No Internet after initial pf sense configuration

the_jaeger · Oct 23, 2018, 4:17 PM

I installed pf sense on a desktop and completed the initial configuration to access the web gui. When connected to the lan, through copper, I can connect to the web gui, but I receive a "this web address does not exist or moved IP's" with any other domain that I try to connect to.

I configured the google default DNS and my ISP's DHCP on the router and really didn't touch any other setting on in the configuration.
The wan on the router is set to dhcp with an ip of 10.17.28.0 and the lan is configured with the static ip of 192.168.1.1

I also have an old tp-link router that I'm using for the ap (I disabled the the dhcp and set the static ip to 192.168.1.2). When connected wireless with another device I cannot access the web gui.

It is giving out dhcp leases to all the devices that are connected wirelessly, but I cannot connect to anything. I called my ISP and they could not find the mac address I provided from my NIC (which I am using for the wan).

Raffi_ · Oct 23, 2018, 9:15 PM

10.17.28.0 is a private IP address and would not be on the WAN. Is the idea for this pfSense desktop to replace the old tp-link router? If so, does that tp-link router work when you plug it in instead of pfSense? If so, what is the WAN IP provided to that router?

Also, you don't have to put the google DNS servers into the general setup page. Leave it blank, by default Unbound (Services > DNS Resolver) will do the DNS resolution and is a better setup.

Raffi

stephenw10 · Oct 23, 2018, 9:29 PM

Can you connect out from pfSense?
In the webgui try to ping 8.8.8.8 from Diagnostics > Ping. Then try to ping google.com.

Is the access point connected to the pfSense LAN interface?
Usually if clients can pull a DHCP lease but nothing else it's because there is no firewall rule to allow it but the LAN should have a rule there by default.

Steve

the_jaeger · Oct 23, 2018, 9:53 PM

@raffi_ the idea is to use the TP-Link as an ap to the pfsense box. The router worked beforehand and still works now. The ip given to it is assigned as 192.168.1.1 if I set the interface to autoconfig

the_jaeger · Oct 23, 2018, 11:13 PM

@stephenw10 with the ap connected, I could connect wirelessly, but I would not receive internet or could access the web gui. Wired into the lan i can access the web gui but not the internet. Either connection can be pinged from the pfsense box however

stephenw10 · Oct 24, 2018, 2:54 AM

If you can connect out from pfSense by IP or FQDN but not from a client behind it that's usually a NAT problem.

The default setting for outbound NAT is automatic which should work here unless you have changed it.

Otherwise it looks like a subnet conflict.

Which port of the TP-Link did you connect? It has to be one of the internal ports. It's WAN port should be unconnected. 192.168.1.2 should be on its internal interface.
https://www.netgate.com/docs/pfsense/wireless/use-an-existing-wireless-router-with-pfsense.html

Steve

JKnott · Oct 24, 2018, 1:13 AM

@the_jaeger said in No Internet after initial pf sense configuration:

and my ISP's DHCP

How do you configure for an ISP's DHCP? You either enable DHCP or configure for a static address. Beyond enabling it, there's nothing else to configure for DHCP..

the_jaeger · Oct 24, 2018, 2:54 AM

@stephenw10 I've already looked at Netgate's documentation on the connection between the devices. I think the TP-link ap is working fine and doing its job. Where I make my emphasis is that even with my ap disconnected and my laptop connected to the lan of the pfsense box, I still cannot connect to the internet; its definitely isolated to whatever the pfsense's config is.

Although I did change the static ip of the TP-link, before connecting it to the lan of the pfsense, to 192.168.1.2 and even when I changed the default interface config of the pfsense lan from 1.1 to 1.2 it still showed no difference anywhere.

I did not adjust the NAT at configuration

the_jaeger · Oct 24, 2018, 3:05 AM

@jknott DHCP is what I meant

stephenw10 · Oct 24, 2018, 4:07 AM

You seem to have two separate problems though.

You get not external access from a client on the LAN.

Wireless clients cannot connect to the pfSense GUI even.

I was attemptiong to address the second which only seems likely if the TP-Link is actually still routing in some way rather than acting as a pure layer 2 AP.

Steve

the_jaeger · Oct 24, 2018, 4:42 AM

@stephenw10 But I already stated that I still have these issues when the TP-link router isn't even connected to the pfsense box and I'm wired in to pfsense. I think it might be a NAT or DNS issue since it's isolated to pfsense and it gives me the "the website could not be found or changed ip" when I try to access the internet, but I don't know what would be wrong besides leaving the DNS blank and not using Google's DNS on the default config, but I've seen this done and it work flawlessly. @Raffi_ also mentioned the private ip issue, but that was the default config given by pfsense.

I disabled the DHCP completely on the TP-link before I ever connected it to the pfsense box and I only connected it to the LAN. Though at first I did connect it to the wan of the TP-link during the very first configuration; but I factory reset it, disabled dhcp, set the static ip, and then connected it correctly to the pfsense. I did not try to connect to the gui or the internet during that period.

Grimson · Oct 24, 2018, 12:34 PM

Show your config with screenshots, or it's just wild guessing here.

stephenw10 · Oct 24, 2018, 1:08 PM

Yes, we need to see your setup.

I would still say that you have two separate issues there. If you can open the pfSense gui from a wired connection you should also be able to from a wireless connection with the TP-Link connected to the same intrerface. If you can't then it's not acting as a pure AP.

Steve

chpalmer · Oct 24, 2018, 2:23 PM

The wan and lan of the tp box cannot be in the same subnet.. unless that device has a "bridge mode"..

the_jaeger · Oct 25, 2018, 4:21 AM

@Grimson @Raffi_ @stephenw10 a private ip is also used for wan for the TP-link router when used as my regular router and works over a public ip for the lan just fine. That limits it to the firewall or NAT issue

stephenw10 · Oct 25, 2018, 12:14 PM

Ok, then we need to see how it's configured to offer more.

Steve

the_jaeger · Oct 25, 2018, 10:52 PM

@Grimson @Raffi_ @stephenw10 Update: the entire problem was registering the mac add to the ISP. I'm receiving full internet capabilities, but now I'm running into a new obstacle. I've configured the admin access to allow more than one device access it and anytime I try to access it from another device besides the laptop I was wired to, it will not let me. I'm also unable to connect to the internet with my phone

stephenw10 · Oct 25, 2018, 11:40 PM

@the_jaeger said in No Internet after initial pf sense configuration:

I've configured the admin access to allow more than one device access it

Not entirely sure what you mean by that. Can you be more specific about where that setting is and what you set it to?

Steve

the_jaeger · Oct 25, 2018, 11:52 PM

@stephenw10 I live in an apartment and with my subscription, anytime that a new router is introduced to the wan, it's mac address must be registered with the ISP before that device receives an active connection to the internet.

it works now, but now I have the issue of all cell phones that connect to internet take 5 minutes to finally connect. Would port forwarding solve this issue or at least mitigate it?

Raffi_ · Oct 26, 2018, 2:05 PM

@the_jaeger I'm also confused by what you mean on the limited admin access. Do you mean admin access to pfSense or the TP-link ap? Please be more specific.

Can a device wired directly into the TP-link ap get internet access immediately? Is it only a wireless device which has a delay before it can access the web?