Unable to get OPT1 to work
-
When my access point is connected to the internet, it says it has internet, but then it doesn't work, how do I check that it's configured correctly?
-
Hi there;
I had the same problem, so i reinstalled my netgate and after checking everything, it worked, so i think that it is an installation error.
hop it's going to work for you aswell. -
@Brett-1 said in Unable to get OPT1 to work:
it says it has internet, but then it doesn't work
Initially, pfSense has a WAN and a LAN as a minimum.
You could have added more interfaces if you were using the console access to 'init' pfSense.When you use the GUI, LAN and WAN exists, and you add a new interface.
If needed, the manual is there : Interface ConfigurationTake also a look at the next page : IPv4 Configuration Types
Knowing that LAN uses static IPv4 setup : 192.168.1.1/24 your newly created second interface will be called OPT1.
Give it a static IPv4 setup like this : just 4 things to set :
Now the interface is active.
Step 2 : It's time to earn your pay-check, being an firewall admin !
The newly created interface has ... no firewall rule what so ever ( !! ). This means nothing can 'enter' that interface, its not usable at all.So, for starters, do what Netgate did for your LAN interface when you installed pfSense : create an identical firewall rule on the OPT1 interface :
Note :
- you can combine IPv4 and IPv6 if you want, if you have IPv6 available.
- The source isn't "LAN net", you have to select "OPT1 net".
- Save, and Apply.
Not done yet ! Step 3:
Goto Services > DHCP Server > OPT1My OPT1 is renamed as "PORTAL" but the concept is the same :
With words : activate it, give it a 'pool', like 192.168.2.10 to 192.168.2.254.
Save.At this moment, when you connect a device to your OPT1, it will obtain a DHCP lease, so it obtained an IPv4, a gateway, 192.168.2.1 and a DNS, 192.168.2.1.
You can check this by executingipconfig /allon your Windows device.
Linux and MAC users will know what to do to check this the same way.You will also see the DHCP lease here : Status > DHCP Leases
You can also see what happens by checking Status > System Logs > DHCPHave a look at Services > DNS Resolver > General Settings
"Network interfaces" should be set to "All" :
( this check is needed as it's common to see people do strange things with their DNS settings - by default, "All" is selected so 'it works out of the box' )
@Stefaan-0 said in Unable to get OPT1 to work:
I had the same problem, so i reinstalled my netgate and after checking everything, it worked, so i think that it is an installation error.
When re - installing, you can activate WAN, LAN and OPT1 (and more if you have to) from the console.
You'll also be asked to setup the network type of each interface.
For WAN, this is typically DHCP (client !)
For LAN, you have (up to you, its a choice, but you better do so) to set up the DHCP server with a lease pool.
For OPT1 : repeat the DHCP server setup,And yes, any mistakes made here might imply : you have to redo it.
Tip : on the console, assign and set up a WAN and a LAN.
If there are more interface, set them up afterwards using the GUI.Now for the good news (and bad, maybe) : This procedure is valid for pfSense.
The same procedure exists for any other brand of router firewall available on planet earth : yes, they are all the same.
You buy 10 $ Netgear router or a a 3200 $ Cisco Mega router firewall tomorrow : you will be doing the same thing.Btw : re installing wasn't needed. The console access comes in handy here. You can create a working situation from there.
-
@Gertjan Your explanation was very thorough and I hope you (or someone else here) can help with troubleshooting my similar problem. Even after going through all the above steps, my OPT1 interface won't work... sort of. It does show up under the DHCP leases, and if I connect my laptop to that port I can ping Google.com and get a response, but for some reason when I plug in my wireless router (in AP mode) to the OPT1 port and then try to connect to Wi-Fi, my cell phone and smart tv both find the wireless router and connect but give an error saying "no internet". What could be causing this and how to fix it???
One difference to note: I assigned a different subnet address to the OPT1 interface. So for example, my LAN is on 192.168.1.1 and my OPT1 port is assigned to 192.168.49.1 just to separate them and make it easier to set up a firewall setting down the road to isolate the wireless devices from my LAN if I want. As of now I don't have any blocking firewall settings for OPT1 - just a single rule to pass all traffic thru.
-
@a-networking-noob
Seems the wireless router is not in AP mode in fact.
To verify, connect your laptop to the wifi. If it's running in AP mode there should be no difference to the wired connection. -
@viragomann Been swamped, but finally had some spare time to check and I'm baffled. I'm using my laptop now connected to the WiFi (no wired connections) and it's working fine, so guess that means my router is in AP mode. (It did take a minute or so to connect initially for some reason???). But trying to connect my smartphone to the same WiFi I still get this error message "Connected/No Internet access". Same for my SmartTV.
