[Solved] VLAN10 cannot access internet (over VPN)



  • I am using a 2 NIC network card in my pfSense and in one of the NICs I have a Ubiquiti UAP-AC-PRO connected which I am connected to WLAN writing this post now. I want to setup a VLAN for my IOT-devices and I have followed this guide: https://www.youtube.com/watch?v=b2w1Ywt081o

    Although I do not have a Smart Swith as the creator of that video, but I guess that shouldn't matter? The only thing between my UAP and the pfSense is the PoE-injector to get it powered.

    I've looked into this old post and when connected to the VLAN I can access my NAS and other devices and I when I type "ping google.com" in CMD it gives me back googles IP but it cannot ping it, so I guess DNS is working but it stops there? The rules in outbound NAT are there too, set to manual.
    https://forum.pfsense.org/index.php?topic=47057.15

    Please see attached screenshots for my settings.
    Any suggestion what I have made wrong?
    Do I need to buy a smart switch?

    Any help greatly appreciated!













  • Is that dual-NIC card capable of VLANs, and is it compatible with FreeBSD/pfSense?

    Something about your DHCP is weird - you should have a 'WAN' option, but all I can see is LAN / WLAN / VLAN10 .. no WAN.



  • @moikerz:

    Is that dual-NIC card capable of VLANs, and is it compatible with FreeBSD/pfSense?

    Something about your DHCP is weird - you should have a 'WAN' option, but all I can see is LAN / WLAN / VLAN10 .. no WAN.

    Thank you for your reply!

    I have a "Lenovo Intel Ethernet Server Adapter I350-T2 4XC0F28730" and as far as I can google I believe it's supports vlan?
    Could it be a drivers issue that pfSense doesn't have the drivers? Can I install the drivers manually? https://downloadcenter.intel.com/download/17509/Intel-Network-Adapter-Gigabit-Base-Driver-for-FreeBSD-?product=59062

    When I look at the DHCP settings on my LAN and WLAN I cannot see anything about WAN, could you show me a printscreen of your WAN option you think of please?



  • i350 looks ok, from what I can tell.

    Are you using a VPN service as your WAN? If so, then vlan10 probably isn't allowed to traverse that.



  • @moikerz:

    i350 looks ok, from what I can tell.

    Are you using a VPN service as your WAN? If so, then vlan10 probably isn't allowed to traverse that.

    Thanks again for reaching out!

    Yes I am using a VPN for my whole network. Connected via OpenVPN to ovpn.com's servers.
    Although if I disable the OpenVPN connection (Status -> OpenVPN -> Stop openvpn service) I cannot reach internet. Maybe there's a more correct way to disable the VPN to test out if it works without VPN?

    Yes, you are absolutely right, I tried yet again to disable the VPN connection although I've tried this some days ago without any change. Now It works with the VPN disabled though. Thank you! :D

    So now I wonder if it's possible to traverse vlan through the VPN?


  • Rebel Alliance Global Moderator

    just policy route and put rule allowing the access you want to access a vlan above the rule that sends traffic out the vpn.



  • @johnpoz:

    just policy route and put rule allowing the access you want to access a vlan above the rule that sends traffic out the vpn.

    I found this https://philsheets.me/blog/multi-vlan-vpn-endpoint-pfsense-network/ and added 2 new NAT rules in outbound, see attached screenshot and highlighted rules I added and now it works. :D

    I gotta be honest I don't understand what you are suggesting. But since it's working now, and I already have multiple auto-created rules in Outbound i guess this will qualify as a fair solution? :P

    ![NAT outbound.PNG](/public/imported_attachments/1/NAT outbound.PNG)
    ![NAT outbound.PNG_thumb](/public/imported_attachments/1/NAT outbound.PNG_thumb)