Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [Solved] VLAN10 cannot access internet (over VPN)

    Scheduled Pinned Locked Moved General pfSense Questions
    7 Posts 3 Posters 695 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      truetype
      last edited by

      I am using a 2 NIC network card in my pfSense and in one of the NICs I have a Ubiquiti UAP-AC-PRO connected which I am connected to WLAN writing this post now. I want to setup a VLAN for my IOT-devices and I have followed this guide: https://www.youtube.com/watch?v=b2w1Ywt081o

      Although I do not have a Smart Swith as the creator of that video, but I guess that shouldn't matter? The only thing between my UAP and the pfSense is the PoE-injector to get it powered.

      I've looked into this old post and when connected to the VLAN I can access my NAS and other devices and I when I type "ping google.com" in CMD it gives me back googles IP but it cannot ping it, so I guess DNS is working but it stops there? The rules in outbound NAT are there too, set to manual.
      https://forum.pfsense.org/index.php?topic=47057.15

      Please see attached screenshots for my settings.
      Any suggestion what I have made wrong?
      Do I need to buy a smart switch?

      Any help greatly appreciated!
      1.PNG
      1.PNG_thumb
      2.PNG
      2.PNG_thumb
      3.PNG
      3.PNG_thumb
      4.PNG
      4.PNG_thumb
      5.PNG
      5.PNG_thumb
      6.PNG
      6.PNG_thumb

      1 Reply Last reply Reply Quote 0
      • M
        moikerz
        last edited by

        Is that dual-NIC card capable of VLANs, and is it compatible with FreeBSD/pfSense?

        Something about your DHCP is weird - you should have a 'WAN' option, but all I can see is LAN / WLAN / VLAN10 .. no WAN.

        1 Reply Last reply Reply Quote 0
        • T
          truetype
          last edited by

          @moikerz:

          Is that dual-NIC card capable of VLANs, and is it compatible with FreeBSD/pfSense?

          Something about your DHCP is weird - you should have a 'WAN' option, but all I can see is LAN / WLAN / VLAN10 .. no WAN.

          Thank you for your reply!

          I have a "Lenovo Intel Ethernet Server Adapter I350-T2 4XC0F28730" and as far as I can google I believe it's supports vlan?
          Could it be a drivers issue that pfSense doesn't have the drivers? Can I install the drivers manually? https://downloadcenter.intel.com/download/17509/Intel-Network-Adapter-Gigabit-Base-Driver-for-FreeBSD-?product=59062

          When I look at the DHCP settings on my LAN and WLAN I cannot see anything about WAN, could you show me a printscreen of your WAN option you think of please?

          1 Reply Last reply Reply Quote 0
          • M
            moikerz
            last edited by

            i350 looks ok, from what I can tell.

            Are you using a VPN service as your WAN? If so, then vlan10 probably isn't allowed to traverse that.

            1 Reply Last reply Reply Quote 0
            • T
              truetype
              last edited by

              @moikerz:

              i350 looks ok, from what I can tell.

              Are you using a VPN service as your WAN? If so, then vlan10 probably isn't allowed to traverse that.

              Thanks again for reaching out!

              Yes I am using a VPN for my whole network. Connected via OpenVPN to ovpn.com's servers.
              Although if I disable the OpenVPN connection (Status -> OpenVPN -> Stop openvpn service) I cannot reach internet. Maybe there's a more correct way to disable the VPN to test out if it works without VPN?

              Yes, you are absolutely right, I tried yet again to disable the VPN connection although I've tried this some days ago without any change. Now It works with the VPN disabled though. Thank you! :D

              So now I wonder if it's possible to traverse vlan through the VPN?

              1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator
                last edited by

                just policy route and put rule allowing the access you want to access a vlan above the rule that sends traffic out the vpn.

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                1 Reply Last reply Reply Quote 0
                • T
                  truetype
                  last edited by

                  @johnpoz:

                  just policy route and put rule allowing the access you want to access a vlan above the rule that sends traffic out the vpn.

                  I found this https://philsheets.me/blog/multi-vlan-vpn-endpoint-pfsense-network/ and added 2 new NAT rules in outbound, see attached screenshot and highlighted rules I added and now it works. :D

                  I gotta be honest I don't understand what you are suggesting. But since it's working now, and I already have multiple auto-created rules in Outbound i guess this will qualify as a fair solution? :P

                  ![NAT outbound.PNG](/public/imported_attachments/1/NAT outbound.PNG)
                  ![NAT outbound.PNG_thumb](/public/imported_attachments/1/NAT outbound.PNG_thumb)

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.