PFSense Not Responding on vLAN



  • The vLAN is set with an IP address assigned and the tag set to 20, the packets come in via a trunk port with the tag of 20 and hit the vLAN interface (I can see it with a packet collector), but the PFSense box sends out nothing. Nothing is seen being sent from the PFSense box on it's packet collector nor other computers connected to the vLAN.

    All computers and the PFSense box see the packets coming into the PFSense box. The PFSense box does not respond via ping or on the web URL.

    Do I have to do something special to get the IP a PFSense box has on a vLAN to respond?

    Edit- This may be a bit clearer:

    I did a packet collection, the packets come in tagged for the correct vLAN and the packets even appear on that vLAN when I run a capture on it, but PFSense does not respond on that vLAN. However when I assigned the IP normally on that vLAN to the normal LAN interface it functions as expected.



  • I would like to add that when I add the IP assigned to the vLAN tagged as 20 to the LAN interface instead it functions as expected.



  • If you want to have trafic flowing from vlan to any other vlan/internet clients must have a gateway. this gateway is better know router/firewall ip-address, and must be in the same subnet & interface



  • It's not simply that It's not flowing to any other vLAN it's that PFSense has an IP on the same subnet as the computer. The computer tries to ping PFSense, but it doesn't respond.

    Here is an ASCII mockup:

    PFSense (vLAN20)–------------Switch-------------Computer
    (10.2.20.1)              (IP on VLAN20 10.2.20.2)    (IP 10.2.20.3)

    Switch tags the packets and sends them down the trunk to the PFSense firewall, they reach the firewall tagged, but the firewall does nothing. It doesn't send packets or respond to any activity on the interface.



  • What firewall rules do you have on the VLAN20 interface? The default on any interface that is not called LAN is to block everything. Does your firewall log show traffic from 10.2.20.3 blocked?

    If you change firewall rules you should also reset states: Diagnostics -> States, click on Reset states tab.



  • Thank you, you are a life saver!

    I never thought about the firewall rules, and I figured they wouldn't play a part since I was trying to simply SSH to the computer from the PFSense box. I added firewall rules, but that didn't resolve the issue. I followed your guide to reset states and it instantly started working as expected! Thanks again.



  • Well as soon as I thought it was working it broke again.

    Upon further investigation I see that the interface only functions when I am doing a packet capture on it, any idea how this is possible?



  • The issue ended up being promiscuous mode, I ran "ifconfig re0 promisc" and it worked. Thanks Jim-p in IRC.



  • @iggi:

    The issue ended up being promiscuous mode, I ran "ifconfig re0 promisc" and it worked. Thanks Jim-p in IRC.

    Known bug in re driver/hardware?


  • Rebel Alliance Developer Netgate

    Most likely that specific chip. If you do a google search for "freebsd re0 promisc" you'll see there is quite a history there :-)

    Some (most?) of them work fine out of the box though.


Locked