WI-Fi extender without internet



  • I have a network, with an pfSense router, connected to an wireless router set like a switch, for wireless access. pfSense is my DHCP server, the DHCP from wireless router was disabled. In other floor I have an WI-Fi extender (Edimax N300). With 1 month ago, the internet connection on the second floor, worked fine. I don't remember what setting I maked on the pfSense router, because, now, the internet connection on the second floor, not working. The WI-Fi extender is fine, have IP in same class with pfSense. If I conect my computer, to WI-Fi extender, I receive IP in same class with pfSense, but internet connection not working and pfSense not responding to ping.
    I'm sure, is a settings from pfSense, because I configurated the wireless router, for routing WAN connection,  and all is fine.



  • @xplozia:

    …  have IP in same class with pfSense. If I conect my computer, to WI-Fi extender, I receive IP in same class with pfSense,

    You received an IP, fine, your member of the LAN, but other IP's are also important.
    I'll list them for you :
    IP - you have it.
    Gateway ?
    DNS ?

    edit : release the DHCP lease on your PC, and renew it?
    Did you saw the corresponding DHCP lease log when checking the DHCP log in pSense ?



  • The pfSense router are set to give me the same IP.
    My settings aftter I changed between extender and router:

    WI-FI Extender:

    Connection-specific DNS Suffix  . : localdomain
      Description . . . . . . . . . . . : Qualcomm Atheros QCA9377 Wireless Network Adapter
      Physical Address. . . . . . . . . : 58-00-E3-92-65-57
      DHCP Enabled. . . . . . . . . . . : Yes
      Autoconfiguration Enabled . . . . : Yes
      Link-local IPv6 Address . . . . . : fe80::5565:7c25:1ade:4ce4%4(Preferred)
      IPv4 Address. . . . . . . . . . . : 192.168.10.100(Preferred)
      Subnet Mask . . . . . . . . . . . : 255.255.255.0
      Lease Obtained. . . . . . . . . . : Sunday, December 17, 2017 4:32:15 PM
      Lease Expires . . . . . . . . . . : Sunday, December 17, 2017 6:32:15 PM
      Default Gateway . . . . . . . . . : 192.168.10.1
      DHCP Server . . . . . . . . . . . : 192.168.10.1
      DHCPv6 IAID . . . . . . . . . . . : 156762339
      DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-21-1F-CB-73-A8-1E-84-34-DE-43
      DNS Servers . . . . . . . . . . . : 192.168.10.1
      NetBIOS over Tcpip. . . . . . . . : Enabled

    pfSense DHCP lease WI-FI Extender:

    Dec 17 16:32:14 dhcpd DHCPREQUEST for 192.168.10.100 from 58:00:e3:92:65:57 via ue0
    Dec 17 16:32:14 dhcpd DHCPACK on 192.168.10.100 to 58:00:e3:92:65:57 via ue0

    Wireless router :

    Connection-specific DNS Suffix  . : localdomain
      Description . . . . . . . . . . . : Qualcomm Atheros QCA9377 Wireless Network Adapter
      Physical Address. . . . . . . . . : 58-00-E3-92-65-57
      DHCP Enabled. . . . . . . . . . . : Yes
      Autoconfiguration Enabled . . . . : Yes
      Link-local IPv6 Address . . . . . : fe80::5565:7c25:1ade:4ce4%4(Preferred)
      IPv4 Address. . . . . . . . . . . : 192.168.10.100(Preferred)
      Subnet Mask . . . . . . . . . . . : 255.255.255.0
      Lease Obtained. . . . . . . . . . : Sunday, December 17, 2017 4:33:14 PM
      Lease Expires . . . . . . . . . . : Sunday, December 17, 2017 6:33:13 PM
      Default Gateway . . . . . . . . . : 192.168.10.1
      DHCP Server . . . . . . . . . . . : 192.168.10.1
      DHCPv6 IAID . . . . . . . . . . . : 156762339
      DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-21-1F-CB-73-A8-1E-84-34-DE-43
      DNS Servers . . . . . . . . . . . : 192.168.10.1
      NetBIOS over Tcpip. . . . . . . . : Enabled

    pfSense DHCP lease Wireless router:
    Dec 17 16:33:14 dhcpd DHCPREQUEST for 192.168.10.100 from 58:00:e3:92:65:57 via ue0
    Dec 17 16:33:14 dhcpd DHCPACK on 192.168.10.100 to 58:00:e3:92:65:57 via ue0



  • The info you showed seems fine to me.

