I have a Unifi AP which has its controller on a windows machine.
The DHCP pool is configured on my Vyos router.
The AP is up. The Wireless network is able to fetch the IP address from the DHCP server on vyos, but the issue is that can’t get to the internet.
It says that the ‘Internet may not be available’.
Please suggest.
I can ping gateway, controller and the device IP from vyos.
Yes I configured NAT as well. Provided DNS as well.
set service dhcp-server shared-network-name Wi-Fi authoritative 'enable'
set service dhcp-server shared-network-name Wi-Fi subnet 192.168.250.0/24 default-router '192.168.250.1'
set service dhcp-server shared-network-name Wi-Fi subnet 192.168.250.0/24 dns-server '192.168.250.1'
set service dhcp-server shared-network-name Wi-Fi subnet 192.168.250.0/24 dns-server '8.8.8.8'
set service dhcp-server shared-network-name Wi-Fi subnet 192.168.250.0/24 dns-server '8.8.4.4'
set service dhcp-server shared-network-name Wi-Fi subnet 192.168.250.0/24 lease '86400'
set service dhcp-server shared-network-name Wi-Fi subnet 192.168.250.0/24 start 192.168.250.2 stop '192.168.250.254'
set service dns forwarding cache-size '0'
set service dns forwarding domain xxxxxxx.com server '192.168.0.1'
set service dns forwarding listen-on 'eth7'
set service dns forwarding name-server '8.8.8.8'
set service dns forwarding name-server '192.168.0.1'
set zone-policy zone WLAN default-action 'drop'
set zone-policy zone WLAN from LOCAL firewall name 'ALLOW-ALL'
set zone-policy zone WLAN interface 'eth7'
set interfaces ethernet eth7 address '192.168.250.1/24'
set interfaces ethernet eth7 description 'Wifi Network'
set nat source rule 10 destination port '53'
set nat source rule 10 outbound-interface 'eth1'
set nat source rule 10 protocol 'tcp_udp'
set nat source rule 10 source address '192.168.250.0/24'
set nat source rule 10 translation address 'masquerade'
eth1 interface is connected to the Ineternet (ISP)
Sorry, I can’t share ‘show config’ output. We are not allowed. by strip-private it does not hide all the info.
Can you suggest me something else. This to me seems to be a DNS issue.
Packet comes to the router interface “eth7” and drops then.
It does not resolves the DNS.
@manyax thanks for your reply, but that does not work as well.
DHCP pool leases IP address but I can not get out to the internet.
Paket drops at the DHCP gateway (192.168.250.1)
Hi @rob I just want the WiFi subnet to reach the internet.
I have an AP with subnet 192.168.250.0/24 and DHCP is configured in vyos.
Clients on this AP are getting the IP addresses, but unable to get to the internet.
The purpose of the above NAT was just that, I was trying to check if taking DNS port into consideration resolves the issue, but that does not help.
The requirement is simple, that is get to the internet.
set service dhcp-server shared-network-name Wi-Fi authoritative ‘enable’
set service dhcp-server shared-network-name Wi-Fi subnet 192.168.250.0/24 default-router ‘192.168.250.1’
set service dhcp-server shared-network-name Wi-Fi subnet 192.168.250.0/24 dns-server ‘192.168.250.1’
set service dhcp-server shared-network-name Wi-Fi subnet 192.168.250.0/24 dns-server ‘8.8.8.8’
set service dhcp-server shared-network-name Wi-Fi subnet 192.168.250.0/24 dns-server ‘8.8.4.4’
set service dhcp-server shared-network-name Wi-Fi subnet 192.168.250.0/24 lease ‘86400’
set service dhcp-server shared-network-name Wi-Fi subnet 192.168.250.0/24 start 192.168.250.2 stop ‘192.168.250.254’
set service dns forwarding cache-size ‘0’
set service dns forwarding domain xxxxxxx.com server ‘192.168.0.1’
set service dns forwarding listen-on ‘eth7’
set service dns forwarding name-server ‘8.8.8.8’
set service dns forwarding name-server ‘192.168.0.1’
set zone-policy zone WLAN default-action ‘drop’
set zone-policy zone WLAN from LOCAL firewall name ‘ALLOW-ALL’
set zone-policy zone WLAN interface ‘eth7’
set interfaces ethernet eth7 address ‘192.168.250.1/24’
set interfaces ethernet eth7 description ‘Wifi Network’
set nat source rule 10 outbound-interface ‘eth1’
set nat source rule 10 source address ‘192.168.250.0/24’
set nat source rule 10 translation address ‘masquerade’