Why doesn't my Auto-created rule for LAN->WAN work in AON mode?

  • I added an OpenVPN client to a VPN provider today following the guide here: https://forum.pfsense.org/index.php?topic=76015.0

    I only want HTTP,HTTPS and DNS going over the VPN interface. All other (ssh, NTP, etc) should use the WAN interface.

    As I understand, when switching to AON (I was using Automatic) the automatic rules which were in effect are now applied as regular rules in the AON table.  I was not able to connect anywhere over the VPN link however. When I finally added a NAT Alias for 80,443, and 53, and applied it to a new rule (PIA VPN PORTS in the picture), then things started working again.

    I noticed I cannot browse any Steam game servers however. Also, ssh access to some of my external servers is not working. I don't see in the docs (https://doc.pfsense.org/index.php/Outbound_NAT) anything about adding explicit egress ports for AON, so I must be missing something.

    I noticed however that there is a rule (2nd from bottom in picture) which allows all of my internal LAN to the WAN port "auto created rule - LAN to WAN" so why isn't this rule working?

Log in to reply