Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Host OverRide for UnFi APs

    Scheduled Pinned Locked Moved General pfSense Questions
    47 Posts 6 Posters 8.2k Views 7 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • johnpozJ Offline
      johnpoz LAYER 8 Global Moderator @stephenw10
      last edited by johnpoz

      @stephenw10 said in Host OverRide for UnFi APs:

      able to connect to the AP anywhere.

      Concur - if there is a any any rule from where his ssh client is, then doesn't matter what rules are on the AP interface.. Unless he has some outbound rule in floating. But since his AP should be getting an IP from dhcp, its not really possible to have it use anything other than dhcp until its adopted..

      So unless he also dicked with the default dhcpd setting, the AP would be pointing back to pfsense as it gateway.

      But since this forest is so overgrown with weed trees, its hard to pick out the specific oak your looking for.

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 24.11 | Lab VMs 2.8, 24.11

      1 Reply Last reply Reply Quote 0
      • M Offline
        MagikMark
        last edited by

        Guys,

        Thank you for your patience. I cleaned my Floating Rules and Reset the state table.

        Everything now is working. FireHol was giving a lot of false positive. So I removed them all

        johnpozJ 1 Reply Last reply Reply Quote 0
        • johnpozJ Offline
          johnpoz LAYER 8 Global Moderator @MagikMark
          last edited by

          @magikmark said in Host OverRide for UnFi APs:

          FireHol was giving a lot of false positive

          Its not false if the IP range is included... A simple look to that firehol level 1, and it includes all the bogons, which would include rfc1918.

          So yeah with those rules you wouldn't be talking between your rfc1918 vlans ;)

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          1 Reply Last reply Reply Quote 1
          • M Offline
            MagikMark
            last edited by

            Just found out you need to disable your vpn when configuring APs. You will get disconnected status if you don't at least for Layer 3 adoptions.

            1 Reply Last reply Reply Quote 0
            • stephenw10S Offline
              stephenw10 Netgate Administrator
              last edited by

              A VPN in pfSense? If you are policy routing traffic across it then, yeah, it could well prevent local connections. You should probably have rules to allow it above policy routing though if that is the case.

              Steve

              M 1 Reply Last reply Reply Quote 0
              • M Offline
                MagikMark @stephenw10
                last edited by

                @stephenw10

                VPN is not in pfsense. Its in my desktop where the controller is also installed

                1 Reply Last reply Reply Quote 0
                • stephenw10S Offline
                  stephenw10 Netgate Administrator
                  last edited by

                  Ah, well similar deal if the VPN client is routing all your traffic over the VPN.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.