You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In a Multi-Lan setup with a VPN und a WAN:
When Port-Forwarding (IPv4) from the VPN to any internal device the replies from that device always get routed through the default WAN (The Policy routing that should route all the traffic from that machine through VPN is ignored).
To Reproduce
Steps to reproduce the behavior:
Have a Wireguard VPN and normal WAN
Create a Port-Forward from the VPN to any machine in the local network.
See (using tcpdump) that replies to these requests get routed through the normal WAN
Expected behavior
The Replies should go back to their sender.
Describe alternatives you considered
When removing the auto-generated the traffic rule from the port forward and defining one myself setting reply-to to the VPN Gateway works. So maybe the reply-to in the auto generated rule is not set correctly?
Environment
Software version used and hardware type if relevant, e.g.:
Does that mean this is intended behavior? In my opinion its kind of tedious to always have to add both a Port Forward and a Firewall Rule. Can't that be automated?
You could create the Port Forward and the Firewall rule manually, and use Aliases inside of them. Then if you update the aliases, for example adding another port/ip address, both the Port Forward and the Firewall rule would be updated automatically.
Important notices
Before you add a new report, we ask you kindly to acknowledge the following:
Describe the bug
In a Multi-Lan setup with a VPN und a WAN:
When Port-Forwarding (IPv4) from the VPN to any internal device the replies from that device always get routed through the default WAN (The Policy routing that should route all the traffic from that machine through VPN is ignored).
To Reproduce
Steps to reproduce the behavior:
Expected behavior
The Replies should go back to their sender.
Describe alternatives you considered
When removing the auto-generated the traffic rule from the port forward and defining one myself setting reply-to to the VPN Gateway works. So maybe the reply-to in the auto generated rule is not set correctly?
Environment
Software version used and hardware type if relevant, e.g.:
OPNsense 24.7.a_388 (amd64).
Intel® Core™ i3-4160 3.6Ghz Dual Core
Network Intel® I350-T2
The text was updated successfully, but these errors were encountered: