I have 2xWAN 2xLAN and 2XDMZ

2xISPs BT (PPPoE) and Virgin (DHCP)

I added static routes for each ISPs DNS and I'm not doing load balancing or failover

LAN1 works over BT and LAN2 works over Virgin. Everything is ok outbound.

I put an OpenVPN server on DMZ and created port forward NAT and fw rule

As a test I put a laptop on LAN1 and connect ovpn client to the public IP address of WAN2

Client–->PF(sis3)--->BT-WAN1(sis1)--->Internet--->Virgin-WAN2(sis2)--->DMZ(sis4)--->OVPN

with tcpdump I see the packet arrive at the ovpn server and it responds. It then seems to get silently dropped by the fw. There's nothing in the filter log and tcpdump doesn't see it leaving any of the other interfaces.

I tried the DMZ i/f with and without a gateway, doesn't make any difference. I also opened up ssh on the ovpn server as additional test but I get the same result. I had the same setup working when I had a single ISP.

tcpdump from ssh

vpn# tcpdump -i lnc1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on lnc1, link-type EN10MB (Ethernet), capture size 96 bytes
23:00:32.097891 IP <virginip>.56919 > 192.168.4.150.ssh: S 2981099879:2981099879(0) win 8192 <mss 1452,nop,wscale="" 8,nop,nop,sackok="">23:00:32.098084 IP 192.168.4.150.ssh > <virginip>.56919: S 4160585790:4160585790(0) ack 2981099880 win 65535 <mss 1460,nop,wscale="" 1,sackok,eol="">23:00:35.067268 IP <virginip>.56919 > 192.168.4.150.ssh: S 2981099879:2981099879(0) win 8192 <mss 1452,nop,wscale="" 8,nop,nop,sackok="">23:00:35.067345 IP 192.168.4.150.ssh > <virginip>.56919: S 4160585790:4160585790(0) ack 2981099880 win 65535 <mss 1460,nop,wscale="" 1,sackok,eol="">23:00:38.066337 IP 192.168.4.150.ssh > <virginip>.56919: S 4160585790:4160585790(0) ack 2981099880 win 65535 <mss 1460,nop,wscale="" 1,sackok,eol="">23:00:41.050725 IP <virginip>.56919 > 192.168.4.150.ssh: S 2981099879:2981099879(0) win 8192 <mss 1452,nop,nop,sackok="">23:00:41.050797 IP 192.168.4.150.ssh > <virginip>.56919: S 4160585790:4160585790(0) ack 2981099880 win 65535 <mss 1460,nop,wscale="" 1,sackok,eol="">23:00:47.048828 IP 192.168.4.150.ssh > <virginip>.56919: S 4160585790:4160585790(0) ack 2981099880 win 65535 <mss 1460,nop,wscale="" 1,sackok,eol="">23:00:59.044931 IP 192.168.4.150.ssh > <virginip>.56919: S 4160585790:4160585790(0) ack 2981099880 win 65535</virginip></mss></virginip></mss></virginip></mss></virginip></mss></virginip></mss></virginip></mss></virginip></mss></virginip></mss></virginip>