Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Prevent traffic leaving default gateway when rule gateway is down

    Routing and Multi WAN
    4
    7
    84
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      Woodsomeister last edited by Woodsomeister

      Hello,

      i would like to force all internet traffic (destination !192.168.0.0/16,!172.16.0.0/12,10.0.0.0/8) through an OpenVPN gateway. For this purpose I use the policy based routing on rule basis and have set the appropriate OpenVPN gateway if the rule matches.

      The problem I have now is that if the OpenVPN connection is aborted or briefly unavailable, the traffic of the rule is sent over the default gateway (i.e. WAN). This must not happen. Is there any way I can prevent this?

      I've already tried to write an outgoing floating rule which should block everything on WAN with the source address range (10.10.10.0/24) from which normally everything should be sent over the OpenVPN gateway. But this does not work (I guess because of NAT on the WAN interface).

      What else can I try?

      1 Reply Last reply Reply Quote 0
      • H
        heper last edited by

        try this: https://docs.netgate.com/pfsense/en/latest/book/config/advanced-firewall-nat.html#disable-negate-rules

        W 1 Reply Last reply Reply Quote 0
        • W
          Woodsomeister @heper last edited by

          @heper Unfortunately this does not change the forwarding via the default gateway if the OpenVPN tunnel is not established.

          1 Reply Last reply Reply Quote 0
          • H
            heper last edited by

            have you reloaded the ruleset after making the change?
            if you post your rule-set then someone might have an insight

            1 Reply Last reply Reply Quote 0
            • NogBadTheBad
              NogBadTheBad last edited by

              Search the forum for NO_WAN_EGRESS

              Andy

              1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

              1 Reply Last reply Reply Quote 0
              • Bob.Dig
                Bob.Dig LAYER 8 last edited by

                VPN-Killswitch

                pfSense on Hyper-V

                Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                W 1 Reply Last reply Reply Quote 1
                • W
                  Woodsomeister @Bob.Dig last edited by

                  @Bob-Dig This solution worked also for me. Thank you!

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post