Messages

The fix was to enable "Allow intra-BSS communication" on the WIFI interface in the OPNSense GUI.

Thanks to all who responded.

Probably the OP uses a WiFi interface on his firewall and is not aware that this way, he needs to configure a bridge.

Otherwise, some WiFi APs do traffic isolation, thereby separating the guests.

Why would I need to create a bridge if it's the same subnet? I'm not bridging to another subnet or other hardware. All devices connect to this radio on the 192.168.14.0/24 subnet

You may be onto something with AP traffic isolation, any idea how to shut this off?

there are no L3 devices or other switching in the path.

I'm a bit puzzled why this would be a firewall issue. Have you checked with the vendor of your WiFi access point?

It's an embedded Atheros radio and I'm assuming the driver is part of the FreeBSD package. FWIW I get the exact same behavior on pfsense.

Maybe something about this driver is preventing communication to devices on the same network segment (they are connecting to this radio too), you are right, it should not be a firewall issue.

This hardware was previously used with Sophos UTM 9 and had no issues but that's based on opensuse Linux.

Running into an an odd issue.

Wifi interface has default any allow rules applied but yet I can't ping anything or connect to any other devices on that same network segment of 192.168.14.0/24.

Example:

WiFi_GW_Opnsense: 192.168.14.254

Host: 192.168.14.114

Destination: 192.168.14.136

I've double checked the subnet masks on the devices and they are /24, there are no L3 devices or other switching in the path.

Edit: arp -a on the host shows only the gw of 192.168.14.254 (all other devices on the LAN are absent), the arp table on the firewall shows all devices on the 192.168.14.0/24 subnet.