@coreybrett said in can a firewall connection route packets ?:
Does the established firewall connection on Site B's router allow packets from Site's B LAN to be routed back
If incoming traffic was allowed to reach 'a place', the firewall (router) states will handle the traffic going back.
Your example :
With your phone as a VPN client, you can connect to the VPN server, site A. The firewall rules of the VPN server on site A will decide 'where' you can go.
Let's presume a "pass all" so you can go to every known address on site A.
So you can access, site A, pfSense itself, all all its LAN type interfaces, and why not, all it's available WAN interfaces, and one of the WAN interfaces is probably the VPN "site to site" link that connects Site A to Site B.
So, if your phone, using the VPN to site A, wants to access an IP address that exists on site B, and pfSense Site A knows that that IP (network) is reachable somewhere on Site B, it will transfer your phone traffic to Site B over the existing route, your site to site (VPN) connection.
Traffic coming in Site B will, if local firewall rules allow it, reach the final IP.
The traffic going back, as traffic is a dual direction stream, will be handled by all the routers involved. That's the beauty of using stateful router/firewalls.
After all, when you set up a connection to www.facebook.com through I don't know how many routers, the traffic reaches Facebook.
And - now your are not surprised ( ? ! ) - that you get an answer back.