Upgrade to 22.7.7 then destination unreachable

[Stique]

Hi! :-)
Thanks for all the updates the team is doing!

I'm using a virtualized opnsense on an ESXI host and my setup is like following:
* WAN  : public ip with upstream gateway
* LAN1 : private ip v4 for opnsense and specific vSwitch 1 on ESXI
* LAN2 : private ip v4 for opnsense and specific vSwitch 2 on ESXI
* LAN3 : private ip v4 for opnsense and specific vSwitch 3 on ESXI

All these LAN have differents subnets of course. All VMS on these subnets gets IP assignement from opnsense DHCP server where all conf is stored.

I'm also using "Hybrid outbound NAT rule generation" option for outbound.


Before the upgrade, I was using 22.7.6 and it was perfectly working. Since the first upgrade with 22.7.7, it is not working anymore, and the next hotfix didn't fix the issue.

What I am experimenting is the following:

LAN1 is working as expected: internet access
LAN2,3 are in error: I get Network unreachable on the VMs and it seems I am not able to view any network packet coming from these interfaces on opensense...


Does someone have any clue how I could look?


Thanks by advance! :)

[Stique]

Hi!

I found the issue. It is not due to opnsense upgrade but due to a server on LAN1 which have same IP than a server in LAN2. ARP entries have been updated after reboot and it blocked all my private accesses.

I troubleshot this way for anyone experiencing same issue:
- Packet capture on Opnsense to see if there is some packets on fault interface.
- ARP diagnostic to compare macs addresses for unreachable IPs
- Remove the faulty IP on the server from the hypervisor
-  Flush ARP cache on opnsense

Done



The issue is resolved, thanks! :-)