Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    2 WANS (Normal & VPN) All traffic going through one WAN regardless of NAT Rules

    NAT
    2
    4
    599
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      toluun
      last edited by

      Currently on my pfsense box I have two WANs.  A normal one to my ISP which I calll WAN and one to my VPN I call VPN WAN.  If I have both interfaces enabled all my traffic goes through the VPN WAN regardless on my NAT rules.  My current NAT rules send all traffic on the VL with ID 20 to the VPN WAN and all traffic on the VL with ID 30 to the WAN.  However using the packet capture tool I was able to see that all my traffic from VL 30 was going through the VPN WAN.  Once I disabled the VPN WAN I was able to see, using the packet capture tool, that all the traffic on VL 30 was correctly going through the WAN.  So next I tried enabling the VPN WAN again to see what happens.  Again using the packet capture tool I saw that all the traffic on VL 30 was going through the WAN.  However now when I checked traffic on VL 20 it was all going through the WAN rather than the VPN WAN per my NAT rules.  Truthfully I am a loss at this point.

      1 Reply Last reply Reply Quote 0
      • T
        toluun
        last edited by

        So upon further inspection this appears to be a gateway problem so I'm not sure if an admin wants to move it or just delete it but I would like to leave the solution I found.  I had to set the specific gate in the firewall rules to get each vlan to use the right gateway.  I'm not sure why the WAN wasnt working as the default gateway even though it says it was in the config.

        1 Reply Last reply Reply Quote 0
        • DerelictD
          Derelict LAYER 8 Netgate
          last edited by

          You probably did not have Don't pull routes in your OpenVPN config to the VPN provider.

          VPN providers pretty much all set redirect-gateway def1 which routes all traffic over the VPN when connected unless you tell the client configuration not to pull routes.

          Outbound NAT does not have any bearing on what gets routed where. It only determines what NAT happens when traffic is sent out that interface.

          Setting a gateway on the firewall rules is called policy routing and is generally preferred over redirect-gateway to send traffic over the VPN.

          But it all depends on what it is you actually want. pfSense can probably be configured to do it.

          Chattanooga, Tennessee, USA
          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 0
          • T
            toluun
            last edited by

            Ok that make a lot of sense! Thanks for teaching me something.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.