Firewall rule to hit my VPN (outer) traffic



  • I have my tinc running on pfSense.

    Unlike OpenVPN, which has control over gateway group, VPN runs on, tinc does not and it goes via default gateway

    Now I need to add failover line which is metered but way less congested LTE to pass my Tinc traffic over it

    I can't find the way to add it since it is not going via LAN

    Did some tcpdump-ing, it runs on my WAN

    Sometimes,

    my_wan_ip:tinc_port -> remote_ip:tinc_port
    remote_ip:tinc_port-> my_wan_ip:tinc_port

    Sometimes,

    my_wan_ip:some_high_port  -> remote_ip:tinc_port
    remote_ip:tinc_port-> my_wan_ip:some_high_port

    Where "tinc_port" - port I set up in settings (==have control over)
    some_high_port - some port > 60000 chosen by tinc on pfsense.

    It seems like there is no control over this high port.

    But the main issue, where to set this rule with gateway override?


Log in to reply