Multiwan Traffic not "sticking" to the source interface



  • I'm having issue with my redundant WAN setup. I have two connections, I have them both in a Gateway group. I've tried having them at different tiers and at the same, but yet, when I VPN into the firewall on WAN2 - traffic always returns to me via WAN1 as it's the default gateway. I'm trying to test out NAT'ing on WAN2 as well, but again, it comes in on WAN2, but talks back out WAN1. I'm hoping there is a way to can tell pfsense to pay attention to the connection it came in on and use that one again when talking back. Any one have any ideas for me?


  • Rebel Alliance Developer Netgate

    Check Interfaces > WAN2, if it's a static IP address on the interface, make sure you have selected the gateway on this screen. Without a gateway selected there, pfSense will not consider it a WAN-type interface, so it doesn't put reply-to on the rules, so reply traffic exits the default WAN.

    If both WANs are dynamic, make sure they are not in the same subnet with the same gateway.



  • Sadly, both WAN1 and WAN2 have upstream gateways selected (different ones from each other) and their subnets are not anywhere close to each other. Both have static addresses.



  • After further investigation this issues may be localized to only OpenVPN not responding through the WAN connection that a request came in through. I was able to initiate other connections successfully through WAN2. OpenVPN is redirecting everything to localhost as described on netgate's site. It works for WAN1, but WAN2 requests to OpenVPN end up resonding through WAN1.



  • Ok, for anyone else who is unable to get port forward OpenVPN to work with multi wan, where you forwarded all vpn traffic to local host. The issue I had above was a result of allowing the default protocol listing for OpenVPN. I left it at UDP for IPv4 and IPv6 on all interfaces (multihome). Once I changed it to UDP for IPv4 only, everything worked as described in the online manuals. Good luck out there!


Log in to reply