Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    2 WAN - openvpn in one of them not working when connected from IP routed through the other WAN

    Scheduled Pinned Locked Moved Routing and Multi WAN
    3 Posts 2 Posters 145 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • el_babyE
      el_baby
      last edited by

      Hi,

      I have 2 WAN interfaces to different providers, both with their own range of public static IPs.

      My main provider is ISP1 and I have WAN1 with 2 IP ranges that this provider gives me and the default route through it.

      My secondary provider is ISP2 and I have WAN2 with 1 IP range that this provider gives me and a static route to a /16 that is directly connected to ISP2 (and which my IP range is actually a /24 within it).

      I'm still not using the pfSense as the main firewall/router (will migrate in a month or two) but, nonetheless, I created a couple of openvpn vpns on a public IP (not used for anything else) on the WAN1 interface.

      The VPNs work OK from anywhere except where the originating IP is within the /16 of ISP2.

      I guess packets are coming into WAN1 and trying to go out through WAN2 because of the static route. Is there a way I can prevent this? (I don't know if within the interface definition, the gateway or the static route).

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @el_baby
        last edited by

        @el_baby
        Normally routing back response packets to the proper gateway is handled by reply-to function in pfSense.
        This require that the firewall pass rule allowing incoming traffic is defined on the respective WAN interface. But not sure if this even works, if there is a static route present, pointing to a different gateway.

        For reply to, ensure that the pass rule on WAN2 is applied to the incoming traffic. If you are not sure, enable logging in the rule and check the firewall rule.

        There must not be any floating or interface group pass rule matching this traffic, as these will overide interface rules.

        1 Reply Last reply Reply Quote 0
        • el_babyE
          el_baby
          last edited by

          Hi @viragomann,

          thanx for your answer.

          Finally, it was a problem on the other end and my configuration was OK.

          I didn't have to change anything.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.