Struggling to resolve NAT issue while using VPN



  • Good afternoon,

    I am hoping that someone can help me please.  I've been trying to work this out myself but my brain is tied in knots!

    I am currently on 2.4.0-RC but I had exactly the same issue on 2.3.4 and its updates, hence why I have tried 2.4.0-RC, so it seems not related to any new change.

    I have a fresh install of 2.4.0-RC and the only changes made are to setup a VPN using IVPN as per their guide at https://www.ivpn.net/setup/router-pfsense.html, to set some static IPs for devices across my network, and to fully disable IPv6 across all the areas it is configured.  The VPN configuration as per the IVPN guide routes all of my traffic via the gateway defined for the VPN, which itself then goes out via the WAN.  This works fine and I see all traffic exiting and I have internet access from all devices on my home network.

    The problem I am having I believe is related to my NAT rules.  I have set them to manual and amended them all to route via the IVPN gateway, again as per the IVPN guide.  This includes both the rules for traffic from my local network and from the pfsense localhost.  Screenshot below just to confirm.  However, what I am seeing is that if the localhost rules are configured to go via the VPN, pfsense's update and package managers break.  The Update Manager processes and reports back that it is up to date, showing me the current available version as matching my installed version.  The Package Manager claims I have no installed packages, even though I do actually have two: OpenVPN Client Export, and Backup and Restore.  The Available Packages section is blank, claims there are none available.  If I modify the localhost NAT rules to route them directly via the WAN instead, then pfsense Update Manager immediately shows an available update, the Package Manager shows me two installed packages and I can see masses of available packages for install.  However, I immediately lose all internet connectivity for all devices across the network.  Switching the localhost rules back to route via the VPN switches it back the other way again, pfsense Update Manager/Package Manager lose connectivity but all devices regain it.

    I have tried command line update as well and it reports back that the network is unreachable and it cannot access the pfsense repositories.  I also cannot ping from the localhost to external addresses.  I have also included a screenshot of my firewall rules, again configured as per the IVPN guide.

    I am assuming that with the localhost going via the VPN gateway, there is some kind of flaw here in the firewall config which is blocking its traffic.  And so I either need to fix this, or alter the NAT for the localhost itself to go via the WAN gateway direct while all other traffic goes out via the VPN gateway.  I just can't get my head round it at the moment and would really appreciate some advice please.  Thank you for any replies.





  • I have absolutely no idea how or why, but this issue has just suddenly gone away by itself.  Pfsense is now able to connect to its repositories yet I have been on shift since making this first post and have not amended any settings.  It can't be that the repositories themselves were down, or anything such as that, as I was able to connect to them originally, but only if my NAT rules were set a certain way.  I now have both connectivity from pfsense and from all devices on the network, but I didn't do anything.  Very strange, has me even more puzzled now!