What's new

DHCP with different default gateway breaking guest WLAN

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Georg Armbruster

New Around Here
Hi all,
I'm running a RT-AC88U on the current Merlin release 380.65.

I have a popular setup (I suppose), an Open-VPN-server, nothing too fancy. Everything works well... besides:

I do face an interesting issue: In the DHCP-server settings, I advertise a different default gateway (I'm running a sophos solution there for content filtering and anti-virus). This works well - for any user, which is on my regular WLAN network or on cable connection. However, this setting breaks the guest WLAN.

Now this makes perfect sense, since I disabled intranet access for the guest network - so the guest network cannot reach the "new" default gateway.

However - I have my problems finding out how this net separation is taking place. I first though of differnet networks/subnets, which is not the case. Then I thought the clients of the guest WLAN have different iptables rules - which is false as well. So my question is: what do I have to do to enable access for the guest wlan to the new default gateway, without allowing access to all internal IPs.

Or alternatively, how can I advertise a different default gateway for the guest WLAN?

I'd love to hear your comments!

Kind regards,
Georg
 
So the guest wifi is in a seperate VLAN, right? The AC88U is the network gateway for both LAN and guest VLAN. I haven't used guest wifi function yet, just want to confirm the topology.
The Sophos is connected to LAN, right? You need have connect another arm from Sophos to guest Wifi Vlan also. Otherwise, from guest VLAN has no way to talk to IP in LAN if ACL in place.
 
Is the guest wlan gateway and subnet matching ie: 10.0.0.0 or is guest 10.0.0.0 and private 10.1.1.0?

Sent from my Nexus 6 with Pixel XL build.prop
 
Hi all, thanks for your replies.
@florid: yes, you are right about the topology. The sophos is connected by LAN, so it is a different VLAN.
@bryantjoplin: yes, the guest wlan is in the same subnet 192.168.100.0/24.

The hint with different VLANs sounds promising, need to read into that. Given that I see three different solutions right now:

1. Enable access to the new default gateway (192.168.100.2) to the guest wlan VLAN.
2. Have different default gateways for my personal WLAN (sophos) and guest wlan VLAN (default router).
3. I'm playing around with additional dnsmasq options to assign a different default gateway to my personal IPs.

Do you have any other ideas? I'll keep you posted on my success :)

Kind regards,
Georg
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top