Policy routing being ignored?
-
Hello forum,
I'm having some trouble with Sixxs and OpenVPN.
I have a working tunnel to Sixxs ipv6 broker.
I have a working VPN tunnel to Mullvad.I have a policy routing on my LAN interface that says IPv6* from LAN NET to any destination, gateway SIXXS.
traceroute6 ipv6.google.com from client = OK. Everything is fine.
ping from external host to my client, I can see the packets coming in and reaching client (tcpdump), I see client sending response. Response arrives at LAN interface and it then shipped over OpenVPN (Mullvad), despite the policy routing telling it use SIXXS as gateway.
How can I fix this?
-
I was able to fix this myself.
Pretty much what was happening was that my OpenVPN broker was pushing ipv6 routes, amongst other a ::/2 default route. For some reason the policy rules didn't intercept the packets and the default route was being used. To remedy this, I added to my OpenVPN client configuration "route-nopull" to the advanced configuration. As such no routes are added for neither ipv4 or ipv6 and everything is working the way I want it to.
Big thanks to everyone at #pfsense @ Freenode for attempts at helping and showing patience with my constant nagging.