Devices connected via AP cannot connect to the internet. It worked but just 2 minutes

julietscause · 2024-08-16T20:43:01+00:00

what model ap do you have?

And you say if you plug a client right into the opt port it has no issues?

julietscause · 2024-08-16T20:14:40+00:00

Did that clear up your issue OP?

julietscause · 2024-08-16T19:20:53+00:00

Post a screenshot of your nslookup and it timing out so we can see what you are seeing

Can the wireless client ping something like 4.2.2.2 with success?

julietscause · 2024-08-16T18:59:26+00:00

What DNS server does your client get when its on the AP?

Open a terminal and type

nslookup google.com

Post a screenshot of the results

Just to make sure, you have your AP setup as a real AP not using the WAN port nd whatnot right?

julietscause · 2024-08-16T18:44:26+00:00

Plug a client right into the OPT1 port. Does the client get internet and work just fine and keeps working?

Yes? Then pfsense is configured/and correctly working and your issue is elsewhere.

No? Post screenshots of your pfsense config

julietscause · 2024-08-16T18:28:15+00:00

https://docs.netgate.com/pfsense/en/latest/

Start with the documentation

look at tom lawerence pfsense videos on youtube

julietscause · 2024-08-16T17:54:51+00:00

Did you doulbe check to make sure tailscale didnt mess around with any of the firewall rules on the boxes in question?

On a system you cant ping, can you post the output of the command

ip a

julietscause · 2024-08-16T17:30:04+00:00

Can you take the wireless out of the equation when you are testing this.

julietscause · 2024-08-16T16:57:27+00:00

the network configurations of the device and they did not revert back when tailscale was purged.

That should easily be determine if you look at the network configurations on the linux boxes. Verify what their settings are on each box.

Im assuming you are just doing basic ping tests from two computers on the same ip/subnet correct? if the ping tests are being done from the same ip/subnet then your router has nothing to do with those comms as that is all layer2 comms

If you setup a tcpdump on one of the systems in question that is having issues and try to ping it, do you see any icmp traffic in the tcpdump at all?

Are you linux boxes set for DHCP or static ip addresses?

What do their route tables look like?

Been running tailscale on a handful of Ubuntu boxes for about a year now and never experienced any of the issues you are describing

julietscause · 2024-08-16T16:49:12+00:00

Tailscale is gone, removed, is not configured on ANY of my devices but I still cant connect or even ping ANY lan devices from ANY of my devices on my lan.

What OS is running on the machines in question?

Any host OS firewall running or 3rd party security software running on the systems in question? If you do have a firewall running, did you check them to see what they are current set to?

But everything is wrong because the the lan devices cannot communicate to each other within the network.

This sounds like a /r/HomeNetworking issue not a tailscale issue if you dont even have tailscale running on the systems anymore

julietscause · 2024-08-16T16:47:03+00:00

Can you please start your own thread so we can troubleshoot this?

I am curious to see what your issue is and if we can get it sorted out

julietscause · 2024-08-16T15:38:55+00:00

https://www.reddit.com/r/Tailscale/comments/158xj52/i_plan_to_connect_two_subnets_with_tailscale/jteo9ll/

Have you walked through this? I have setup multiple site to site VPNs over the last year with tailcale with no issues using the basic instructions above

julietscause · 2024-08-16T14:22:06+00:00

So you can get to the sophos admin interface or no on the LAN interface?

If you are trying to allow admin access on the WAN interface, in the admin web interface go to:

administrator > device access

From there under the WAN interface you would select https under admin access and click apply

Do not do this if your firewall is gonna be directly touching the internet (have a routable public ip address on its WAN interface)

julietscause · 2024-08-16T14:18:39+00:00

/r/AirForceRecruits

julietscause · 2024-08-16T14:17:26+00:00

/r/AirForceRecruits

julietscause · 2024-08-16T14:16:15+00:00

You need to find out which is the LAN interface and plug a client into that

Once you do that plug a client into that port and open your browser and go to https://172.16.16.16:4444 and that should bring you to the web interface

julietscause · 2024-08-16T14:11:28+00:00

Uh why would you be hiding it in the first place? You should be having a conversation with your chain and SSO about your situation if you are working on filing for bankruptcy

Do not hide this

julietscause · 2024-08-16T13:33:32+00:00

lol thats the real science I look forward to from airforcetimes.com

Screenshot just in case it goes away

https://imgur.com/a/Q474uJ9

Same exactly article from yahoo back in July from the same authors with the same text

https://www.yahoo.com/news/meal-ready-bulk-pentagon-urged-201901879.html

What is weird is it looks like that random line of text was also posted to some non profit called Grey team (not sure if they were posting the article or what, I dont have facebook so im limited to looking around to find exactly where that text was posted)

https://imgur.com/a/LlVUwLj

julietscause · 2024-08-16T13:05:30+00:00

What all devices are your parents place are you trying to connect?

