2 WAN - openvpn in one of them not working when connected from IP routed through the other WAN
-
Hi,
I have 2 WAN interfaces to different providers, both with their own range of public static IPs.
My main provider is ISP1 and I have WAN1 with 2 IP ranges that this provider gives me and the default route through it.
My secondary provider is ISP2 and I have WAN2 with 1 IP range that this provider gives me and a static route to a /16 that is directly connected to ISP2 (and which my IP range is actually a /24 within it).
I'm still not using the pfSense as the main firewall/router (will migrate in a month or two) but, nonetheless, I created a couple of openvpn vpns on a public IP (not used for anything else) on the WAN1 interface.
The VPNs work OK from anywhere except where the originating IP is within the /16 of ISP2.
I guess packets are coming into WAN1 and trying to go out through WAN2 because of the static route. Is there a way I can prevent this? (I don't know if within the interface definition, the gateway or the static route).
-
@el_baby
Normally routing back response packets to the proper gateway is handled by reply-to function in pfSense.
This require that the firewall pass rule allowing incoming traffic is defined on the respective WAN interface. But not sure if this even works, if there is a static route present, pointing to a different gateway.For reply to, ensure that the pass rule on WAN2 is applied to the incoming traffic. If you are not sure, enable logging in the rule and check the firewall rule.
There must not be any floating or interface group pass rule matching this traffic, as these will overide interface rules.
-
Hi @viragomann,
thanx for your answer.
Finally, it was a problem on the other end and my configuration was OK.
I didn't have to change anything.
