Inter VLAN traffic working, vlan to lan traffic sent on default GW

[newsense]

I've come across an interesting issue with 3 class C networks behind OPNsense where inter-vlan routing works, Internet access works from all 3 networks, however when trying to ssh/ping/traceroute/https from the main VLAN (where most devices are) to the LAN which has the AP/Switch I notice the traffic is flying out the Default GW which is a VPN IP.

I'm unsure why or how this issue came about, or why the traffic destined to a directly attached (virtual) interface would be routed on the GW.


At the very least I should be able to ping the devices from the FW as they're alive and noisy ( plenty of traffic from LAN to DNS VLAN), yet I get this when pinging from OPNSense:

# /sbin/ping -S '192.168.1.1' -c '3' '192.168.1.30'
PING 192.168.1.30 (192.168.1.30) from 192.168.1.1: 56 data bytes

--- 192.168.1.30 ping statistics ---
3 packets transmitted, 0 packets received, 100.0% packet loss
ping: sendto: Invalid argument
ping: sendto: Invalid argument
ping: sendto: Invalid argument


Any ideas you may have would be appreciated, as I'm not sure why the routing to the default GW is chosen instead of the local VLAN.

Cheers,

[opn_nwo]

I have notice a similar behavior on my home network. I posted about it here:

https://forum.opnsense.org/index.php?topic=23627.0;topicseen

Basically the default deny rule is capturing traffic originating from devices on a vlan with destination in the same vlan (subnet). The connection works, but to me it makes no sense for the GW to see and log that traffic.