.

    That's assuming a client connected to on the of the other LAN ports on the 1900AC is getting a lease correctly.

    Steve



  • thanks. I plugged a laptop straight into OPT1 - laptop is not getting IP.
    in firewall rules, for WLAN I have  have an ALLOW all from WLAN net to *
    DHCP is enabled on OPT1

    **I've done a packet capture, I see

    17:26:12.518827 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 300

    coming in, so it looks like the laptop is requesting an IP. it has to be my FW rules ?**
    any ideas?



  • @stephenw10:

    It's been a while since I used dd-wrt but on most soho routers like that the wifi is bridged to the LAN switch so they appear as a single layer2. If the wifi clients are broadcasting dhcp requests I would expect them to hit the pfSense dhcp server on opt1.

    That's the way it is in DD-WRT by default also.



  • @cs1212:

    thanks. I plugged a laptop straight into OPT1 - laptop is not getting IP.
    in firewall rules, for WLAN I have  have an ALLOW all from WLAN net to *
    DHCP is enabled on OPT1

    I've now seen you mention igb3, OPT1 and WLAN. I'm assuming they are all referring to the same interface, but are they really?

    If yes, please stick with calling it only a single name.

    Remember that what is obvious to you isn't to us as we don't see the screens you're looking at.



  • Yes, you are correct and right..  OPT1=WLAN=igb3



  • @cs1212:

    thanks. I plugged a laptop straight into OPT1 - laptop is not getting IP.
    in firewall rules, for WLAN I have  have an ALLOW all from WLAN net to *
    DHCP is enabled on OPT1

    **I've done a packet capture, I see

    17:50:25.377638 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 300
    17:50:28.379503 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 300
    17:50:36.382661 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 300
    17:50:42.340831 IP 169.254.104.103.137 > 169.254.255.255.137: UDP, length 50
    17:50:42.342599 ARP, Request who-has 192.168.0.124 tell 169.254.104.103, length 46
    17:50:42.981205 ARP, Request who-has 192.168.0.124 tell 169.254.104.103, length 46
    17:50:43.090581 IP 169.254.104.103.137 > 169.254.255.255.137: UDP, length 50
    17:50:43.855037 IP 169.254.104.103.137 > 169.254.255.255.137: UDP, length 50
    17:50:43.979626 ARP, Request who-has 192.168.0.124 tell 169.254.104.103, length 46
    17:50:44.620016 IP 169.254.104.103.137 > 169.254.255.255.137: UDP, length 50
    17:50:45.383867 IP 169.254.104.103.137 > 169.254.255.255.137: UDP, length 50
    17:50:46.148302 IP 169.254.104.103.137 > 169.254.255.255.137: UDP, length 50
    17:50:46.913263 IP 169.254.104.103.137 > 169.254.255.255.137: UDP, length 50
    17:50:47.677125 IP 169.254.104.103.137 > 169.254.255.255.137: UDP, length 50
    17:50:48.441553 IP 169.254.104.103.137 > 169.254.255.255.137: UDP, length 50
    17:50:49.206350 IP 169.254.104.103.137 > 169.254.255.255.137: UDP, length 50
    17:50:49.970376 IP 169.254.104.103.137 > 169.254.255.255.137: UDP, length 50
    17:50:50.734795 IP 169.254.104.103.137 > 169.254.255.255.137: UDP, length 50
    17:50:51.749021 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 300
    17:51:24.775043 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 300
    17:51:28.799771 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 300
    17:51:36.802889 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 300
    17:51:52.824513 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 300
    17:52:03.351494 IP 169.254.104.103.137 > 169.254.255.255.137: UDP, length 50
    17:52:03.352968 ARP, Request who-has 192.168.0.124 tell 169.254.104.103, length 46
    17:52:03.978400 ARP, Request who-has 192.168.0.124 tell 169.254.104.103, length 46
    17:52:04.103399 IP 169.254.104.103.137 > 169.254.255.255.137: UDP, length 50
    17:52:04.867804 IP 169.254.104.103.137 > 169.254.255.255.137: UDP, length 50
    17:52:04.976828 ARP, Request who-has 192.168.0.124 tell 169.254.104.103, length 46
    17:52:05.632833 IP 169.254.104.103.137 > 169.254.255.255.137: UDP, length 50
    17:52:06.396647 IP 169.254.104.103.137 > 169.254.255.255.137: UDP, length 50
    17:52:07.161077 IP 169.254.104.103.137 > 169.254.255.255.137: UDP, length 50
    17:52:07.926051 IP 169.254.104.103.137 > 169.254.255.255.137: UDP, length 50
    17:52:08.689911 IP 169.254.104.103.137 > 169.254.255.255.137: UDP, length 50
    17:52:09.454331 IP 169.254.104.103.137 > 169.254.255.255.137: UDP, length 50
    17:52:10.219321 IP 169.254.104.103.137 > 169.254.255.255.137: UDP, length 50
    17:52:10.983167 IP 169.254.104.103.137 > 169.254.255.255.137: UDP, length 50
    17:52:11.747574 IP 169.254.104.103.137 > 169.254.255.255.137: UDP, length 50**
    any ideas?


  • Banned



  • @doktornotor:

    How about reading the docs?

    https://www.dd-wrt.com/wiki/index.php/Wireless_Access_Point

    Not helpful for the OPT1 DHCP problem



  • Post screenshots of your DHCP configuration and firewall rules for the WLAN interface in pfSense.



  • @P3R:

    Post screenshots of your DHCP configuration and firewall rules for the WLAN interface in pfSense.

    Here's a few .. v weird.

    FYI - DHCP on LAN works OK:


  • Banned

    There's no need for the DHCP rule you put there in the first place. Also, there's DHCP log and there's firewall log. Look there.



  • I decided to REBOOT pfSense and ALL fixed.
    also removed the 0.0.0.0 FW rule and still works.
    So.. sometimes its a simple Reboot.
    thanks to everyone who helped.


  • Banned

    Hmmmm, the mighty Redmond method…  ;D :D



  • I'm using 3 Linksys routers (as dumb AP devices) loaded with DD-WRT for the last …. many years !
    Version : Firmware: DD-WRT v24-sp2 (10/10/09) std

    My wifi network is hooked up to pfSense, OPT2, using 192.168.2.1/24.

    AP1 has IP 1912.168.2.2
    AP2 has IP 1912.168.2.3
    AP3 has IP 1912.168.2.4

    For all AP's :
    Subnet Mask : 255.255.255.0
    Gateway : 192.168.2.1
    Local DNS : 192.168.2.1

    Local DHCP server : disabled.

    WAN Connection Type : disabled.

    All my AP's are hooked up to pfSense using a central switch, but daisy chaining from OPT1 to AP1 to AP2 etc is also possible (I never use the WAN port, even when it is declared as another LAN port).


Log in to reply