Pfsense + openwrt Mi4A

Hi Guys,

I'm having troubles when setting up my pfsense with openwrt.
So I have 3 vlans (10 - IoT; 20- HomeAssistant 30- Home Usage) both are configurated at pfsense, each vlan with their own dhcp server, working properly btw.

Now, I have already configurated Openwrt, lan interface and vlan interfaces. Also, have setup dhcp relay for each vlan.
The problem is when I setup wireless with the IOT interface. For whatever reason the client is connecting but doesn't get an IP address.

When I go to the ssh and see tcpdum on lan1.10 (vlan) I can see package from the network, and also the request for dhcp, but for some reason, the clients don't get an IP.

I have disabled firewall, because i'm using the pfsense rules.
Below my network and dhcp config:


config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fddf:04b7:2399::/48'
	option packet_steering '1'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan1'
	list ports 'lan2'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '192.168.1.5'
	option netmask '255.255.255.0'
	option ip6assign '60'
	list dns '192.168.1.1'
	list dns_search 'talvai.home.talvai'
	option gateway '192.168.1.1'

config device
	option type '8021q'
	option ifname 'lan1'
	option vid '10'
	option name 'lan1.10'

config device
	option type '8021q'
	option ifname 'lan1'
	option vid '20'
	option name 'lan1.20'

config device
	option type '8021q'
	option ifname 'lan1'
	option vid '30'
	option name 'lan1.30'

config interface 'IoT'
	option proto 'dhcp'
	option device 'lan1.10'
	option type 'bridge'

config interface 'Home'
	option proto 'dhcp'
	option device 'lan1.30'


dhcp


config dnsmasq
	option domainneeded '1'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option cachesize '1000'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option localservice '1'
	option ednspacket_max '1232'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'
	option ignore '1'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

config interface 'vlan10'
    option proto 'relay'
    option ipaddr '172.24.10.9' # IP estático do OpenWRT na VLAN 10
    option network 'lan1 eth0.10' # Interface física conectada ao pfSense e interface VLAN
    option server '172.24.10.1'  # IP do servidor DHCP no pfSense para VLAN 10

config interface 'vlan20'
    option proto 'relay'
    option ipaddr '172.24.20.2' # IP estático do OpenWRT na VLAN 20
    option network 'lan1 eth0.20'
    option server '172.24.20.1'  # IP do servidor DHCP no pfSense para VLAN 20

config interface 'vlan30'
    option proto 'relay'
    option ipaddr '172.24.30.2' # IP estático do OpenWRT na VLAN 30
    option network 'lan1 eth0.30'
    option server '172.24.30.1'  # IP do servidor DHCP no pfSense para VLAN 30

The config here needs a bit of work, but it's pretty simple with bridge VLANs.

Which VLAN is used to administer the AP? I see that you have discussed VLANs 10, 20, and 30, but you appear to also have an untagged network for managing the device. Is that the desired result?

Hi psherman,

Well, all of my router/ubiquiti controller etc are placed on lan network (192.168.1.1/24).
This device should be at the same network.
The Vlans will be used fo wifi signal...

In the future parhaps lan2 port will be used for hikivison camera to be placed at IOT network.

Ok... sounds good.

Start by deleting all of this:

Then create 4 bridge VLANs:

config bridge-vlan
	option device 'br-lan'
	option vlan '1'
	list ports 'lan1:u*'
	list ports 'lan2:u*'

config bridge-vlan
	option device 'br-lan'
	option vlan '10'
	list ports 'lan1:t'

config bridge-vlan
	option device 'br-lan'
	option vlan '20'
	list ports 'lan1:t'

config bridge-vlan
	option device 'br-lan'
	option vlan '30'
	list ports 'lan1:t'

Now, edit the lan to use br-lan.1:

config interface 'lan'
	option device 'br-lan.1'
	option proto 'static'
	option ipaddr '192.168.1.5'
	option netmask '255.255.255.0'
	option ip6assign '60'
	list dns '192.168.1.1'
	list dns_search 'talvai.home.talvai'
	option gateway '192.168.1.1'

And now edit the other two networks to use br-lan.x (where x is the VLAN ID), and also make them unmanaged with proto none. They must not have the bridge line, either:

config interface 'IoT'
	option proto 'none'
	option device 'br-lan.10'

config interface 'Home'
	option proto 'none'
	option device 'br-lan.30'

You don't seem to have a network defined for VLAN 20, but it would take the same form as above.

Finally, delete all of this:

Thanks it worked like a charm...

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.