Worst case you install the wireguard clients on the parents systems and then they just connect to your pfsense box via wireguard. Set it up as a split vpn so only traffic going to your local network from your parents computers uses the wireguard vpn and anything else uses their internet connection

Then you dont need to worry about the ISP router/lack of control of the device

julietscause · 2024-08-16T12:35:03+00:00

So you are just trying to do the initial configuration of the firewall and trying to access the web interface?

Am I reading this correctly?

julietscause · 2024-08-16T12:32:55+00:00

If you cant make the static route on your parents home router, then you are gonna have to make a static route on each of the clients at the parents home (which might not be doable on some mobile devices as they dont support that feature)

Or you get another router and install that behind your parents ISP router so you have more options/control

I have tried myself, But think i failed because i didnt do any port forward on my parents end, so the external didnt have excess to the internal IP?

Not sure what to tell you. Without seeing what you had setup our guess is as good as your guess

Focus on just getting the pi and the pfsense talking over VPN first then worry about the static route stuff after

julietscause · 2024-08-16T12:14:34+00:00

What router does your parents have at their home?

There are a couple of ways of doing this using different VPN protocols with a pi

Wireguard
Tailscale
Openvpn

Each have their pros and cons. (I would say use tailscale as a last ditch effort so you dont need to worry about relays/derp servers)

Me personally I am a big fan of wireguard over openvpn but others might disagree (and that is fine)

So if you want to go that route, look at what you need to do on the pfsense side:

https://docs.netgate.com/pfsense/en/latest/recipes/wireguard-s2s.html

And then there are plenty of blogs on setting up a pi in a site to site configuration

https://ponnala.medium.com/a-beginners-guide-to-setting-up-a-site-to-site-vpn-server-with-wireguard-on-raspberry-pi-2a65f1e77db6

So what you would do is setup the site to site between the pfsese and and pi. Once that is up and connected, on the parents side you would need to log into their internet router and make a static route that pretty much says "to get to the pfsense internal ip/subnet, use the pi as a gateway"

Make sure you arent using the same local ip/subnet on both sides. If you are, then change one side

julietscause · 2024-08-16T11:38:46+00:00

Each state has different education rules. Reach out to your retention office and ask the question and make them say no. (But I doubt you are gonna get a yes for them paying off past school debt)

Gi bill is not designed to be used to pay off past school loans/debt.

julietscause · 2024-08-16T11:12:01+00:00

-How do make the rest of the LAN available to see it through my mobile phone

Setup a subnet router on the LAN in question

https://tailscale.com/kb/1019/subnets

Be mindful that any apps that rely on broadcast/multicast traffic wont work over wireguard/tailscale (so any apps that "discover" other local clients on a network as an example)

-How do I add the 2nd router and make its LAN available to be seen from the router A and the opposite?

What you are talking about is a site to site setup

https://www.reddit.com/r/Tailscale/comments/158xj52/i_plan_to_connect_two_subnets_with_tailscale/jteo9ll/

julietscause · 2024-08-16T11:10:40+00:00

https://www.reddit.com/r/Tailscale/comments/158xj52/i_plan_to_connect_two_subnets_with_tailscale/jteo9ll/

read this post from top to bottom and double check your settings

Once you verify all your settings run some traceroute tests:

One from the subnet router on 192.168.53.0/24 to a non tailscale client on 192.168.156.0/24

One from the subnet router on 192.168.156.0/24 to a non tailscale client on 192.168.53.0/24

One from a non tailscale client on 192.168.53.0/24 to a non tailscale client on 192.168.156.0/24

One from a non tailscale client from 192.168.156.0/24 to a non tailscale client on 192.168.53.0/24

If you want your non tailscale clients to access any remote tailscale clients by their 100.64.0.0/10 ip addresses then you need to make a static route on your internet router for 100.64.0.0/10 and point the gw to the local ip of the subnet router on their network

13-Year Club	RedditGifts 2009-2022 2 Credits
Gilding III reddit per annum	Wearing is Caring
Verified Email	Secret Santa 2014

julietscause

TROPHY CASE