9Pfesense policy routing non finctional
-
Setup:
latest community offense
Interfaces:
WAN with internet access
LAN 192.168.x.yyy
VPN 192.71.a.b public IP though openvpn tunnelGoal:
All but one LAN host uses WAN, some port forwards.
One host from LAN uses VPN as gateway with one port forward.Tested so far
Setting VPN as default gateway works like a charm including potrt forward.
Needed only:
outgoing NAT: 192.168.x.yyy/24 -> VPN->VPN IP
And needed NAT VPN -> 192.168.x.99:9999Attempt goal:
Set WAN back as default gateway
Add firewall rule on LAN:
192.168.x.99 all but 192.168.x.yyy/24 go through VPN gatewayNow I see tracert from .99 host going through VPN curl ifconfig.me/IP returns VPN IP BUT
and it's hublge BUT
All outgoing traffic initiated by .99 host gets redirected to VPN and bounces right back going out through WAN and returns on VPN...
Also I'm getting quite a few default rule 0104 packet blocks for pfsenseIP<->.99 IP(I'm accessing PF sense gui from .99 host).
Port captures with promiscuous mode off
Package capture on .99 shows outgoing UDP/TCP package:
192.168.x.99:9999->somehost:6677
LAN capture mirrors that
VPN capture shows nothing!
WAN capture shows
VPN IP:9999->somehost:6677Depending onremote host returns come either on WAN or VPN with vast majority on WAN and VPN returns are in fact retransmission requests , at least that's what chatgpt told me. VPN returns are 20 to 1000.
Same for ICMP capture and ping somehost
VPN
Somehost -> VAN.ip
WAN outgoing
VPN.ip -> somehost -
Policy routing started behaving after I changed my WAN ipv6 configuration from "none" to "6to4 tunnel".
I have strange feeling that redirected hist will be able to escape redirection if remote hist is resolving to ipv6 address though.