DHCP-relay-clients don't get IP from Opnsense 22.1 DHCP server

[Frits1980]

I'm new here, and to opnsense. So please bare with me. I just replaced my Ubiquity edgerouter with a NanoPi R4S with opnsense 22.1 on it. It works like a charm, except my for my wifi.
My wifi is run by two Unifi AP's but the problem is that they don't get an IP from the DHCP server. So because of that I can't adopt them in my unifi controller and can't get them to work.
My DHCP log:

Code Select Expand

2022-04-13T11:45:07 Informational dhcpd DHCPOFFER on 10.0.0.153 to f0:9f:c2:20:d3:b6 via re0
2022-04-13T11:45:06 Informational dhcpd DHCPDISCOVER from f0:9f:c2:20:d3:b6 via re0

And that is where it ends. no ACK. Now I have searched everywhere for a sollution. But can't find any. My DHCP server is set to default. I have tried 1 AP with a static IP mapping and the other dynamic. But both have the same outcome. Can anybody help me please? Thank you in advance!

UPDATE: I've borrowed an TP-link EAP 620HD from a friend. But it has the same issue. No IP is given by the DHCP server. Do these devices need any other settings in opnsense?

UPDATE2: The TP-Link AP I can give a static IP. It still does not appear in the lease list of opnsense. And it still won't relay traffic. I can reach it via my browser and manage the AP. But if I try to connect a phone through the AP, the phone won't get an IP from opnsense.

[EdwinKM]

a lot of information is missing. I make some assumptions:
* You configured re1 with internet connection
* re0 is LAN
* You configured LAN with DHCP.
* LAN is connected to a normal  (unmanaged) switch. Or you disabled all VLANs (untagged mode)

Start simple. With setup above. If your laptop/pc is getting an IP it should work also work for the AP. DHCP should work with APs (recommend to make a static mapping in opnsense later).

I guess you are toying with vlans and your problem is with tagged/untagged setup. But without some kind of drawing it is difficult to help.

[Frits1980]

It's exactly like you discribed. But I'm not toying with vlans. It's a very simple setup. And all my 20 other devices are getting ip's. Only the AP's don't. And devices connected through an AP.

Sent from my POCOPHONE F1 using Tapatalk

[EdwinKM]

Do not worry about the leases list. I do not trust it that much. Make sure if you used a static IP it is outside the DHCP range tho.

In update2 you mentions you can access the AP. That is great and a big hurdle.
Bit unclear if the phone actually connects. I assume it does. So, your SSID and password stuff seems fine.

Please describe you IP plan. You are using 10.x.x.x range?
Why did you change this? Default will be 192.168.1.x range.
I think something is entered wrong somewhere (subnet mask or gateway)
Otherwise, post some pictures:
  * Interfaces: [LAN]
  * Services: DHCPv4: [LAN]
  * AP tp link: management -> Network

[Frits1980]

Thank you for your time and effort to help me.

Herewith the screenshots of the opnsense config so far. I choose 10.0.0.0/16 as my range just because it is easy to remember and my ISP modem/router already uses 192.168.1.1, so otherwise that would maybe give problems.

The TP-link config I have disconnected again. But it was set to dynamic IP (DHCP client). TP-link has a static fallback address which was the one I used to manage the AP (setting my laptop in the same range with a static IP to make it work).

UPDATE: On the NanoPi R4S it's possible to install OpenWRT (not my choice of software though). But if I install that and run it. All AP's get an IP. So the problem is really Opnsense related.

[EdwinKM]

ah, that explains 10.x. Although not part of the problem i noticed you choose /16 instead of /24. And this will work fine. But i find your static mappings somewhat strange. Your third octet is now part of the "hosts" part (instead of the "network" part). So you can now address a *lot* of systems :) But thhe DHCP range you set somewhat tight.
I can not really find a pattern in your ip assingment tho. Like third octet "1" is systems on "first floor" or something.
But, hey. This is not part of your issue :)



I still have my doubts about your switch between the router and all the systems. Asked before if it is "managed". You replaced some Ubiquity. So i would guess the switch is also this brand. In this case the controller will configure all ports (vlans) so the port can matter.
To exclude this item you can directly connect the AP on the LAN port.



