Policy routing being ignored?

  • Hello forum,

    I'm having some trouble with Sixxs and OpenVPN.

    I have a working tunnel to Sixxs ipv6 broker.
    I have a working VPN tunnel to Mullvad.

    I have a policy routing on my LAN interface that says IPv6* from LAN NET to any destination, gateway SIXXS.

    traceroute6 ipv6.google.com from client = OK. Everything is fine.

    ping from external host to my client, I can see the packets coming in and reaching client (tcpdump), I see client sending response. Response arrives at LAN interface and it then shipped over OpenVPN (Mullvad), despite the policy routing telling it use SIXXS as gateway.

    How can I fix this?

  • I was able to fix this myself.

    Pretty much what was happening was that my OpenVPN broker was pushing ipv6 routes, amongst other a ::/2 default route. For some reason the policy rules didn't intercept the packets and the default route was being used. To remedy this, I added to my OpenVPN client configuration "route-nopull" to the advanced configuration. As such no routes are added for neither ipv4 or ipv6 and everything is working the way I want it to.

    Big thanks to everyone at #pfsense @ Freenode for attempts at helping and showing patience with my constant nagging.

Log in to reply