Outbound pass rules on assigned OpenVPN interfaces
-
My pfSense is connected to three OpenVPN servers all of which I have assigned as individual interfaces. When I apply outbound pass rules, in the floating rules tab on any of these OpenVPN interfaces, matching traffic leaves the interface but it doesn’t return. As I understand, this is normal for grouped interfaces as traffic comes back on the default gateway for grouped interfaces. But, as I’ve assigned each OpenVPN instance an interface, shouldn’t my pass rules be working?
-
The assinged interfaces are necessary for routing the traffic, but you have also define a NAT rule for it to translate source address into the pfSense interface address. Otherwise the response packets won't come back, cause the destination device will have no route for it.
So you have to at a NAT rule for each outgoing interface in Firewall > NAT > Outbound.
-
@viragomann Thanks for the reply. I already have manual outbound NAT rules configured for the interfaces. Everything is working fine but if I apply an outbound pass rule on any of the interfaces traffic goes out but doesn’t come back in. When I have time later I’ll check my firewall logs to make sure traffic is hitting the firewall on return.