OPNsense Forum
Archive => 19.1 Legacy Series => Topic started by: Karrajor on April 10, 2019, 10:15:25 pm
-
Hi
First of all, I am a newbie both on these forums and in the IT stuff. So if this is in a bad section, sorry in advance. But I hope I have found it correctly.
I got an old Asus EEE with an Intel Atom with a task to turn it into an wifi access point with its own set of IP adresses. I found opnsense so I downloaded a VGA image and started to work.
So far I have been able, with the help of opnsense manuals and other forum posts, to solve most of the issues. I now have an operational WAN with pass all rules on firewall. The device is responding to pings from the WAN interface and I can connect to it from my laptop by the ethernet port.
I was also able to create a WIFIinterface, set it to my liking (including selected channel, WPA2 password, etc.). I can connect to the WIFI both with my phone and the laptop. However, both devices show no internet access. I can see both devices from the opnsense GUI and they have an IP adress from the correct range (192.168.1.xxx) so the DHCPv4 is working.
I found that I forgot to correctly setup the gateway, so I did. I selected our department gateway for WAN and (here I guessed a bit) selected the netbook itself (192.168.1.1) as the gateway for WIFI (given that I was able to only select the gateway from the range of local adresses 192.168.1.xxx). The moment I pressed the apply button, my laptop showed "new wifi, is it home, office or outside?" prompt. So it did something, but I still cant connect to the internet from the WIFI. I cannot ping 8.8.8.8 or even our department gateway from the WIFI. The WIFI is isolated from internet (which is not good for a wifi accesspoint to internet). But I can connect to the GUI from the WIFI so it is working at least as a wireless local network. Using a verified IP adress from our department also doesnt do anything, so it probably is not a DNS issue.
For the last two days I was searching for internet guides, forum posts both for opnsens, pfsense and general IT networking. But I am still unable to find what is wrong or what did I miss and I am at the end, finding pages I already read with no progress.
I would like to ask for help on this issue, because as a total newbie IT guy I am at the end of my thoughts. I have been discussing this with a friend who is better at this, but even he is a bit lost in what could be wrong. I think it will just be one missed thing or one bad setting (maybe the 192.168.1.1 gateway for my 192.168.1.1 interface?). But I cannot find it on my own.
Thank you in advance for any advice, tips or even a discussion
-
Did you setup outbound nat for your wireless interface? I think for some releases 18.7.+ the automatic outbound nat will not work and create the needed rule.
So you have to add it manually and map your wireless subject to your wan ip.
-
I did some settings in the NAT but not sure about this one. Will look at it tomorrow once I get into office again. Thanks for the suggestion :)
-
Hello Karrajor, Is it Linux U use?
If that's so I would like you to read this wiki page on ArchLinux, https://wiki.archlinux.org/index.php/software_access_point.
If after that things still don't work out for you, or if you still have questions shoot :P
If it's Windows your using, the way is the same but I don't know myself how to do just that over there ;D
Greetings mark
-
Unfortunately I am a Windows guy. The netbook also originally had a W7 Starter so I could have gone with some application or maybe even build-in WIFI access point (if Starter edition supports it, dont know to be honest). But given the Atom N450 processor and 1 GB of RAM I thought a dedicated networking OS would a better option considering HW requirements and also security.
In future I want to setup a OpenVPN on it so this might be another reason to go the opnsense way.
-
Well, like I said, the way to accomplish should be roughly similar.
So either way go for a NAT or bridged setup, I bet there are numerous guides out there.
Greetings mark
-
Did you setup outbound nat for your wireless interface? I think for some releases 18.7.+ the automatic outbound nat will not work and create the needed rule.
So you have to add it manually and map your wireless subject to your wan ip.
I looked into the outbound section. Its set to autorules and has two rules per interface (Auto created rule and Auto created rule for ISAKMP). All of them have "127.0.0.0/8". The "ISAKMP" have also static port set to yes and destination port 500.
-
I looked into the outbound section. Its set to autorules and has two rules per interface (Auto created rule and Auto created rule for ISAKMP). All of them have "127.0.0.0/8". The "ISAKMP" have also static port set to yes and destination port 500.
127.0.0.1/8? Shouldn't it look like this?
Interface Source Source Port Destination Destination Port NAT Address NAT Port Static Port Description
WAN WLAN * * * Interface address * NO WLAN_NAT
-
I looked into the outbound section. Its set to autorules and has two rules per interface (Auto created rule and Auto created rule for ISAKMP). All of them have "127.0.0.0/8". The "ISAKMP" have also static port set to yes and destination port 500.
127.0.0.1/8? Shouldn't it look like this?
Interface Source Source Port Destination Destination Port NAT Address NAT Port Static Port Description
WAN WLAN * * * Interface address * NO WLAN_NAT
It probably should, like I said, I am a newbie. Anyways I have changed the rules to manual and configured it according to your suggestion. I made two rules (one with source WIFI address and second with source WIFI net). Both go to "Interface address" in the NAT Address setting. Still no change, wifi is still without internet access.
-
I was poking around all settings and I got an idea. My current assignment of interfaces is:
WAN - alc0 (ethernet adapter)
LAN - nothing
OPT1 (WIFI) - ath0_wlan1 (wifi adapter)
Is it possible that my issue is that I should have the wifi on the LAN interface instead of the OPT1? And also, does opnsense require LAN interface to be active in order to connect wifi to internet?
-
I still didnt figure my issue out. I tried Packet Capture and then set a specific IP adress from a device connected to my wifi. On the WIFI interface, I see a lot of packets and after UDP packets to DNS, there is a TCP packet to the IP adress I have selected. But running the packet capture on the WAN interface I see nothing of this.
Also when I look in the ARP table, I can actually see an IP adress, MAC adress and manufacturer of the device I tried to connect to. Other devices in the ARP table are my netbook and phone on "WIFI" and on "WAN" its the netbook (his WAN IP), then gateway IP and two addressess I tried to connect from the smartphone.
I have also tried to force the ath0_wlan1 device to LAN interface, which ended very bad (opnsense crashed). I am have consulted this with a colleague with better PC understanding and we did not find an issue in the settings. So I am still missing some detail.
Could I ask for more suggestions on what to look at?