Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    AP isolation with OpenWrt

    Scheduled Pinned Locked Moved Wireless
    4 Posts 2 Posters 4.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ?
      Guest
      last edited by

      Hello,

      at the moment I have 2 wireless networks @ home, 1 for LAN (our own computers and stuff), and 1 for guests (visitors network with AP isolation enabled).

      My question is: can I make one wireless network with AP isolation enabled with the possibility to connect to other computers on that "AP isolated" network? (Client -> WiFi Acces Point -> pfSense -> WiFi Acces Point -> Client.

      I know clients can't connect to each other with AP isolation enabled, so I thought I can connect them trough firewall rules in pfSense.

      Is this possible? I have tried this once, but I didn't managed it the way I want it :(

      Chris 8)

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        No, at least not if the AP shown in your diagram is the same one. You can't route in and out of the same interface, and here you wouldn't be routing anyway. The two devices are on the same subnet so they will try to connect directly rather than via pfSense.
        You could try something a little messy if you only have a few or one device to do it. For example, setup a VPN server on pfSense then connect one of the wireless devices to it. It will then get an IP in the VPN subnet and can route back out to the other device. You will probably have to play around with some settings to get it working correctly though. ;)

        Oh, and where does OpenWRT come into this? Might be possible to do something drectly there if it's on your AP.

        Steve

        1 Reply Last reply Reply Quote 0
        • ?
          Guest
          last edited by

          Thanx for the info!

          Had already the idea it's not going to work because there is indeed no routing needed in this scenario :(

          OpenWRT (AP) is taking care off my VLAN's and Wifi isolation, that's all! (no firewall, routing, dhcp, etc.)

          Chris 8)

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            Hmm, well you might be able to do something within OpenWRT to achieve this. I'm unsure how OpenWRT handles client isolation (but now you've piqued my interest  :)). If it's at the radio level then you might be out of luck but if it's a layer 2 thing you might be able exclude MACs from the isolation.
            You could create a virual access point for the device you need to access and then allow traffic between them.
            If that doesn't work you can route traffic from that VAP via a different VLAN and route the traffic in pfSense.

            Many possibilities, all of them probably hours of fun!  ;)

            Steve

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.