VLAN + DHCP + OpenWrt

simplei · Oct 4, 2014, 8:03 AM

Hi all,

I want to separate wireless visitors from my network so decided to use vlans on pfsense and openwrt.
My openwrt device directly connected with 1 lan cable to pfsense and i designed the system below;

pfsense
– lan interface 192.168.1.1/27 on re1
-- vlan interface 10 192.168.1.64/27 on re1
-- vlan interface 20 192.168.1.97/27 on re1
-- dhcp enabled on all interfaces.
-- firewall rules added for pass all.
-- pfsense restarted after configuration
OpenWrt
-- ssid 1 vlan 10 member
-- ssid 2 vlan 20 member
-- ssid 3 without vlan
-- dhcp disabled on the device
-- firewall disabled on the device
-- OpenWrt restarted after configuration

I can connect with ssid 3 without a problem.
But when i try to connect with ssid 1 or 2, dhcp can not assign me an ip.
When i connect via ssid 3 i can ping vlan 10 and 20 interfaces. Also i can ping vlan 10 and 20 interface from openwrt console.

How can i solve the dhcp problem on this design ?

Derelict · Oct 4, 2014, 8:43 AM

@simplei:

– vlan interface 10 192.168.1.64/27 on re1
-- vlan interface 20 192.168.1.97/27 on re1

Did you mean:

– vlan interface 10 192.168.1.65/27 on re1_vlan10
– vlan interface 20 192.168.1.97/27 on re1_vlan20

If your ssid 1 and ssid 2 interfaces are assigned to re1_vlan10 and re1_vlan20 in respectively in Interfaces->Assign, then your problem is likely in openwrt and its configuration of tagged VLANs.

As an aside, why such small subnets? RFC1918 addresses are free.

Also, you can always assign a static IP address and see if you can ping the pfSense interface to determine if you have a DHCP problem or a layer 2 problem. My hunch is the latter.

simplei · Oct 4, 2014, 9:23 AM

Thank you for your fast response and reply.

I know there is a strange ip addressing in the definition. I will solve and fix range problems.
So for ex. vlan 10 will start with .65
I am using small subnets because the potential userbase is very small and i will be creating vpn's with other systems via this system.

Wireless is on openwrt so i can only define vlans on pfsense side.
Btw. vlan and untagged interfaces is on the same interface re1.

I can not even see a related records about vlans in system logs.
Should i modify any other thing on pfsense side ?

Thanks

Derelict · Oct 4, 2014, 9:29 AM

Please post a screenshot of Interfaces->(assign)->Interface Assignments

Since this is a pfSense forum we should make sure pfSense is good to go first.

simplei · Oct 4, 2014, 9:43 AM

Allright changed the ip ranges.
Attached 2 images related with the interfaces.

Thats right lets solve the pfsense side. Thanks.

http://tinypic.com/view.php?pic=qxtn3b&s=8#.VC_Brvl_uSo
http://tinypic.com/view.php?pic=i3tq87&s=8#.VC_B1Pl_uSo

Derelict · Oct 4, 2014, 10:41 AM

Looks fine. Probably a problem with openwrt.

simplei · Oct 4, 2014, 4:39 PM

@Derelict:

Looks fine. Probably a problem with openwrt.

I will work on openwrt then recheck my pfsense.
Thanks.

simplei · Oct 4, 2014, 9:57 PM

It seems it's a openwrt configuration problem. ;)
Solved the issue.
Thanks.

G.D. Wusser Esq. · Oct 5, 2014, 12:10 AM

May or may not be an issue to you, just keep in mind that the untagged interface can spy on your tagged ones.

pablot · Jun 15, 2017, 2:17 PM

@simplei:

It seems it's a openwrt configuration problem. ;)
Solved the issue.
Thanks.

Hi, can you share your OpenWRT configuration?. I have a similar setup and I'm stucked with the problem that my clients do not get addresses through DHCP. :-(