Hi everyone,
I just followed the opnsense guide to set a guest wifi, I made a VLAN and configured all the dhcp and firewall rules on opn sense.
I use a openwrt as AP only, I created an interface with a bridge between the guest SSID and the eth0.10 VLAN (VLAN ID is 10 for me).
The DHCP server work and I get an acces to opnsense (didnt made a rule to block that yet). But the DNS is not working, "time out" on each nslookup command.
I think I'm close to the goal, did I miss something ?
I change my VLAN ID to 20
My guest network rules :
(https://i.imgur.com/65Io51K.png)
I can't ping the VLAN 20 gateway when from a host on this VLAN.
My Openwrt configuration :
(https://i.imgur.com/9NbSfXc.png)
(https://i.imgur.com/HbyjVpU.png)
(https://i.imgur.com/e5eW9fx.png)
I see that in my firewall logs, the traffic between my host and the gateway is blocked. But I don't know why its on the LAN interface and not on my VLAN interface
(https://i.imgur.com/tga6FQb.png)
I really don't understand why it is not working, I followed several tutorials and it should be working
I suspect this is a problem on your Openwrt unit and not on OPNSense then if it's showing up on the wrong interface and you're sure it's being tagged correctly. On Asus routers set to access point mode, you have to make sure to turn off hardware acceleration or else cut-through-forwarding will put traffic on the wrong VLANs. I don't use Openwrt so can't comment on it, but it's similar to Asuswrt, right?
You might need to ssh into the Openwrt unit. Check the output of robocfg show, brctl show, and ifconfig. Make sure that you know what all your interfaces are.
You're also going to need to provide more information about your network topology. You don't have any non-managed switches in there that might be stripping off the VLAN tags do you?
Problem fixed with an OpenWRT reset and using the same config.
Strange things happend...