When connected to pfsense box via wifi not even ping works

maeries

Hi,

I'm new to pfsense and I want to built a wlan router. I've set up everything and it works perfectly via lan, but not via wlan. In the interface -> opt1(wifi) settings I've set it to static ipv4, gave it an ip address, enabled wpa2 and set the channel to 11. Everything else, I think, is default.

When I try to connect to it with my laptop it only works when I give it a static ip. Otherwise it will not receive an ip address. Also when I scan the network with fing there is the pfsense box, but I can't ping it, because it says 'host unreachable'. Also when I connect two devices to the wifi I can't ping one with the other one and of course I can't connect to the internet.

When I try to connect to the wifi without a static ip on the client, status -> system logs -> system -> wireless looks like this

Jan 12 05:52:06 	hostapd: ath0_wlan0: STA 8c:3a:e3:18:73:1b IEEE 802.11: associated
Jan 12 05:52:06 	hostapd: ath0_wlan0: STA 8c:3a:e3:18:73:1b WPA: event 1 notification
Jan 12 05:52:06 	hostapd: ath0_wlan0: STA 8c:3a:e3:18:73:1b WPA: start authentication
Jan 12 05:52:06 	hostapd: ath0_wlan0: STA 8c:3a:e3:18:73:1b IEEE 802.1X: unauthorizing port
Jan 12 05:52:06 	hostapd: ath0_wlan0: STA 8c:3a:e3:18:73:1b WPA: sending 1/4 msg of 4-Way Handshake
Jan 12 05:52:06 	hostapd: ath0_wlan0: STA 8c:3a:e3:18:73:1b WPA: received EAPOL-Key frame (2/4 Pairwise)
Jan 12 05:52:06 	hostapd: ath0_wlan0: STA 8c:3a:e3:18:73:1b WPA: sending 3/4 msg of 4-Way Handshake
Jan 12 05:52:06 	hostapd: ath0_wlan0: STA 8c:3a:e3:18:73:1b WPA: received EAPOL-Key frame (4/4 Pairwise)
Jan 12 05:52:06 	hostapd: ath0_wlan0: STA 8c:3a:e3:18:73:1b IEEE 802.1X: authorizing port
Jan 12 05:52:06 	hostapd: ath0_wlan0: STA 8c:3a:e3:18:73:1b RADIUS: starting accounting session 52D20DB8-00000004
Jan 12 05:52:06 	hostapd: ath0_wlan0: STA 8c:3a:e3:18:73:1b WPA: pairwise key handshake completed (RSN)
Jan 12 05:52:17 	hostapd: ath0_wlan0: WPA rekeying GTK
Jan 12 05:52:17 	hostapd: ath0_wlan0: STA 8c:3a:e3:18:73:1b WPA: sending 1/2 msg of Group Key Handshake
Jan 12 05:52:17 	hostapd: ath0_wlan0: STA 8c:3a:e3:18:73:1b WPA: received EAPOL-Key frame (2/2 Group)
Jan 12 05:52:17 	hostapd: ath0_wlan0: STA 8c:3a:e3:18:73:1b WPA: group key handshake completed (RSN)
Jan 12 05:53:43 	hostapd: ath0_wlan0: WPA rekeying GTK
Jan 12 05:53:43 	hostapd: ath0_wlan0: STA 8c:3a:e3:18:73:1b WPA: sending 1/2 msg of Group Key Handshake
Jan 12 05:53:43 	hostapd: ath0_wlan0: STA 8c:3a:e3:18:73:1b WPA: received EAPOL-Key frame (2/2 Group)
Jan 12 05:53:43 	hostapd: ath0_wlan0: STA 8c:3a:e3:18:73:1b WPA: group key handshake completed (RSN)
Jan 12 05:54:01 	hostapd: ath0_wlan0: STA 8c:3a:e3:18:73:1b IEEE 802.11: deassociated
Jan 12 05:54:01 	hostapd: ath0_wlan0: STA 8c:3a:e3:18:73:1b WPA: event 2 notification
Jan 12 05:54:01 	hostapd: ath0_wlan0: STA 8c:3a:e3:18:73:1b IEEE 802.1X: unauthorizing port
Jan 12 05:54:22 	hostapd: ath0_wlan0: STA 8c:3a:e3:18:73:1b IEEE 802.11: associated
Jan 12 05:54:22 	hostapd: ath0_wlan0: STA 8c:3a:e3:18:73:1b WPA: event 1 notification
Jan 12 05:54:22 	hostapd: ath0_wlan0: STA 8c:3a:e3:18:73:1b WPA: start authentication
Jan 12 05:54:22 	hostapd: ath0_wlan0: STA 8c:3a:e3:18:73:1b IEEE 802.1X: unauthorizing port
Jan 12 05:54:22 	hostapd: ath0_wlan0: STA 8c:3a:e3:18:73:1b WPA: sending 1/4 msg of 4-Way Handshake
Jan 12 05:54:22 	hostapd: ath0_wlan0: STA 8c:3a:e3:18:73:1b WPA: received EAPOL-Key frame (2/4 Pairwise)
Jan 12 05:54:22 	hostapd: ath0_wlan0: STA 8c:3a:e3:18:73:1b WPA: sending 3/4 msg of 4-Way Handshake
Jan 12 05:54:22 	hostapd: ath0_wlan0: STA 8c:3a:e3:18:73:1b WPA: received EAPOL-Key frame (4/4 Pairwise)
Jan 12 05:54:22 	hostapd: ath0_wlan0: STA 8c:3a:e3:18:73:1b IEEE 802.1X: authorizing port
Jan 12 05:54:22 	hostapd: ath0_wlan0: STA 8c:3a:e3:18:73:1b RADIUS: starting accounting session 52D20DB8-00000005
Jan 12 05:54:22 	hostapd: ath0_wlan0: STA 8c:3a:e3:18:73:1b WPA: pairwise key handshake completed (RSN)

