Friday, October 29, 2021

unifi + tp-link + pfsense guest wifi

Hello,

I have read dozens of guides on doing this but can't for the life of me manage to create a guest wifi with internet access.

My current set up is:

ISP router (LAN CABLE)-> pfSense (LAN CABLE)-> port 1 (TP-Link switch SG108E) and out of port 8 (Unifi AP lite 6)

Having read through guides I managed to default my internet traffic to use a virtual private network. So I connect to my unifi wifi which gets routed through pfsense to default to a virtual private network.

This is what I have configured so far:

--------------------------

Unifi:

2 Networks

  1. Guest VLAN only VLAN 10
  2. LAN Subnet 192.168.1.0/24

Wireless networks:

  1. Primary (uses LAN network)
  2. Guest (uses Guest network)

-----------------

Tp-Link

802.1Q VLAN configuration

VLAN ID 1: Default Member ports 1-8 / untagged ports 1-8

VLAN ID 10: Guest Member ports 1,8 / tagged ports 1,8

------------------------

PfSense:

-------------------

System routing (Gateways):

WAN_DHCP / Interface WAN: Gateway 192.168.XXXX

WAN_DHCP6 / Interface WAN feXXXX

V.P.N / Interface V.P.N 10.16.XXXX

GUEST / Interface GUEST dynamic

---------------

Interfaces Assignments:

WAN igb0

LAN igb1

V.P.N (ov.p.nc1)

guest VLAN 10 on igb1 - LAN

-----------

VLAN Interfaces:

igb1 (lan) VLAN tag: 10

----

Firewall NAT outbound (see pfsense guide at top of message for WAN/Open.V.P.N configuration)

x4 WAN interface mappings

x2 Open.V.P.N mappings for XX.XX.27.0/24

which I copied for x2 GUEST mappings for XX.XX.10.0/24

----------------

Firewall Rules

GUEST Ipv4+6 Source / port / destination * * * allow all

-----------------

DHCP server for LAN XX.XX.27.0 - 245

DHCP server for GUEST XX.XX.10.0-245

---------------------

Comments:

  1. When I originally set this up, my devices on guest network wouldn't connect or grab an IP from pfsense until I tagged port 1 + 8 on the switch; so now my devices can connect to the guest wifi and will all have an IP of XX.XX.10.XX which means the DHCP is working fine however the internet isn't.
  2. The Gateway for GUEST is stuck in Pending; I have tried deleting the gateway to see if this makes any difference but no luck.

TLDR; my devices appear to connect to the guest network and successfully grab the correct IP from pfsense belonging to the subnet I configured on the DHCP server but none of those devices are able to connect to the internet.

Any help would be appreciated!



at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)