Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    When connected to pfsense box via wifi not even ping works

    Wireless
    4
    6
    2919
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      maeries last edited by

      Hi,

      I'm new to pfsense and I want to built a wlan router. I've set up everything and it works perfectly via lan, but not via wlan. In the interface -> opt1(wifi) settings I've set it to static ipv4, gave it an ip address, enabled wpa2 and set the channel to 11. Everything else, I think, is default.

      When I try to connect to it with my laptop it only works when I give it a static ip. Otherwise it will not receive an ip address. Also when I scan the network with fing there is the pfsense box, but I can't ping it, because it says 'host unreachable'. Also when I connect two devices to the wifi I can't ping one with the other one and of course I can't connect to the internet.

      When I try to connect to the wifi without a static ip on the client, status -> system logs -> system -> wireless looks like this

      Jan 12 05:52:06 	hostapd: ath0_wlan0: STA 8c:3a:e3:18:73:1b IEEE 802.11: associated
      Jan 12 05:52:06 	hostapd: ath0_wlan0: STA 8c:3a:e3:18:73:1b WPA: event 1 notification
      Jan 12 05:52:06 	hostapd: ath0_wlan0: STA 8c:3a:e3:18:73:1b WPA: start authentication
      Jan 12 05:52:06 	hostapd: ath0_wlan0: STA 8c:3a:e3:18:73:1b IEEE 802.1X: unauthorizing port
      Jan 12 05:52:06 	hostapd: ath0_wlan0: STA 8c:3a:e3:18:73:1b WPA: sending 1/4 msg of 4-Way Handshake
      Jan 12 05:52:06 	hostapd: ath0_wlan0: STA 8c:3a:e3:18:73:1b WPA: received EAPOL-Key frame (2/4 Pairwise)
      Jan 12 05:52:06 	hostapd: ath0_wlan0: STA 8c:3a:e3:18:73:1b WPA: sending 3/4 msg of 4-Way Handshake
      Jan 12 05:52:06 	hostapd: ath0_wlan0: STA 8c:3a:e3:18:73:1b WPA: received EAPOL-Key frame (4/4 Pairwise)
      Jan 12 05:52:06 	hostapd: ath0_wlan0: STA 8c:3a:e3:18:73:1b IEEE 802.1X: authorizing port
      Jan 12 05:52:06 	hostapd: ath0_wlan0: STA 8c:3a:e3:18:73:1b RADIUS: starting accounting session 52D20DB8-00000004
      Jan 12 05:52:06 	hostapd: ath0_wlan0: STA 8c:3a:e3:18:73:1b WPA: pairwise key handshake completed (RSN)
      Jan 12 05:52:17 	hostapd: ath0_wlan0: WPA rekeying GTK
      Jan 12 05:52:17 	hostapd: ath0_wlan0: STA 8c:3a:e3:18:73:1b WPA: sending 1/2 msg of Group Key Handshake
      Jan 12 05:52:17 	hostapd: ath0_wlan0: STA 8c:3a:e3:18:73:1b WPA: received EAPOL-Key frame (2/2 Group)
      Jan 12 05:52:17 	hostapd: ath0_wlan0: STA 8c:3a:e3:18:73:1b WPA: group key handshake completed (RSN)
      Jan 12 05:53:43 	hostapd: ath0_wlan0: WPA rekeying GTK
      Jan 12 05:53:43 	hostapd: ath0_wlan0: STA 8c:3a:e3:18:73:1b WPA: sending 1/2 msg of Group Key Handshake
      Jan 12 05:53:43 	hostapd: ath0_wlan0: STA 8c:3a:e3:18:73:1b WPA: received EAPOL-Key frame (2/2 Group)
      Jan 12 05:53:43 	hostapd: ath0_wlan0: STA 8c:3a:e3:18:73:1b WPA: group key handshake completed (RSN)
      Jan 12 05:54:01 	hostapd: ath0_wlan0: STA 8c:3a:e3:18:73:1b IEEE 802.11: deassociated
      Jan 12 05:54:01 	hostapd: ath0_wlan0: STA 8c:3a:e3:18:73:1b WPA: event 2 notification
      Jan 12 05:54:01 	hostapd: ath0_wlan0: STA 8c:3a:e3:18:73:1b IEEE 802.1X: unauthorizing port
      Jan 12 05:54:22 	hostapd: ath0_wlan0: STA 8c:3a:e3:18:73:1b IEEE 802.11: associated
      Jan 12 05:54:22 	hostapd: ath0_wlan0: STA 8c:3a:e3:18:73:1b WPA: event 1 notification
      Jan 12 05:54:22 	hostapd: ath0_wlan0: STA 8c:3a:e3:18:73:1b WPA: start authentication
      Jan 12 05:54:22 	hostapd: ath0_wlan0: STA 8c:3a:e3:18:73:1b IEEE 802.1X: unauthorizing port
      Jan 12 05:54:22 	hostapd: ath0_wlan0: STA 8c:3a:e3:18:73:1b WPA: sending 1/4 msg of 4-Way Handshake
      Jan 12 05:54:22 	hostapd: ath0_wlan0: STA 8c:3a:e3:18:73:1b WPA: received EAPOL-Key frame (2/4 Pairwise)
      Jan 12 05:54:22 	hostapd: ath0_wlan0: STA 8c:3a:e3:18:73:1b WPA: sending 3/4 msg of 4-Way Handshake
      Jan 12 05:54:22 	hostapd: ath0_wlan0: STA 8c:3a:e3:18:73:1b WPA: received EAPOL-Key frame (4/4 Pairwise)
      Jan 12 05:54:22 	hostapd: ath0_wlan0: STA 8c:3a:e3:18:73:1b IEEE 802.1X: authorizing port
      Jan 12 05:54:22 	hostapd: ath0_wlan0: STA 8c:3a:e3:18:73:1b RADIUS: starting accounting session 52D20DB8-00000005
      Jan 12 05:54:22 	hostapd: ath0_wlan0: STA 8c:3a:e3:18:73:1b WPA: pairwise key handshake completed (RSN)
      
