Random traffic not working on VLAN that is not routed out OpenVPN (possibly since 21.05 update)
-
I have an SG-3100 on pfsense plus 21.05 that is I'm having trouble with some, but not all traffic on a VLAN that is routed out the WAN interface instead of the Open VPN interface. Since updating to 21.05 some, but not all traffic fails on the VPN bypass VLAN. I don't know that it is related to the update, but that is the only configuration change I made anywhere near noticing the failure on the timeline.
Example: Netflix and ATT TV do not work when bypassing the VPN, but HULU, newegg.com does. It doesn't matter which browser I use, which device I use, etc. The same services do not work across them all on the VPN bypass VLAN
DNS does resolve.
Firewall rules are basic. There are just permit statements for each VLAN that pass all traffic on the VLAN and send it out the correct gateway. One VLAN rule has the gateway as the VPN, VLAN has it set to WAN. There are basic NAT rules to match. One VLAN NATS out WAN, and the other out the VPN.
Both VLANs worked fine going out WAN until I set up the OpenVPN Client. I know this because I did a factory reset and configured everything piece by piece again to see when it broke. I had ATT TV streaming live TV and it broke minutes after the VPN came up. The behavior was the exact same as before the factory reset.
I noticed when I ping netflix.com it sometimes resolves to 192.0.0.1, which is an IANA reserved IP. It traces to one hop, which is the firewall. This could be related, and it certainly isn't correct. There is definitely something odd going on with DNS there. Regardless, when it resolves correctly, netflix, etc still does not work.