I have a Balance 20 (8.1.0s083 build 4956) that manages 4 APs and I’m trying to figure out how to make it route a specific SSID to the VPN connection.
I have the SSID configured on VLAN 2 with its own subnet (192.168.52.1/24) and I have the “Outbound Policy” configured to send that subnet to the VPN.
However, when I connect to the SSID (on my Iphone), I get a “no internet available” error. I have DHCP configured on VLAN 2 to assign addresses in the 192.168.51.1/24 range, but nothing is assigned.
I can make the VPN routing work for SSID connections on the untagged LAN (192.168.51.1/24), but I cannot get it to work with VLAN SSIDs.
You sound like you have done it right to me. outbound policy is the way to do this. Sounds like a DNS issue. can you ping 8.8.8.8 from a device on the 192.168.52.0/24 subnet with the outbound policy rule in place?
Are you using default firewall rules (any to any). Could the issue be there? I assume the devices connected via wifi are getting DNS servers and the correct gateway from from the Balance 20?
Paste some Screenshots here of the outbound policy config and the vlan config and we can do a sanity check. Or give me remote access and I’ll take a look.
If a wifi client gets the right default gateway set, and has DNS set then I don’t see why they wouldn’t be able to access the internet over a specific WAN. What sort of connection is it? Anything weird?
Ok so lets prove out the VPN bit. Login to your Fusionhub go SYstem > Tools | Ping and ping the 192.168.52.1 address does it work? If so ping a device on that VLAN segment does that work?
OK great so routing is working between the FH and the Balance 20. If you used remote web admin to access the Fusionhub then we can assume it has internet access too.
So go to a client that is connected via wifi and get a full IP network settings dump (ipconfig /all) does that look right?
When I connect to the “AZ VPN” (192.168.52.1/24), the DHCP is not giving me an address in that range. It is giving an address of 192.168.52.100, which is the reserved address in the untagged LAN.
Do I need to set up separate DHCP reservations for VLAN 2?
Your untagged default LAN needs to be different and completely separate to the VLAN IP range. Is it? I assume default is 192.168.50.1/24 and the VLAN is as above 192.168.52.1/24?
Have you set the SSID to use use VLAN 2? If the device is getting an IP from the untagged VLAN then its not connecting into the ‘right’ VLAN.