Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Site to Site Policy Routing

    Firewalling
    1
    2
    193
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      kb03
      last edited by

      My OpenVPN site to site configuration is as follows:

      Site A - pfsense, OpenVPN server hosted on WAN1, also has a WAN2 connection
      Site B - pfsense, OpenVPN client, one WAN connection

      I am trying to set up policy routing so specific traffic on site B is routed through site A's WAN2 connection.

      Following Netgate's instructions, I created a firewall rule on site B's network for this specific traffic as the destination and selected the OpenVPN site to site interface as the gateway. I then created a rule on the OpenVPN site to site interface on site A with the same destination and selected WAN2 as the gateway.

      The issue is the connection is timing out. Enabling logging for this rule appears to show that the traffic is going through the tunnel and reaches site A's gateway, but I don't ever see it get routed to the WAN2 connection. The connection does establish initially through a browser, but it looks like it's being routed through site A's WAN1, instead of WAN2. I am not sure why it times out after this, because it should still work on the WAN1 connection, just not properly.

      I also think it is worth mentioning that the OpenVPN tunnel itself seems to be working fine. I can access local devices across the tunnel without issue.

      1 Reply Last reply Reply Quote 0
      • K
        kb03
        last edited by

        SOLVED - Needed to create additional outbound NAT rules on site A's WAN2 for site B's local subnets

        1 Reply Last reply Reply Quote 1
        • First post
          Last post