MultiWan (all NATed) and Port-Forwarding



  • Hello,

    Currently I'm struggling with the following. I've got a setup where a PfSense machine's got multiple WAN connections. All these WANs IPs are learnt via DHCP. Also, in order for my hosts to use them I do NAT on each one together with gateway-groups, so far, so good.

    Now I've added port-forwarding to each wan, on this case UDP 1194 on each WAN is being forwarded to 127.0.0.1 1194 (just like on this guide https://doc.pfsense.org/index.php/Multi-WAN_OpenVPN) - Problem is, it doesn't work as intended (the way I need it to work), here's what happens:

    Consider that the default gateway for PfSense by the time is 1.1.1.1 on interface WAN01 (IP 1.1.1.2), now, OVPN traffic is getting in via interface WAN02(IP 2.2.2.2) since the client is trying to connect to it at the moment. The port-forwarding rules are doing what they're supposed to do, so it sends it to 127.0.0.1 and the OVPN daemon responds, now the problem is with this answer…

    Since the default gateway is via WAN01, it'll use it, and since WAN01 is set to NAT all outgoing connections (just like all the WAN interfaces on this setup) I get to a situation where:

    Traffic is directed to 2.2.2.2 via WAN02
    Replies to said traffic are going out via WAN01 (instead of WAN02) and with a SRC-Address (thanks to NAT) of 1.1.1.2, so obviously the tunnel is never established until the client tries to connect directly to 1.1.1.2

    Here's my question, how can I force that traffic arriving over each WAN interface, returns via the same interface it arrived? So on this case, traffic arrived via WAN02 to 2.2.2.2, it should leave via WAN02 (whether this is the default gateway by that time).