You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Incomming connections are not possible, because reply packages are send out to the wrong gateway.
Relevant log files
root@router:/tmp # grep ovpn rules.debug | grep TEST
pass in quick on ovpnc1 inet from {any} to {any} keep state label "32273dd1f8b82e57651fe5c3febf18a3" # : TEST
pass in quick on ovpnc1 reply-to ( ovpnc1 2a02:a00:e00f:ffff::1 ) inet6 from {any} to {any} keep state label "32273dd1f8b82e57651fe5c3febf18a3" # : TEST
Expected behavior
pass in quick on ovpnc1 reply-to ( ovpnc1 188.246.4.1 ) inet from {any} to {any} keep state label "32273dd1f8b82e57651fe5c3febf18a3" # : TEST
pass in quick on ovpnc1 reply-to ( ovpnc1 2a02:a00:e00f:ffff::1 ) inet6 from {any} to {any} keep state label "32273dd1f8b82e57651fe5c3febf18a3" # : TEST
Config
Home router with multiple uplink interfaces.
The ovpnc1 interface (openvpn client) is used to get static ip addresses for ipv4 and ipv6.
I have the same issue just with a GRE Tunnel instead. DNAT is working and i can route Clients over that Tunnel. It is just the Firewall itself that is not able to respond to ping, provider ssh/web access etc. over such tunneled IPv4.
I will add a more detailed description as soon as i find more time.
Edit: it seems to be a FreeBSD/pf issue according to netgate forums.
Describe the bug
Incomming connections are not possible, because reply packages are send out to the wrong gateway.
Relevant log files
Expected behavior
Config
Firewall test rule:
Gateway setup (ipv4):
Gateway setup (ipv6):
Environment
OPNsense 19.7.5_5-amd64
FreeBSD 11.2-RELEASE-p14-HBSD
OpenSSL 1.0.2t 10 Sep 2019
Last Working Environment
OPNsense 19.1.10_1-amd64
FreeBSD 11.2-RELEASE-p10-HBSD
OpenSSL 1.0.2s 28 May 2019
The text was updated successfully, but these errors were encountered: