OpenVPN Multiple Remote Networks and LAN firewall rule gateway.
-
I have the following setup:
WAN Gateway 1: cable internet, flagged as default gateway
WAN Gateway 2: fiber internet, used as interface for OpenVPN serverLAN: 172.16.1.0/24
OpenVPN tunnel: 172.16.2.0/24
OpenVPN client 1 remote network: 172.16.3.0/24
OpenVPN client 2 remote network: 172.16.5.0/24LAN and OpenVPN both have the default firewall rules set (allow all traffic).
If I edit the LAN firewall rule to specify the gateway as WAN gateway 1 (which is what it uses anyway since WAN 1 is the default gateway) all packages initiated from LAN to 172.16.5.0/24 get dropped. Packages initiated from 172.16.5.0/24 to LAN are fine (I can ping LAN addresses from 172.16.5.0/24). Also 172.16.3.0/24 has absolutely no issues.
Swapping the order in which the two remote networks are listed in the OpenVPN server configuration UI reverses the situation, where 172.16.3.0/24 is now unreachable from LAN and 172.16.5.0/24 works fine.
This is using Pfsense version 2.3.4 on netgate gear (I can't remember the model atm).