• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

[SOLVED] When outbound rule is needed VS not (Route existing)

Scheduled Pinned Locked Moved Routing and Multi WAN
2 Posts 2 Posters 196 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • B
    Bambos
    last edited by Bambos Sep 25, 2024, 1:03 PM Sep 20, 2024, 8:40 AM

    Hello everyone,

    i have notice that pfsense sometimes needs added outbound rule to complete the route correctly, between VPN clients and remote access clients.

    Is there a clear distinction between when an outbound rule is needed and when not ??
    Sometimes the routing is created over the VPN Client gateway (i can see in routes) but the traffic is not routed if packets are coming from elsewhere.

    Please lights out. Thanks !

    V 1 Reply Last reply Sep 20, 2024, 10:50 AM Reply Quote 0
    • V
      viragomann @Bambos
      last edited by Sep 20, 2024, 10:50 AM

      @Bambos
      pfSense itself never needs outbound NAT rules. It's rather the outside world, who needs it.

      The point is to enable the outside world to communicate with your local devices, which probably resides inside a private subnet.
      If the outside world has no route to your subnet pointing to your (VPN) interface IP, you need to masquerade the source IP on outgoing packets with the interface IP with an outbound NAT rule.

      If you have a site-to-site VPN the remote site has usually a route for your local subnets. So there is no rule needed then.

      1 Reply Last reply Reply Quote 0
      2 out of 2
      • First post
        2/2
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
        This community forum collects and processes your personal information.
        consent.not_received