Default gateway interaction with rule-specified interface, and with OpenVPN
-
Hi,
I have a rule which routes LAN traffic from an email server (postfix) via a specified gateway (using rule advanced options), on a multi-wan setup. This is important to ensure the emails continue coming from the same, known IP address.
However, if the specified gateway goes down for any reason, then the same rule just switches to the default gateway, which I do not want (for the reason just stated).
If I set the default gateway for the whole pfSense server to None, then this problem does not happen (i.e. when the required gateway is down, the email server cannot connect to the internet, so it just queues up emails, as I want).
However setting the default gateway to None completely breaks OpenVPN on the same firewall. Nothing can connect to OpenVPN any more (neither Remote Access nor Peer to Peer).
Can anybody help, e.g. as follows:
- A way to specify in a rule that it should only use the specified gateway and not failover the default gateway if the specified gateway is down, would solve my problem
- A way to understand why OpenVPN seems to require a default gateway, and how to make it work without one would solve my problem
Many thanks in advance for any advice.
-
I have found the answer to the first part of my own question:
https://docs.netgate.com/pfsense/en/latest/config/advanced-misc.html#skip-rules-when-gateway-is-down
I needed to check "System/Advanced/Miscellaneous tab/Gateway Monitoring section/Do not create rules when gateway is down", this makes the rules behave the way I wanted.
If anyone can still explain when/how/why OpenVPN needs a default gateway for connections to be made successfully, and whether it can be made to work without one, that would still be useful.