Vlan Internet Connectivity Help!

[SlowNoWOW]

So I'm scratching my head about this one:

I have a few vlans and they work fine with my ethernet connected machines. I can't seem to get internet connectivity through my Unifi AP on the exact same vlans! I've checked rules and dns and all those gotcha places. I'm running adguard home on opnsense and so unbound dns is pointed to that for DNS. My phone when connected to these vlans on wifi shows up in DHCP leases, so it's getting an ip address from opnsense. But it still doesn't get out to the open internet.

Wifi and hardwire works perfectly on the regular lan, it's the vlans that seem to have this issue.

Any ideas?

[meyergru]

In order to have internet access for a VLAN, you have to do two things:

1. Allow all traffic from that VLAN to the internet (you have done that)
2. Specify an outbound NAT rule for the VLANs subnet to the internet via the WAN interface (you most probably have not done that)

You only showed the port forwarding NAT rules - these control the inbound NAT, so I think they are plain wrong here and you should delete them. What you need are outbound NAT rules (Firewall -> NAT -> outbound) in order to masquerade the VLANs non-routeable IPs behind your WAN IP.

[SlowNoWOW]

Port forwards are for adguard home that I have set up.

I have the outbound NAT. A proxmox VM on the vlan CAN get internet access, but I just tried tagging an ethernet connection at my managed switch and it was able to get a DHCP assignment from the vlan but didn't get internet access.

So what might be different about a VM VLAN tag and a physical ethernet connection tagged with the same VLAN?

[SlowNoWOW]

So it was something with adguard home dns. I killed that and just added google dns servers to the DHCP interfaces and it worked. Still strange that it worked for a VM on the same subnet via proxmox but not machines networked through the same managed switch on the same VLAN...