As a side note, I have also been trying to run a hardware device that needs to connect to the internet and connecting it via cable connection to OPT1 gives me a similar result - it simply won't connect.
Any other ideas or ways to troubleshoot these issues? I just don't understand where to begin looking for the problem. Is it pfsense or the Protectli vault running pfsense, or the devices that won't connect???
-
@a-networking-noob On OPT do you have firewall rules allowing access? LAN has default allow-to-any rules for IPv4 and IPv6.
-
@a-networking-noob
Are you running pfBlockerNG or similar on pfSense? Maybe it blocks what the devices try to connect to to determine internet connection. -
@SteveITS said in Unable to get OPT1 to work:
@a-networking-noob On OPT do you have firewall rules allowing access? LAN has default allow-to-any rules for IPv4 and IPv6.
Yes I do. Here's what I set up:
-
This post is deleted! -
This post is deleted! -
@viragomann said in Unable to get OPT1 to work:
@a-networking-noob
Are you running pfBlockerNG or similar on pfSense? Maybe it blocks what the devices try to connect to to determine internet connection.Not to my knowledge. I'm just using pfSense as is...
-
@a-networking-noob said in Unable to get OPT1 to work:
@SteveITS said in Unable to get OPT1 to work:
@a-networking-noob On OPT do you have firewall rules allowing access? LAN has default allow-to-any rules for IPv4 and IPv6.
Yes I do. Here's what I set up:
And here are my LAN firewall rules:
-
@a-networking-noob Well the allow OPT1 Net to any rule says it's handled 2 GB of traffic which verifies that part is OK, also you did with a wired device.
Getting different results with different devices is unexpected. Are those devices getting a DHCP address in your OPT1 range? (did you set up DHCP on it?) Do you have any floating firewall rules? If so try disabling those.
-
@a-networking-noob said in Unable to get OPT1 to work:
and my OPT1 port is assigned to 192.168.49.1
So this is what you have :
The /24 at the right side is important ( this one is often set wrongly ...... and the interface doesn't seem to "work" any more )
For example, a /32 will "break everything".When you create/activate an interface, you also 'have to' set up a pfSense DHCP server for that (OPT1) interface :
Goto Services > DHCP Server > OPT1 and check "enable"
Check that these show these numbers :Subnet 192.168.49.0 Subnet mask 255.255.255.0 Available range 192.168.49.1 - 192.168.49.254and select a pool range, for example
From 10 To 100Save - and Apply.
From now on, when you connect a device on the OPT1 interface, check that the device got a DHCP lease.
A Windows PC : typeipconfig /allAny other device : you should now how to check network settings.
On pfSense : Goto Status > System Logs > DHCP and you see the device you've connected doing the DHCP request.
Btw : I presume your devices all use "DHCP", as already said above, and don't have a static IP setup. Static is also possible, but you are not allowed to make mistakes ^^
-
@Gertjan Thanks for trying to help by walking me through all that. I had all the correct settings already including the /24 for the IPv4 Address, DHCP server enabled for OPT1, the subnet and subnet mask values all matching what you showed, and a pool range set from 100-254.
When I then switched my smartphone to try to connect to the WiFi (on OPT1) and checked the phone it said the IP address assigned was 192.168.49.101 which matches what I found under the Status - DHCP Leases on pfSense - 192.168.49.101, lease type Active and Online. But the phone still says it's connected but no internet access.
Still baffled...
-
@SteveITS said in Unable to get OPT1 to work:
@a-networking-noob Well the allow OPT1 Net to any rule says it's handled 2 GB of traffic which verifies that part is OK, also you did with a wired device.
Getting different results with different devices is unexpected. Are those devices getting a DHCP address in your OPT1 range? (did you set up DHCP on it?) Do you have any floating firewall rules? If so try disabling those.
No floating firewall rules. And yep, DHCP is set up and my smartphone does show up in the DHCP leases, but the phone still says no internet access.
-
Not sure if it's the same issue(s) folks in this thread are having, but I just resolved my own "OPT1 Problem". See: This Thread
-
Sorry I forgot to reply. I restored the device, set up interfaces in the terminal, and changed the firewall rules. All interfaces are working.
-
@a-networking-noob said in Unable to get OPT1 to work:
connect to the WiFi (on OPT1)
There is another device between your phone and pfSense : the access point .....
Also : can you connect to 192.168.49.1 and see the login page of pfSense ?
DNS works on your phone ?
Does it use "192.168.49.1" = the resolver, or something else ?Can you wire up (using the cable) a device to OPT1, and then check ?
