Prevent traffic leaving default gateway when rule gateway is down
-
Hello,
i would like to force all internet traffic (destination !192.168.0.0/16,!172.16.0.0/12,10.0.0.0/8) through an OpenVPN gateway. For this purpose I use the policy based routing on rule basis and have set the appropriate OpenVPN gateway if the rule matches.
The problem I have now is that if the OpenVPN connection is aborted or briefly unavailable, the traffic of the rule is sent over the default gateway (i.e. WAN). This must not happen. Is there any way I can prevent this?
I've already tried to write an outgoing floating rule which should block everything on WAN with the source address range (10.10.10.0/24) from which normally everything should be sent over the OpenVPN gateway. But this does not work (I guess because of NAT on the WAN interface).
What else can I try?
-
try this: https://docs.netgate.com/pfsense/en/latest/book/config/advanced-firewall-nat.html#disable-negate-rules
-
@heper Unfortunately this does not change the forwarding via the default gateway if the OpenVPN tunnel is not established.
-
have you reloaded the ruleset after making the change?
if you post your rule-set then someone might have an insight -
Search the forum for NO_WAN_EGRESS
-
-
@Bob-Dig This solution worked also for me. Thank you!