Unable to get OPT1 to work
-
@Gertjan Your explanation was very thorough and I hope you (or someone else here) can help with troubleshooting my similar problem. Even after going through all the above steps, my OPT1 interface won't work... sort of. It does show up under the DHCP leases, and if I connect my laptop to that port I can ping Google.com and get a response, but for some reason when I plug in my wireless router (in AP mode) to the OPT1 port and then try to connect to Wi-Fi, my cell phone and smart tv both find the wireless router and connect but give an error saying "no internet". What could be causing this and how to fix it???
One difference to note: I assigned a different subnet address to the OPT1 interface. So for example, my LAN is on 192.168.1.1 and my OPT1 port is assigned to 192.168.49.1 just to separate them and make it easier to set up a firewall setting down the road to isolate the wireless devices from my LAN if I want. As of now I don't have any blocking firewall settings for OPT1 - just a single rule to pass all traffic thru.
-
@a-networking-noob
Seems the wireless router is not in AP mode in fact.
To verify, connect your laptop to the wifi. If it's running in AP mode there should be no difference to the wired connection. -
@viragomann Been swamped, but finally had some spare time to check and I'm baffled. I'm using my laptop now connected to the WiFi (no wired connections) and it's working fine, so guess that means my router is in AP mode. (It did take a minute or so to connect initially for some reason???). But trying to connect my smartphone to the same WiFi I still get this error message "Connected/No Internet access". Same for my SmartTV.
As a side note, I have also been trying to run a hardware device that needs to connect to the internet and connecting it via cable connection to OPT1 gives me a similar result - it simply won't connect.
Any other ideas or ways to troubleshoot these issues? I just don't understand where to begin looking for the problem. Is it pfsense or the Protectli vault running pfsense, or the devices that won't connect???
-
@a-networking-noob On OPT do you have firewall rules allowing access? LAN has default allow-to-any rules for IPv4 and IPv6.
-
@a-networking-noob
Are you running pfBlockerNG or similar on pfSense? Maybe it blocks what the devices try to connect to to determine internet connection. -
@SteveITS said in Unable to get OPT1 to work:
@a-networking-noob On OPT do you have firewall rules allowing access? LAN has default allow-to-any rules for IPv4 and IPv6.
Yes I do. Here's what I set up:
-
This post is deleted! -
This post is deleted! -
@viragomann said in Unable to get OPT1 to work:
@a-networking-noob
Are you running pfBlockerNG or similar on pfSense? Maybe it blocks what the devices try to connect to to determine internet connection.Not to my knowledge. I'm just using pfSense as is...
-
@a-networking-noob said in Unable to get OPT1 to work:
@SteveITS said in Unable to get OPT1 to work:
@a-networking-noob On OPT do you have firewall rules allowing access? LAN has default allow-to-any rules for IPv4 and IPv6.
Yes I do. Here's what I set up:
And here are my LAN firewall rules:
-
@a-networking-noob Well the allow OPT1 Net to any rule says it's handled 2 GB of traffic which verifies that part is OK, also you did with a wired device.
Getting different results with different devices is unexpected. Are those devices getting a DHCP address in your OPT1 range? (did you set up DHCP on it?) Do you have any floating firewall rules? If so try disabling those.
-
@a-networking-noob said in Unable to get OPT1 to work:
and my OPT1 port is assigned to 192.168.49.1
So this is what you have :
The /24 at the right side is important ( this one is often set wrongly ...... and the interface doesn't seem to "work" any more )
For example, a /32 will "break everything".When you create/activate an interface, you also 'have to' set up a pfSense DHCP server for that (OPT1) interface :
Goto Services > DHCP Server > OPT1 and check "enable"
Check that these show these numbers :Subnet 192.168.49.0 Subnet mask 255.255.255.0 Available range 192.168.49.1 - 192.168.49.254and select a pool range, for example
From 10 To 100Save - and Apply.
From now on, when you connect a device on the OPT1 interface, check that the device got a DHCP lease.
