VPN (or second WAN) Problems with IPv6 & Policy-based routing
-
I am currently struggling to correctly configure a pfSense VM / fw system and if someone has done something similar and it works for them, any hints / guides would be greatly appreciated!
Here's the situation:
- One LAN interface with a 192.168.x.1 address assigned AND a ::1 IPv6 out of the /48 (see below) statically set as well
- One (real) WAN with both a static IPv4 and IPv6 address
- IPv6 wise I got a /48 IPv6 assigned as well by the ISP for the WAN and...
...if I leave it at that, all works.. IPv4 and IPv6 in and out all work as expected.
However, what I want to do in addition to that is:
- Add a VPN (Wireguard but I have assigned an interface and setup the gateway(s)) that also has/have both, an IPv4 and IPv6 address
- and now comes the culprit: use policy based routing for ONE IPv6 target network
Basically what I want is that everything goes out (and back in) over WAN EXCEPT that one target IPv6 network. I have no problem whatsoever doing that with IPv4 (and the usual LAN firewall rule), with IPv6 however it does not work. From a lan client, IPv6 always tries to go over the FW's default (WAN) gateway, not the VPN one.. and hence fails.
I do not want to do any sort of load-balancing/failover/default gateway switching or the like.. I really just want 'some' IPv6 traffic to go from the LAN clients over the VPN.
Has anyone done something like that successfully and if so, how?