Omnia as Access Point with Guest Wifi

Hello,

I have a Problem an hope somebody can help me here.

I have a Main Router with Pf Sense with no Wifi.
And i have 2 Omnia. (one inside the house, the other one in garden)

I run these things as Access Points. (Just conneted via Lan Port)

This works fine. BUT i cannot get a Guest Wifi to Work.
I spent around 40Hours and now i am pretty pissed.
I tried out different howtos from Internet, but nothing seems to Work.

Can somebody help me with a step by step tutorial?

@Developers
You built a lot of fancy Functions in this Router.

Why there is a lack of basic Functions like Access Point Mode/Router Mode and Guest Wifi on both?

Formost the device is a router with wifi capabilities and latter can be easily configured as AP via the LuCI frontend such as shown here https://wiki.openwrt.org/doc/recipes/guest-wlan-webinterface.

From your report it is not clear what exactly is not working in your Guest Wifi setup.

This guide isn‘t right for your setup, because it assumes your TO is your router.

You have to create a new guest interface on your pfsense machine and configure dhcp (ip-adress-assignment), firewall (isolation from lan), routing and vlan for it. See pfsense documentation for it. Then you create a guest-interface on your TO(s), assign the guest-vlan to it and create a Guest-WLAN, that you bind to the guest-interface. Basic setup on TO is similar to setting up TO as an normal lan-accesspoint as you already did, despite that you must create a second vlan-interface, vlan-switch-config and wlan-interface.

Thanks for your reply.

This is to complicated for me. I have only basic networking skills.
I dont know how routing works and have no clue about wich firewall rules i need.
I never made a vlan.

Is there really no way to do it in Lucy?

If you only want a guest-wifi access without any isolation from your lan you could just create a new guest-wifi in luci under wireless and bind it to your normal lan interface. Then your guests would see a guest wifi to which they could connect to with another password than your normal wifi-password, but they would be in your normal lan subnet and could reach any network device inside your lan -> no isolation.

The only benefit from this configuration would be that your guests get another wifi-password that you can change without having to reconnect your own wlan-devices.

To have a real isolation and a real guest network with multiple access-points you have to create a separate vlan, which you have to configure on all your routers and access-points. Configuring it only on the access points is technically impossible, thereby it can‘t be implemented by the devs.

Again, this is only more complicated because you have a router + multiple access-points. If your TO would be your router and your only access-point you could just configure a guest-network by using the checkbuttons inside foris.

EDIT: Even though all configuration steps should be possible through LuCi AND pfsense GUI

It is technically possible to do that.
My 50 Buck Asus Router i had before did that too.
This is as basic functionality on most Routers.

I also saw Howtos on Internet… some People got it to work with OpenWRT.

Like this:

But that did not work for me.

hm… okay, i didn’t think of a solution like this… I read the howto you posted and as far as I can tell I would assume this should work on TO, but I don’t havy any experiance with a solution like this.

One thing I noticed is that in https://wiki.openwrt.org/doc/recipes/dumbap, which is referenced in the howto, you are told to disable the firewall on the AP, while in the former howto you are then told to set some firewall rules, so could it be that your firewall ist disabled?

Apart from that you should post your router’s status page/firewall pages/routes page/interfaces page/wireless page and maybe I or someone else can give you a hint what could be wrong…

EDIT: And a basic overview of your network

EDIT2: And I would rather call this solution a dirty hack than a proper solution, but that’s just my point of view :wink:

Yes i tried that howto, but it was not working for me.
After that i cleared my Router (3 led clear) and set up the wifi.
Now it is working without guest wifi, but i am not happy with it.

Maybe some Firewall Rule was missing or something else.
I found no switch to toggle the Firewall off/on.
I can only toggle the rules itself.

The “Use Custom DNS” Fields are also mitssing in new Luci. (Tuxone Howto Picture 6)

But you can set it under DHCP Server… Andvanced Settings… DHCP Options…
I put 6,8.8.8.8,4.4.4.4 in this field. Then Wifi Client gets these DNS Servers.

But i cant even Ping some IP on Internet.

I hope that some Developer has Time to test this and can tell me where is the Problem with this Solution.
It would take about 15 Minutes to put a TO to a existing Network with Internet Access and do the Tuxone Tutorial.
I think it would also be easiert to find anyProblems when the Router is in Front of a Specialist.

The best would be a Function for this in Turris OS.

Or a step by step Howto for Dummys with Pictures will also be fine.

(so that other people also can take benefit from this)

I have no Problems with a “Dirty Hack” if there are no Security or performance issues.
I just need a solution.

Thanks for your effort.

1 Like

:disappointed_relieved: So, do I understand correctly when stating that there currently is:

No easy (Forris) method and/or clear procedure (possibly via Luci/SSH) to configure a Turris Omnia to be an access point (AP) with guest (isolated) wifi functionality in place?

In theory it should be possible as most of-the-shelve routers offer this as turn-key config sets that can be chosen/enabled.

P.S. Sorry to “necro” this thread, but I am hoping that maybe someone figured it out by now. :pray: