Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Wireless AP traffic on LAN drops out

    Wireless
    3
    5
    4.7k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jcole358
      last edited by

      Occasionally - probably at least once a day, and traffic on the LAN from wireless clients stops working to the pfsense box or the WAN. Keep in mind that the this traffic is coming via APs on the LAN and not a wireless card on the pfsense box. This affects all wireless clients at the time it happens also - including new clients which are able to pull an IP. Also, if I log packets from one of the affected boxes, then try to ping from that client to the pfsense box, the ARP request is received and answered but the ping packet is not received or answered. It is not the wireless AP since restarting it doesn't help and also LAN to LAN traffic works perfectly. No wired clients are affected.
      Resetting the filters fixes the problem, but obviously this is not allowable behavior in a production setup. Any ideas?

      1 Reply Last reply Reply Quote 0
      • E
        edgauthier
        last edited by

        I just recently installed pfSense and for the most part it's been working great. However, I appear to be experiencing this same problem as the original poster.

        My setup is as follows:

        WAN (DHCP) <-> pfSense (1.2-RELEASE) <-> LAN (192.168.106.0/24), DHCP Server (.50-.99)
                                                                    <-> WLAN (192.168.107.0/24), DHCP Server (.50-.99)

        I have a DLink DI-524 router configured as an AP connected to the WLAN(OPT1) interface via a LAN port on the DI-524. WLAN is assigned 192.168.107.1, and the DI-524 has a LAN IP address of 192.168.107.2 - both with 255.255.255.0 as the subnet mask. Gateway is unspecified for the DHCP Server on WLAN and clients correctly receive 192.168.107.1 as their default gateway.

        Firewall rules are set up correctly per tutorials I've followed on the web and everything works great after boot up. However, periodically, I'm unable to communicate with the pfSense box via wireless connections (or wired connections plugged into the DI-524 directly). I can communicate fine with other wireless clients on the 192.168.107.0/24 subnet, but not 192.168.107.1. Additionally, everything on the LAN subnet/interface continues to work with no problems.

        When this starts happening, I've tried renewing my DHCP IP, reconfiguring the wireless connection on the laptop, power cycling the AP, restoring the AP to factory settings and reconfiguring - and none of that resolves the problem. When tinkering with some of the settings in pfSense, I'm sometimes able to get things working again, but I haven't narrowed it down, and it doesn't always seem to work.

        The only guaranteed way I've found to fix the issue is rebooting the pfSense box. As soon as I do that, all of the wireless clients begin working again.

        It appears to be some sort of routing issue, but as far as I can tell, everything is correct in Diagnostics -> Routes. Diagnostics -> ARP Tables also appears to be correct.

        Some additional details:

        • A rule is in place to prevent all traffic on the WLAN interface from the LAN.

        • All other traffic on the WLAN interface is allowed.

        • LAN traffic is allowed everywhere.

        • From the LAN, I can ping the WLAN interface (192.168.107.1) and other wireless clients, however I can't ping 192.168.107.2 (the LAN address of the DI-524).

        • From the WLAN, I can ping 192.168.107.2 (and also access the web configuration for the DI-524).

        • Before setting up the separate WLAN interface, the DI-524 was plugged into the LAN (with a 192.168.106.0/24 IP) and I experienced the same issues with wireless clients unable to contact the default gateway (LAN interface in this case).

        I'm new to BSD and pfSense, so I'm not sure what else to do to troubleshoot. I've tried searching the forums, wiki, documentation, and tutorials, and haven't found any solution. I'd appreciate any help I can get.

        Thanks,
        -Ed

        1 Reply Last reply Reply Quote 0
        • W
          wallabybob
          last edited by

          edgauthier: What version of pfSense are you using?. Have you tried any of the 1.2.1 RC kits? (They have more up to date drivers.)

          Sounds like your problem might be in the pfSense <-> WLAN router link. When the problem happens check interface status at both end of the link. Check error counters, console logs etc for some notification of a link problem. Try disconnecting then reconnecting one end of the cable then the other end to see if it makes a difference.

          1 Reply Last reply Reply Quote 0
          • E
            edgauthier
            last edited by

            I'm running 1.2-RELEASE right now. I considered trying 1.2.1-RC1, but didn't see anything in the release notes or changelog related to this issue. I wasn't sure if this was a driver issue because I'm seeing it across 2 different cards with 2 different drivers (first on the LAN via a 3COM wired NIC, and now on the WLAN via a Linksys wired NIC).

            I agree that the issue is somewhere with the pfSense <-> WLAN router link. I'm pretty sure that I can't talk/ping between 192.168.107.1 and 192.168.107.2 when the issue occurs, but I'll double check the scenarios later tonight.

            I haven't tried disconnecting/connecting the cable, but I'll give that a shot to see if it reveals anything.

            I've looked in the logs available via the pfSense UI, as well as looking through the logs in /var/log on the machine itself (it looks like the UI gives access to most of these already which is nice), and haven't seen anything there that jumps out at me. I'll take a look again tonight while I do more testing.

            Thanks,
            -Ed

            1 Reply Last reply Reply Quote 0
            • E
              edgauthier
              last edited by

              I've just noticed some additional details. I fired up a wireless client just now, and wasn't able to get to the internet. I also couldn't ping that wireless device from my LAN. I logged into the pfSense box and couldn't ping the device from their either. However, I then pinged the IP address of the DI-524 (192.178.107.2) and as soon as I did that, pings from the LAN to the wireless device started working, and the wireless device could reach the internet.

              I stopped traffic (no pings or web requests) and wait a moment or so. Next request fails, and no ping responses from wireless client. As soon as I ping 192.168.107.2 from the pfSense box, everything immediately starts working.

              Nothing shows up in the logs during this time.

              It definitely sounds like a routing issue, but I'm not sure what to do to solve it. From what I understand, I shouldn't need a static route configured since everything on the WLAN is part of the same network that is assigned to the WLAN interface.

              Any other tips or pointers? Anywhere else I can look to figure out what is going on?

              Thanks,
              -Ed

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.