But to be honest i can not find a problem. What i would do (to troubleshoot. would recommend to use DHCP in the end situation)
* Start with the AP. maybe do a factory default. TP link will default to DHCP mode. (my EAP 245 did)
(all steps are wired)
* Connect your pc directly to the AP. You should get an IP. You should be able to connect to the AP GUI on some default 192.168.x.x address.
* Set the AP to static ip, something like 10.0.0.2, set the netmask correctly (/16) and the gateway/dns (10.0.0.1)
* After the save you will loose connection
* connect the AP wire to your normal network
* Connect your laptop to your normal network. You should be able to connect to 10.0.0.2.
(now you can configure all wireless ssid stuff)

[Frits1980]

Thank you again for thinking with me. The subnet and range I will explain later, it's not important right now.
The switch I have is an unmanaged TP-Link switch. So no vlans there since it's layer 2. The unifi AP's I have defaulted many times already. I must say I haven't tested it without the switch in between because the nanopi only has 1 lan port.

The odd part is that the same setup works out of the box when I install openwrt on the nanopi. So that tells me opnsense is missing out on something openwrt clearly can do better. The problem is that I don't like openwrt at all. I find the UI very disturbingly bad.

UPDATE: the problem is way bigger then just AP's. Just made a test setup with only my Mac an old managed switch (mikrotik) and the opnsense router (nanopi). But the managed switch isn't getting an IP either. Though with the switch DHCP relay works for other devices connected. With the AP (in test setup still not getting an IP) the relay doesn't work either.

UPDATE2: Fun fact about the nanopi, you can easily put in a different SD card and boot with a different setup. So I picked up another SD card flashed 22.1 on it and booted. Changed nothing and this was the outcome in the DHCP log:

Code Select Expand

2022-02-13T06:33:02 Informational dhcpd DHCPOFFER on 192.168.1.100 to 6c:3b:6b:c4:56:8a (Switch) via re0
2022-02-13T06:33:02 Informational dhcpd DHCPDISCOVER from 6c:3b:6b:c4:56:8a (Switch) via re0
2022-02-13T06:33:02 Informational dhcpd DHCPOFFER on 192.168.1.101 to 14:eb:b6:e0:b4:c2 (EAP620-HD-14-EB-B6-E0-B4-C2) via re0
2022-02-13T06:33:02 Informational dhcpd DHCPDISCOVER from 14:eb:b6:e0:b4:c2 (EAP620-HD-14-EB-B6-E0-B4-C2) via re0

[EdwinKM]

A drawing would help. To be sure. You are connecting everything to the OPNsense box (10.x) and NOT to the ISP box (192.168)?. I am getting lost :D

[Frits1980]

I started drawing. But that would take me years to do. Don't have the skills.

It's simple. I've made a new (test) setup at home. The only devices in it are:
- MAC
- Switch (Mikrotik)
- AP (TP-Link)
- Phone (Android)
- Router (NanoPi with opnsense)
I started this setup with a factory default config of opnsense (aka 192.168.1.1 as router, wan not connected).
I changed nothing, and neither the switch nor the AP got an IP from the DHCP server.

So my conclusion is that there is something wrong with opnsense. Not with the hardware. Because if I boot the NanoPi with the openwrt software everything works out of the box.

UPDATE: I downgraded from opnsense 22.1 to 21.7.6 and in my test setup it looks like it's working. I will test tomorrow in my production setup.

[EdwinKM]

ah, ARM and realtek NICs. Not the best setup for BSD.
Also https://forum.opnsense.org/index.php?topic=12186.msg129187#msg129187

[dbass81]

EDIT: I thought you needed help with a wireless device.

[Frits1980]

Thank you for helping me out during this trial and error fase. It's working in production now with version 21.7.6.
Just have to remember not to update :)

About my IP subnet and numbering. The third # in is the type of device (IoT, Network, Surveillance, Guests). The fourth # in line is 001-099 is base floor of the house, 100-149 is first floor and 200-249 is second floor. Sadly I don't have more floors ;)

[EdwinKM]

No plans to separate them to subnets? To avoid them talking to each other. Avoid guests lan access (only internet). IOT without internet access at all.

[Frits1980]

Yes that is the future plan. As soon as I get my hands on a managed 24 port switch. :) And when I get opnsense totally up with wireguard and everything. Baby steps. All in time.

Sent from my POCOPHONE F1 using Tapatalk