plong

I'm still struggling to get a WAP working myself, but I think the problem is that you should set "IPv4 Configuration Type" to "None," not to "Static IPv4," and then you should bridge the LAN interface with your wireless interface. Check out this page: http://www.interspective.net/2012/07/one-pfsense-wireless-config-to-rule.html

maeries

thanks for your help. I tried to do the standalone configuration because I didn't get what to do for the bridge configuration. Basicly the only thing I had to do was to enable the DHCP server on the wifi interface and give it a range. Now, when I connect my phone via wifi to the pfsense box the phone receives an ip address, but its still not able to ping the pfsense box.

Also, I tried the bridged version before, but when I got to the update paragraph I didn't know how to "assign the newly created BRIDGE interface to LAN". I clicked on the dropdown next to LAN and chose the bridge, but then it says "You cannot set port bridge0 to interface LAN because this interface is a member of bridge0." which makes sense to me. So what did he maen with  "assign the newly created BRIDGE interface to LAN"?

johnpoz

"Now, when I connect my phone via wifi to the pfsense box the phone receives an ip address, but its still not able to ping the pfsense box"

And what rules did you create on the opt1 wifi firewall tab?  The only default rules that get created are for the first lan interface.. I you enable any other interfaces you have to create the firewall rules you want..  Be it wifi, be it another wired interface.

So no your not going to be able to ping pfsense wifi IP or any other IP for that matter because the default rule for a new interface is block.

interspective

Hi Plong,

I wrote that article. Strictly speaking you don't need to assign the bridge to a specific interface.
As long as you have firewall rules on all interfaces involved to allow traffic to traverse, then you wont have any issues.
Remember, if you don't have connectivity, check your firewall log to see whats being blocked.

Josh.

maeries

@johnpoz:

And what rules did you create on the opt1 wifi firewall tab?

Thanks, that was my mistake. I thought the firewall would allow anything with default settings. Now I have set the rules like described in the article and everything seems to work with the standalone configuration. Maybe I try the bridge configuration at the weekend.