    I and you know now that the the DHCP protocol (on port 68, UDP) works fine.

    Now for the next tests:
    Can you resolve ?
    Easy test :
    On your PC, ping to www.google.com.
    At least, you should see this :

    C:\Users\My-PC>ping www.google.com
    
    Envoi d'une requête 'ping' sur www.google.com [2a00:1450:400b:c00::63] avec 32 o
    ctets de données :
    Réponse de 2a00:1450:400b:c00::63 : temps=98 ms
    Réponse de 2a00:1450:400b:c00::63 : temps=65 ms
    
    

    The first line show that resolving works for me. "ww/google.com" is "2a00:1450:400b:c00::63" - does it for you - did you get an IPv4 or IPv6 ?

    Also : show us your firewall rules on your interface - LAN I presume.
    If you have ANY rules, just test like this : delete them all - and the default "pass - all " will be used (if your interface IS LAN) - does your connection works then ?

    Another test (very useful !) : when you connect your PC directly to pfSense, does your connection work ? (and if so, you know now where to look …)



  • My ping to from WI-FI Extender:
    C:\Users\Cristian>ping 8.8.8.8

    Pinging 8.8.8.8 with 32 bytes of data:
    Request timed out.
    Request timed out.
    Request timed out.

    Ping statistics for 8.8.8.8:
        Packets: Sent = 3, Received = 0, Lost = 3 (100% loss),

    My ping from Wireless router:
    C:\Users\Cristian>ping 8.8.8.8

    Pinging 8.8.8.8 with 32 bytes of data:
    Reply from 8.8.8.8: bytes=32 time=48ms TTL=57
    Reply from 8.8.8.8: bytes=32 time=46ms TTL=57
    Reply from 8.8.8.8: bytes=32 time=46ms TTL=57
    Reply from 8.8.8.8: bytes=32 time=21ms TTL=57

    Ping statistics for 8.8.8.8:
        Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

    The ping in google.com not working on WI-FI Extender but working on Wireless router
    The Wireless router are directly connected to pfSense




  • @xplozia:

    My ping to from WI-FI Extender:
    C:\Users\Cristian>ping 8.8.8.8

    Pinging 8.8.8.8 with 32 bytes of data:
    Request timed out.
    Request timed out.
    Request timed out.

    Ping statistics for 8.8.8.8:
        Packets: Sent = 3, Received = 0, Lost = 3 (100% loss),

    My ping from Wireless router:
    C:\Users\Cristian>ping 8.8.8.8

    Pinging 8.8.8.8 with 32 bytes of data:
    Reply from 8.8.8.8: bytes=32 time=48ms TTL=57
    Reply from 8.8.8.8: bytes=32 time=46ms TTL=57
    Reply from 8.8.8.8: bytes=32 time=46ms TTL=57
    Reply from 8.8.8.8: bytes=32 time=21ms TTL=57

    Ping statistics for 8.8.8.8:
        Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

    You are using an IP : 8.8.8.8 so resolving does NOT take place.
    I said : www.google.com - not some IP.

    @xplozia:

    The ping in google.com not working on WI-FI Extender but working on Wireless router
    The Wireless router are directly connected to pfSense

    As your already know by now : pfSense is ok, but the setup of one of the other devices isn't.

    Btw, a wireless router should just be an AP and not a router - keeping these devices as router can complicate things. You don't want a "router after router" setup.



  • The router are set like a switch. The LAN cable, form pfSense, are insert on LAN port of the wireless router. The WAN port are empty on Wireless router. The DHCP service are disabled on Wireless router.
    I'm sure, is a settings from pfSense, because I configurated the wireless router, for routing WAN connection,  and all is fine with WI-FI Extender.



  • And what about the LAN firewall rules ?

    Consider also packet capturing on pfSense on the LAN.
    Disconnect / remove all device except one on the extender.
    Activate the capturing, see what comes in, and gets out.
    UDP port 68 works, as DHCP works.
    Do you see the ICMP arrive ?
    Other (TCP) ?



  • Do you have "Block private networks and loopback addresses" ticked if you do untick it.



  • @NogBadTheBad:

    Do you have "Block private networks and loopback addresses" ticked if you do untick it.

    Yes, are ticked



  • @Gertjan:

    And what about the LAN firewall rules ?

    Consider also packet capturing on pfSense on the LAN.
    Disconnect / remove all device except one on the extender.
    Activate the capturing, see what comes in, and gets out.
    UDP port 68 works, as DHCP works.
    Do you see the ICMP arrive ?
    Other (TCP) ?