A Windows PC : typeipconfig /allAny other device : you should now how to check network settings.
On pfSense : Goto Status > System Logs > DHCP and you see the device you've connected doing the DHCP request.
Btw : I presume your devices all use "DHCP", as already said above, and don't have a static IP setup. Static is also possible, but you are not allowed to make mistakes ^^
-
@Gertjan Thanks for trying to help by walking me through all that. I had all the correct settings already including the /24 for the IPv4 Address, DHCP server enabled for OPT1, the subnet and subnet mask values all matching what you showed, and a pool range set from 100-254.
When I then switched my smartphone to try to connect to the WiFi (on OPT1) and checked the phone it said the IP address assigned was 192.168.49.101 which matches what I found under the Status - DHCP Leases on pfSense - 192.168.49.101, lease type Active and Online. But the phone still says it's connected but no internet access.
Still baffled...
-
@SteveITS said in Unable to get OPT1 to work:
@a-networking-noob Well the allow OPT1 Net to any rule says it's handled 2 GB of traffic which verifies that part is OK, also you did with a wired device.
Getting different results with different devices is unexpected. Are those devices getting a DHCP address in your OPT1 range? (did you set up DHCP on it?) Do you have any floating firewall rules? If so try disabling those.
No floating firewall rules. And yep, DHCP is set up and my smartphone does show up in the DHCP leases, but the phone still says no internet access.
-
Not sure if it's the same issue(s) folks in this thread are having, but I just resolved my own "OPT1 Problem". See: This Thread
-
Sorry I forgot to reply. I restored the device, set up interfaces in the terminal, and changed the firewall rules. All interfaces are working.
-
@a-networking-noob said in Unable to get OPT1 to work:
connect to the WiFi (on OPT1)
There is another device between your phone and pfSense : the access point .....
Also : can you connect to 192.168.49.1 and see the login page of pfSense ?
DNS works on your phone ?
Does it use "192.168.49.1" = the resolver, or something else ?Can you wire up (using the cable) a device to OPT1, and then check ?
-
@gfvalvo said in Unable to get OPT1 to work:
Not sure if it's the same issue(s) folks in this thread are having, but I just resolved my own "OPT1 Problem". See: This Thread
Seems you lucked out! I tried the DNS trick you used but didn't solve my issue. :/
Thanks anyway...
-
@Gertjan said in Unable to get OPT1 to work:
@a-networking-noob said in Unable to get OPT1 to work:
connect to the WiFi (on OPT1)
There is another device between your phone and pfSense : the access point .....
Also : can you connect to 192.168.49.1 and see the login page of pfSense ?
No - I only have one extra firewall rule set up for OPT1 to block access to pfSense
But even after disabling that rule, I still can't connect to the WiFi on OPT1.
DNS works on your phone ?
Does it use "192.168.49.1" = the resolver, or something else ?Yes. The IP address my phone gets is in the pool range I set, and the DNS is 192.168.49.1 which matches what is shown on pfSense DNS resolver.
I've tried it with a 2nd phone and got the exact same result - can connect to the WiFi but no internet access.
Can you wire up (using the cable) a device to OPT1, and then check ?
Connecting my laptop to my OPT1, either by direct cable connection, or through WiFi, I can access the internet fine.
-
@a-networking-noob said in Unable to get OPT1 to work:
Connecting my laptop to my OPT1, either by direct cable connection, or through WiFi, I can access the internet fine.
Ok, good
This excludes cables, the access point, pfSense, the OPT1 interface.Ditch the phones, and done. (joking of course).
You didn't tell anything about these phones, but they are (most probably) the issue.
They do communicate just fine : the DHCP exchange was happening.
(still hoping that you still can confirm that it did received a correct IP, and gateway, and DNS - and that you could do a DNS lookup with them, just to know that it does communicate with pfSense)The solution might be available in the phones : delete the Wifi entry - and re-connect to that wifi SSID again.
