outbound nat for a gateway group
-
Hi, I live in Australia and my brother lives in Norway. I have set up a wireguard vpn from my pfsense to his pfsense box so that I can watch Norwegian tv. This works great and outbound nat works fine. He went on holidays however and his pfsense lost power. I therfore set up another VPN using surfshark and it worked as well.
Now that he have restarted his pfsense box I had the idea of creating a gateway group so that my pfsense box would use his router when it;s up and automatically fall back to the surfshark vpn if his router goes down for any reason.
This however breaks outgoing nat. I am unable to map the IP to be used as the natted ip as the current active vpn. I have to choose one of the 2 vpn;'s and then outgoing nat breaks when the chosen vpn goes down. Is there a way to set the nat source to a gateway group so pfsense uses the IP for the currently used vpn?
/var
-
@ivarh Should work without a problem. And it will not "break outgoing nat", has nothing to do with it. Just make a gateway group and use that with your lan rule or whatever.
-
@Bob-Dig To make this work you jave to create a couple of rules in firewall->nat->Outbound where you specify the interface ip address the traffic should be natted to. This interface would be different depending on what outgoing vpn was being used at the time. When you set up these rules only the VPN interfaces and not the gateway group shows up as a choice.
-
@ivarh
The outbound NAT rules are applied to interfaces. So they have nothing to do with gateway groups at all.
If you want them to specify only once for multiple interfaces, you can create an interface group and apply the rules to this.
