I also have configured corresponding wifi networks. Now here comes the strange part, as long as my clients are connected to the wifi anything works like a charm, I can ping clients within the respective vlan e.g. my desktop is connect via wifi in the LAN gets the IP 192.168.66.54 and can ping my notebook which is also connected to the WIFI in the same LAN with the IP 192.168.66.55. (edited)
If I connect my Notebook directly on LAN port 1 which is untagged for LAN i successfully get an IP like 192.168.66.42. I can access the internet, no problemo. But I’m unable to ping or get pinged in the 192.168.66.1/24 subnet. I don’t get it, what did I miss? Any ideas? O btw. what is the option _turris_mode 'managed' doing?
You have to set some firewalli rules to allow communication between two VLAN networks, because VLAN is originally meant for splitting networks (networks with dofferent ip subnets).
Your network configuration seems weird for me, but I am not a proffessional.
BUT, if you want only to connect LAN and WiFi into one network you definitely don´t need to use VLAN!
I would reccomend you to reset your router completely and set your wifi via reForis. This is the easiest way. Then it should work for you.
OR you can set all this via LuCI, where you shoudl attach your wifi network to the LAN zone.
Yes for sure, I did just left out the other parts which are not relevant The issue is also not communicating between VLAN’s since I effectively want the segregation, in fact thats the whole point I’m using VLAN’s.
The issue is that clients on the same VLAN cannont communicate to each other if one is connected via Ethernet and one is connected via WiFi.
I had a similar issue, where I had configured a single bridge to manage all the VLAN settngs. The lan and guest networks had been defined with just the VLAN ports from this bridge. When the wireless cards where then added to the networks, clients could obtain IP addresses from the router and successfully connect to the internet via the wan interface, but not connect to wired hosts on the same subnet.
In the end I resolved this by creating additional br-lan and br-guest interfaces that bring the wired VLAN ports and the wireless interfaces together. This allows traffic from the wireless network to flow to the correct VLAN ports.
Excerpt from /etc/config/network:
config interface 'lan'
option proto 'static'
option netmask '255.255.255.0'
option ipaddr '192.168.11.254'
option ip6assign '64'
option ip6hint '0xb'
option device 'br-lan'
config interface 'wan'
option device 'eth2'
option proto 'dhcp'
option delegate '0'
config interface 'guest'
option proto 'static'
option netmask '255.255.255.0'
option ip6hint '0xc'
option ipaddr '192.168.12.254'
option ip6assign '64'
option device 'br-guest'
config device
option type 'bridge'
option name 'br-switch'
list ports 'lan0'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
config bridge-vlan
option device 'br-switch'
option vlan '11'
list ports 'lan0:u*'
list ports 'lan3:t'
list ports 'lan4:t'
config bridge-vlan
option device 'br-switch'
option vlan '12'
list ports 'lan1:u*'
list ports 'lan2:u*'
list ports 'lan3:t'
list ports 'lan4:t'
config device
list ports 'br-switch.11'
option type 'bridge'
option name 'br-lan'
config device
list ports 'br-switch.12'
option type 'bridge'
option name 'br-guest'
Example for wifi interface from /etc/config/wireless:
Note that the reForis interface seems to make some assumptions about the naming and content of the network bridges, and with the above there may not be a valid lan or guest interface shown in the Network Settings > Interfaces page. However, this can be easily configured via the Luci interface.
Hi @magnus
Thank you so much this finally did the trick! Very strange that a second device is required. This seems to be different compared to stock openWRT. Do you have any idea why this is required?
Yes, that’s what I assumed in the first place. I don’t care about reForis anyways, never really used it much. I don’t understand why turris is spending this much effort into reForis, I don’t get the point. In my opinion the Omnia is an enthusiast router, so why bother with a fancy pancy UI. I would rather much prefer to have the perfect router for openWRT. But what do I know
The issue is also not communicating between VLAN’s since I effectively want the segregation, in fact thats the whole point I’m using VLAN’s.
