Guest WiFi with Pihole

kvn9r · February 5, 2023, 3:09pm

Hello Guys,

my purpose is to add an guest wifi on my openwrt setup where the clients using my pihole.
The current setup are two openwrt devices (tp-link ac1750 & re450) which are configured as dump APs.
My tp-link ac1750 has two wired connections attached.
Pihole (192.168.2.3) acts as dns & dhcp on the main network.

lan zone = main network (192.168.2.0/24)
guest zone = guest network (192.168.5.0/24)

I followed serveral tutorials (2nd ssid, firewall rules for dhcp and dns) with semi-success to expand the wifi setup.
On the guest ssid (192.168.5.0/24) the devices are served by the built-in dhcp server with pihole (192.168.2.3) but browsing the web doenst work.

I cant wrap my head around what i am missing in my configuration to make it.

Any help is appreciated

Thanks in advance

Borromini · February 5, 2023, 3:23pm

Is your PiHole part of the guest network? Is it listening on that IP range?

Easiest is to make your PiHole listen on that guest network. Alternative would be to start forwarding DNS traffic between both networks. Sounds like you haven't done either.

kvn9r · February 5, 2023, 4:29pm

no the pihole is listening on the main network 192.168.2.0 with its ip 192.168.2.3

Screenshot_20230205_172300

for my purpose additional created a "guest" zone with traffic rules on wifi device 1-1 (second ssid on the radio0).
Its giving out ip addresses with piholes as dns server.

Thats where i cant get my head around the setup or configuration - in my understanding DNS traffic from guest zone to lan zone must be routed?
Or am i missing a device configuration? the guest wifi tutorials always talk about "bridging" the guest interface, but i dont have the option. I guess because my LAN device is already bridged.

Borromini · February 5, 2023, 4:56pm

The guest network tutorial does not cover you operating a DNS server outside that network (and rightfully so; it's quite a complex setup as you are finding out).

So yes, traffic needs to be routed. I worked around that by having my DNS server just listen in on all the networks here at home.

$ ip a s|egrep "0.0.7|0.20.7|0.30.7"
    inet 10.0.0.7/24 brd 10.0.0.255 scope global eth0
    inet 10.0.30.7/24 brd 10.0.30.255 scope global dnsfilter
    inet 10.0.20.7/24 brd 10.0.20.255 scope global guest

kvn9r · February 5, 2023, 5:57pm

okay, thanks for your advice.
i will try your hint and get more adresses assigned to my pihole eth0.

kvn9r · January 29, 2024, 9:51am

I followed the current guide for Guest Wifi on Dump AP.
It was important to check "Masquerade" for my Guest Zone to LAN (my main network) zone.

system · February 8, 2024, 9:52am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.