Text only | Text with Images

OPNsense Forum

English Forums => General Discussion => Topic started by: akme24 on March 30, 2024, 09:20:35 PM

Title: Can't ping or connect to devices on same subnet
Post by: akme24 on March 30, 2024, 09:20:35 PM
Running into an an odd issue.

Wifi interface has default any allow rules applied but yet I can't ping anything or connect to any other devices on that same network segment of 192.168.14.0/24.

Example:

WiFi_GW_Opnsense: 192.168.14.254

Host: 192.168.14.114

Destination: 192.168.14.136

I've double checked the subnet masks on the devices and they are /24, there are no L3 devices or other switching in the path.

Edit: arp -a on the host shows only the gw of 192.168.14.254 (all other devices on the LAN are absent), the arp table on the firewall shows all devices on the 192.168.14.0/24 subnet.

Title: Re: Can't ping or connect to devices on same subnet
Post by: bartjsmit on March 31, 2024, 10:01:37 AM
Quote from: akme24 on March 30, 2024, 09:20:35 PM
there are no L3 devices or other switching in the path.

I'm a bit puzzled why this would be a firewall issue. Have you checked with the vendor of your WiFi access point?
Title: Re: Can't ping or connect to devices on same subnet
Post by: meyergru on March 31, 2024, 10:56:34 AM
Probably the OP uses a WiFi interface on his firewall and is not aware that this way, he needs to configure a bridge.

Otherwise, some WiFi APs do traffic isolation, thereby separating the guests.
Title: Re: Can't ping or connect to devices on same subnet
Post by: akme24 on March 31, 2024, 07:06:54 PM
Quote from: bartjsmit on March 31, 2024, 10:01:37 AM
Quote from: akme24 on March 30, 2024, 09:20:35 PM
there are no L3 devices or other switching in the path.

I'm a bit puzzled why this would be a firewall issue. Have you checked with the vendor of your WiFi access point?

It's an embedded Atheros radio and I'm assuming the driver is part of the FreeBSD package. FWIW I get the exact same behavior on pfsense.

Maybe something about this driver is preventing communication to devices on the same network segment (they are connecting to this radio too), you are right, it should not be a firewall issue.

This hardware was previously used with Sophos UTM 9 and had no issues but that's based on opensuse Linux.
Title: Re: Can't ping or connect to devices on same subnet
Post by: akme24 on March 31, 2024, 07:09:04 PM
Quote from: meyergru on March 31, 2024, 10:56:34 AM
Probably the OP uses a WiFi interface on his firewall and is not aware that this way, he needs to configure a bridge.

Otherwise, some WiFi APs do traffic isolation, thereby separating the guests.

Why would I need to create a bridge if it's the same subnet? I'm not bridging to another subnet or other hardware. All devices connect to this radio on the 192.168.14.0/24 subnet

You may be onto something with AP traffic isolation, any idea how to shut this off?
Title: Re: Can't ping or connect to devices on same subnet
Post by: chemlud on March 31, 2024, 07:10:00 PM
The feature is called "wireless isolation" and can be turned off normally, no idea if this is supported in BSD driver. Many people think it's not a good idea to have wireless hardware in your BSD-based firewall.
Title: Re: Can't ping or connect to devices on same subnet
Post by: akme24 on March 31, 2024, 07:19:40 PM
The fix was to enable "Allow intra-BSS communication" on the WIFI interface in the OPNSense GUI.

Thanks to all who responded.
Text only | Text with Images