Port forwarding not working when IPsec (all traffic from LAN) is enabled

  • Hello!

    We have pfSense box with WAN interface and some port forwarding rules on it to LAN hosts.
    Not long ago we subscribed to service that protects our traffic, we setup ipsec tunnel to that service and all outgoing traffic from our LAN network goes thru ipsec.
    When tunnel is up port forwarding WAN -> LAN not working. We got CLOSED:SYN_SENT in states. So I think reply from LAN host goes to ipsec tunnel and not to WAN.

    I tried to add WAN gateway in firewall rules to some of LAN hosts (when I do this, hosts can't reach anything in internet).
    I also tried to add Outbound NAT rule (like when LAN host have other gateway).
    But nothing is working.

    How to force LAN host to send traffic thru WAN gateway instead of ipsec? Or how to get Port Forwarding work when we have ipsec tunnel that redirects all traffic from LAN?

  • I have the same problem in version 2.4.1. Did you find any solution?