    Thanks!
    I have set "DHCP Static Mappings" for few devices. I changed, IP for my phone, on pfSense, from192.x.x.102 to 192.x.x.111, and after connected my phone, to the wirelsess router I received 192.x.x.111 IP and the same IP when I connected my phone to WI-FI Extender.
    I captured traffic for my phone and I have, where 192.168.10.1 is my pfSense:
    For wireless router:
    192.168.10.1.53:
    172.217.16.110.80:
    172.217.16.110.80:
    172.217.16.110.80:
    172.217.16.110.80:
    172.217.16.110.80:
    172.217.16.110.80:
    172.217.16.110.80:
    172.217.16.110.80:
    192.168.10.1.53:
    169.60.79.74.5222:
    185.60.218.170.443:
    185.60.218.170.443:
    185.60.218.170.443:
    185.60.218.170.443:

    For Extender:
    192.168.10.1.53:
    192.168.10.1.53:
    157.240.9.170.443:
    192.168.10.1.53:
    192.168.10.1.53:
    192.168.10.1.53:
    192.168.10.1.53:
    157.240.9.170.443:
    157.240.9.170.443:
    192.168.10.1.53:
    192.168.10.1.53:
    192.168.10.1.53:
    192.168.10.1.53:
    192.168.10.1.53:
    192.168.10.1.53:
    157.240.9.170.443:

    In my Wi-FI extender you can see only 53 and 443 ports  :(



  • @xplozia:

    @NogBadTheBad:

    Do you have "Block private networks and loopback addresses" ticked if you do untick it.

    Yes, are ticked

    If Block private networks and loopback addresses is ticked and your other device is using  rfc1918 address space pfSense will block it.

    Untick it, rfc1918 address space is :-

    10.0.0.0        -  10.255.255.255  (10/8 prefix)
    172.16.0.0      -  172.31.255.255  (172.16/12 prefix)
    192.168.0.0    -  192.168.255.255 (192.168/16 prefix)



  • @NogBadTheBad:

    @xplozia:

    @NogBadTheBad:

    Do you have "Block private networks and loopback addresses" ticked if you do untick it.

    Yes, are ticked

    If Block private networks and loopback addresses is ticked and your other device is using  rfc1918 address space pfSense will block it.

    Untick it, rfc1918 address space is :-

    10.0.0.0        -  10.255.255.255  (10/8 prefix)
    172.16.0.0      -  172.31.255.255  (172.16/12 prefix)
    192.168.0.0    -  192.168.255.255 (192.168/16 prefix)

    I Untick it, but the problems persist. The extender shoult copy the router settings



  • I'm out of other ideas. :(



  • Problem solved!

    :D

    I reinstalled the pfSense an I reconfigurated step by step. The problem was with "Create an ARP Table Static Entry for this MAC & IP Address pair." because I configurated static mapping for few devices. When I have checked on "Create an ARP Table Static Entry for this MAC & IP Address pair."  the connexion with WIFI extender not working. Without this check, all is fine.



  • @xplozia That absolutely fixed the exact same problem I was having. Not sure why setting static ARP entries for static DHCP clients would cause the issue, but once I removed that setting from each static DHCP assignment, my repeater is working perfectly again. Nice work!


  • Netgate Administrator

    It's because using a wifi repeater the local access point only sees the MAC address of the repeater and not clients. Thus when you have static ARP set replies never reach the clients.
    Wireless repeaters suck for a number of reasons including that. 😉
    https://en.wikipedia.org/wiki/Wireless_repeater#Drawbacks

    Steve



  • @stephenw10 said in WI-Fi extender without internet:

    It's because using a wifi repeater the local access point only sees the MAC address of the repeater and not clients.

    You may wish to take a look at a WiFi frame. You'll see the end point MACs are completely separate from the WiFi addresses. There is even a 4th address field for bridges (repeaters). Also, I don't think WiFi repeaters would sell very well, if static ARP was required to make them work. It seems to me the problem may be elsewhere.

    BTW, these O'Reilly books from Matthew Gast are excellent references. He's an engineer on the IEEE 802.11 committee.


  • Netgate Administrator

    Mmm, I thought that. Seems like it should still be one layer 2...
    But I'm seeing multiple references showing the opposite. As I'm reading it's setting static ARP that prevents them working correctly, hence mostly they just work.
    I guess more research needed...

    Steve


Log in to reply