Odd issue?
-
I have a Gw group set up for WAN failover on a pfSense device.
When I set LAN to use that gw group, the outbound connetivity works fine. On an egress trace, it goes:
1 - WAN GW
2 - FW IP
3 - Outside our networkwhen i remove the group
1 - FW IP
2 - WAN GW
3 - OutsideWhat configuration did I screw up to do this? Its causing some issues internally
-
Policy routing forces traffic to the gateway specified without decrementing the TTL. Egress you'll end up with 1 - WAN GW, 2 - Internet/whatever is beyond WAN GW.
When not using a gateway group, the first hop is your FW IP, then WAN GW, then beyond that.
Assuming it matches that description, that's not causing any problems, it's normal.
-
@cmb:
Policy routing forces traffic to the gateway specified without decrementing the TTL. Egress you'll end up with 1 - WAN GW, 2 - Internet/whatever is beyond WAN GW.
When not using a gateway group, the first hop is your FW IP, then WAN GW, then beyond that.
Assuming it matches that description, that's not causing any problems, it's normal.
It's breaking my site-to-site VPN's. Is there another or better way to do it?
-
It's breaking my site-to-site VPN's. Is there another or better way to do it?
You must have a strange VPN setup, but did you try not policy routing the VPN traffic?
-
You need a rule to pass traffic to the VPNs that doesn't policy route, above any matching rules specifying a gateway.