      1 Reply Last reply Reply Quote 0
      • P
        plong last edited by

        I'm still struggling to get a WAP working myself, but I think the problem is that you should set "IPv4 Configuration Type" to "None," not to "Static IPv4," and then you should bridge the LAN interface with your wireless interface. Check out this page: http://www.interspective.net/2012/07/one-pfsense-wireless-config-to-rule.html

        1 Reply Last reply Reply Quote 0
        • M
          maeries last edited by

          thanks for your help. I tried to do the standalone configuration because I didn't get what to do for the bridge configuration. Basicly the only thing I had to do was to enable the DHCP server on the wifi interface and give it a range. Now, when I connect my phone via wifi to the pfsense box the phone receives an ip address, but its still not able to ping the pfsense box.

          Also, I tried the bridged version before, but when I got to the update paragraph I didn't know how to "assign the newly created BRIDGE interface to LAN". I clicked on the dropdown next to LAN and chose the bridge, but then it says "You cannot set port bridge0 to interface LAN because this interface is a member of bridge0." which makes sense to me. So what did he maen with  "assign the newly created BRIDGE interface to LAN"?

          1 Reply Last reply Reply Quote 0
          • johnpoz
            johnpoz LAYER 8 Global Moderator last edited by

            "Now, when I connect my phone via wifi to the pfsense box the phone receives an ip address, but its still not able to ping the pfsense box"

            And what rules did you create on the opt1 wifi firewall tab?  The only default rules that get created are for the first lan interface.. I you enable any other interfaces you have to create the firewall rules you want..  Be it wifi, be it another wired interface.

            So no your not going to be able to ping pfsense wifi IP or any other IP for that matter because the default rule for a new interface is block.

            1 Reply Last reply Reply Quote 0
            • I
              interspective last edited by

              Hi Plong,

              I wrote that article. Strictly speaking you don't need to assign the bridge to a specific interface.
              As long as you have firewall rules on all interfaces involved to allow traffic to traverse, then you wont have any issues.
              Remember, if you don't have connectivity, check your firewall log to see whats being blocked.

              Josh.

              1 Reply Last reply Reply Quote 0
              • M
                maeries last edited by

                @johnpoz:

                And what rules did you create on the opt1 wifi firewall tab?

                Thanks, that was my mistake. I thought the firewall would allow anything with default settings. Now I have set the rules like described in the article and everything seems to work with the standalone configuration. Maybe I try the bridge configuration at the weekend.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post

                Products

                • Platform Overview
                • TNSR
                • pfSense
                • Appliances

                Services

                • Training
                • Professional Services

                Support

                • Subscription Plans
                • Contact Support
                • Product Lifecycle
                • Documentation

                News

                • Media Coverage
                • Press
                • Events

                Resources

                • Blog
                • FAQ
                • Find a Partner
                • Resource Library
                • Security Information

                Company

                • About Us
                • Careers
                • Partners
                • Contact Us
                • Legal
                Our Mission

                We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                Subscribe to our Newsletter

                Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                © 2021 Rubicon Communications, LLC | Privacy Policy