Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    VLAN connectivity broken after upgrade to 2.8.1-RELEASE

    Scheduled Pinned Locked Moved L2/Switching/VLANs
    vlan interfaceconnectivity
    3 Posts 2 Posters 906 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L Offline
      litronics
      last edited by

      Hi,

      I'm currently transitioning from a virtualized pfSense setup to a hardware-based Protectli appliance. The Protectli device came with pfSense 2.7.1, matching my virtual instance's version. I successfully transferred my complex network configuration, including 6 VLANs, along with all settings and firewall rules. After confirming everything functioned correctly, I performed sequential upgrades to version 2.7.2 and then to 2.8.1.

      The migration went smoothly initially, but I'm now encountering unusual issues with the VLAN interfaces. When attempting to ping IP addresses on these interfaces, I only receive responses to approximately every fifth or sixth ping request. Interestingly, there's one exception to this pattern - the interface that hosts my "local" IP address responds normally.

      Here are my interfaces:
      d5ab2949-eef2-43ef-a4fb-f69f12c4caa1-image.png

      To put more details into the case:

      I am sitting on a workstation with IP 192.168.178.108 pinging the interfaces 192.168.178.200 as well as 192.168.35.200.
      bcac13d2-06c4-44b4-9282-180b3b05e7d4-image.png

      b93dd5d8-6197-4e2d-8aee-ad59263aa632-image.png

      When I am capturing the packets on the 192.168.35.200 interface on pfSense I see all the requests coming in, but no replys going out:
      1212391b-237d-4f78-ac8a-4124aa032aef-image.png

      I am wondering what changed with the update to the latest version as this was all working on the 2.7.1 release.

      S 1 Reply Last reply Reply Quote 0
      • S Offline
        SteveITS Rebel Alliance @litronics
        last edited by

        @litronics state policy?
        https://docs.netgate.com/pfsense/en/latest/releases/2-8-0.html#general

        Sure you don’t have asymmetric routing?

        Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to reboot, or more depending on packages, and device or disk speed.
        Upvote 👍 helpful posts!

        L 1 Reply Last reply Reply Quote 0
        • L Offline
          litronics @SteveITS
          last edited by

          @SteveITS said in VLAN connectivity broken after upgrade to 2.8.1-RELEASE:

          Sure you don’t have asymmetric routing?

          You're absolutely right — the current setup does involve asymmetric routing.

          The state policy does positively influence the firewall's behavior, though it’s not a decisive factor. I had assumed that if one interface with asymmetric routing functions correctly, the others would follow suit. However, that’s not the case — only one interface appears to affect the behavior.

          In any case, this gives me confidence that the firewall will operate as expected once the VM is shut down. Fingers crossed for a smooth transition!

          1 Reply Last reply Reply Quote 1
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.