Interesting routing issue
I use 2.2 and Openvpn server in tun mode.
When client connects all is working as intended except one route goes wrong.
Correct traceroute, traffic goes troug tunnel:
Tracing route to google-public-dns-a.google.com [220.127.116.11] over a maximum of 30 hops: 1 14 ms 14 ms 14 ms 10.15.20.1 2 15 ms 41 ms 15 ms 2903.burek.net [YY.YY.YY.1] 3 63 ms 23 ms 45 ms mx-vi1-te-0-0-0.burek.net [IP HERE] 4 44 ms 43 ms 43 ms 18.104.22.168 5 45 ms 45 ms 45 ms 22.214.171.124 6 45 ms 44 ms 45 ms 126.96.36.199 7 45 ms 45 ms 45 ms google-public-dns-a.google.com [188.8.131.52] Trace complete.
INCORRECT route, traffic goes trough local firewall instead of tunnel:
Tracing route to [XX.XX.XX.12] over a maximum of 30 hops: 1 <1 ms <1 ms <1 ms firewall.domain.local [192.168.1.1] 2 13 ms 13 ms 13 ms gw1.net [ZZ.ZZZ.0.1] 3 12 ms 12 ms 12 ms gw2.net [IP HERE] 4 13 ms 12 ms 13 ms six.burek.net [IP HERE] 5 14 ms 14 ms 13 ms [XX.XX.XX.12] Trace complete.
[XX.XX.XX.12] is my WAN IP.
So if I connect from anywhere and login to my website (I have no SSL) anyone with access to router I`m connected to could see my login details.
Why only WAN IP is routed trough local gateway instead of tunnel?
Oh IPv6 is working great and as it should.
Well what are the routes on the box? Clearly you have route that says when trying to go [XX.XX.XX.12] go to firewall.domain.local [192.168.1.1]
At this point, we can't confirm anything, we need more info.
Post your server1.conf and the routing table from PFsense and a connected client.
I was thinking…
There is actually no need for routing table...
Let me explain.
If I connect to XX.XX.XX.XX with openvpn, clearly XX.XX.XX.XX MUST go trough local firewall and not trough the tunnel. If it would go trough the tunnel, openvpn woul not work :)
So this is by design IMHO.
That all depends on your config, routing and full tunnel vs split tunnel. We are all just speculating without looking at the config and your routing tables.