Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Default gateway interaction with rule-specified interface, and with OpenVPN

    Scheduled Pinned Locked Moved Routing and Multi WAN
    2 Posts 1 Posters 411 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      Bmju
      last edited by Bmju

      Hi,

      I have a rule which routes LAN traffic from an email server (postfix) via a specified gateway (using rule advanced options), on a multi-wan setup. This is important to ensure the emails continue coming from the same, known IP address.

      However, if the specified gateway goes down for any reason, then the same rule just switches to the default gateway, which I do not want (for the reason just stated).

      If I set the default gateway for the whole pfSense server to None, then this problem does not happen (i.e. when the required gateway is down, the email server cannot connect to the internet, so it just queues up emails, as I want).

      However setting the default gateway to None completely breaks OpenVPN on the same firewall. Nothing can connect to OpenVPN any more (neither Remote Access nor Peer to Peer).

      Can anybody help, e.g. as follows:

      • A way to specify in a rule that it should only use the specified gateway and not failover the default gateway if the specified gateway is down, would solve my problem
      • A way to understand why OpenVPN seems to require a default gateway, and how to make it work without one would solve my problem

      Many thanks in advance for any advice.

      B 1 Reply Last reply Reply Quote 0
      • B
        Bmju @Bmju
        last edited by Bmju

        I have found the answer to the first part of my own question:

        https://docs.netgate.com/pfsense/en/latest/config/advanced-misc.html#skip-rules-when-gateway-is-down

        I needed to check "System/Advanced/Miscellaneous tab/Gateway Monitoring section/Do not create rules when gateway is down", this makes the rules behave the way I wanted.

        If anyone can still explain when/how/why OpenVPN needs a default gateway for connections to be made successfully, and whether it can be made to work without one, that would still be useful.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.