Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Policy routing not working with OpenVPN interface

    Routing and Multi WAN
    1
    1
    1.3k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      boujid
      last edited by

      Hi

      the architecture :

      Branch FW LAN 192.168.55.1/24
      Branch FW WAN
      (Branch Office)
          !!
          !!
          !!
          vv
      (Headquarter)
      PfSense WAN PPPoE
      PfSense LAN 192.168.7.1/24 –---------------- Firewall eth1 192.168.7.10/24
                                                                                Firewall eth0 192.168.3.10/24
                                                                                LAN 192.168.3.0/24

      the goal
      Headquarter LAN 192.168.3.0/24 must access Branch LAN 192.168.55.0/24

      Config 1: (OK)

      in PfSense (Headquarter) :
      Add Gateway (LANGW) : interface LAN, IP:192.168.7.10
      Add route : destination 192.168.3.0/24 via LANGW
      Add rule : (LAN Rule Pass) Protocol any Source 192.168.3.0/24, port ---, Destination 192.168.55.0/24, port ---
      Add rule : (OpenVPN Rule Pass) Protocol any Source 192.168.55.0/24, port ---, Destination 192.168.3.0/24, port ---
      Access granted to Branch LAN 192.168.55.0/24 from Headquarter LAN 192.168.3.0/24

      Config 2: (NOT OK)

      in PfSense (Headquarter) :
      Add Gateway (LANGW) : interface LAN, IP:192.168.7.10
      Add rule : (LAN Rule Pass) Protocol any Source 192.168.3.0/24, port ---, Destination 192.168.55.0/24, port ---
      Add rule : (OpenVPN Rule Pass) Protocol any Source 192.168.55.0/24, port ---, Destination 192.168.3.0/24, port ---, Gateway LANGW
      (no route added in this config, using routing policy instead)
      Access impossible to Branch LAN 192.168.55.0/24 from Headquarter LAN 192.168.3.0/24

      Note
      –--
      i've added tested this PfSense Config in 2 different Hardware (an old IBM Server, and an ALIX Box)
      still the same result : Access impossible to Branch LAN 192.168.55.0/24 from Headquarter LAN 192.168.3.0/24

      Any idea ?
      is there a way to solve the problem and to make the config 2 operate ?
      this time i don't have a plan B, i really don't want to advertise traditional routes, there is no source based routing in PfSense
      Normally, Policy Routing is more powerful than source based one, it is more granular but it isn't working although in this scenario traffic emanate from a third party network and not from a PfSense interface then logically it should work

      Thanks

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.