VLAN + DHCP + OpenWrt

simplei

Hi all,

I want to separate wireless visitors from my network so decided to use vlans on pfsense and openwrt.
My openwrt device directly connected with 1 lan cable to pfsense and i designed the system below;

• pfsense
  – lan interface 192.168.1.1/27 on re1
  -- vlan interface 10 192.168.1.64/27 on re1
  -- vlan interface 20 192.168.1.97/27 on re1
  -- dhcp enabled on all interfaces.
  -- firewall rules added for pass all.
  -- pfsense restarted after configuration

• OpenWrt
  -- ssid 1 vlan 10 member
  -- ssid 2 vlan 20 member
  -- ssid 3 without vlan
  -- dhcp disabled on the device
  -- firewall disabled on the device
  -- OpenWrt restarted after configuration

I can connect with ssid 3 without a problem.
But when i try to connect with ssid 1 or 2, dhcp can not assign me an ip.
When i connect via ssid 3 i can ping vlan 10 and 20 interfaces. Also i can ping vlan 10 and 20 interface from openwrt console.

How can i solve the dhcp problem on this design ?

Derelict

@simplei:

– vlan interface 10 192.168.1.64/27 on re1
-- vlan interface 20 192.168.1.97/27 on re1

Did you mean:

– vlan interface 10 192.168.1.65/27 on re1_vlan10
– vlan interface 20 192.168.1.97/27 on re1_vlan20

If your ssid 1 and ssid 2 interfaces are assigned to re1_vlan10 and re1_vlan20 in respectively in Interfaces->Assign, then your problem is likely in openwrt and its configuration of tagged VLANs.

As an aside, why such small subnets?  RFC1918 addresses are free.

Also, you can always assign a static IP address and see if you can ping the pfSense interface to determine if you have a DHCP problem or a layer 2 problem.  My hunch is the latter.

simplei

Thank you for your fast response and reply.

I know there is a strange ip addressing in the definition. I will solve and fix range problems.
So for ex. vlan 10 will start with .65
I am using small subnets because the potential userbase is very small and i will be creating vpn's with other systems via this system.

Wireless is on openwrt so i can only define vlans on pfsense side.
Btw. vlan and untagged interfaces is on the same interface re1.

I can not even see a related records about vlans in system logs.
Should i modify any other thing on pfsense side ?

Thanks

Derelict

Please post a screenshot of Interfaces->(assign)->Interface Assignments

Since this is a pfSense forum we should make sure pfSense is good to go first.

simplei

Allright changed the ip ranges.
Attached 2 images related with the interfaces.

Thats right lets solve the pfsense side. Thanks.

http://tinypic.com/view.php?pic=qxtn3b&s=8#.VC_Brvl_uSo
http://tinypic.com/view.php?pic=i3tq87&s=8#.VC_B1Pl_uSo

Derelict

Looks fine.  Probably a problem with openwrt.

simplei

@Derelict:

Looks fine.  Probably a problem with openwrt.

I will work on openwrt then recheck my pfsense.
Thanks.

simplei

It seems it's a openwrt configuration problem.  ;)
Solved the issue.
Thanks.

G.D. Wusser Esq.

May or may not be an issue to you, just keep in mind that the untagged interface can spy on your tagged ones.

pablot

@simplei:

It seems it's a openwrt configuration problem.  ;)
Solved the issue.
Thanks.

Hi, can you share your OpenWRT configuration?. I have a similar setup and I'm stucked with the problem that my clients do not get addresses through DHCP. :-(