Bug #13230: Floating rules on VPN interfaces - pfSense - pfSense bugtracker

Actions

Copy link

Bug #13230

closed

Floating rules on VPN interfaces

Added by James Chambers almost 2 years ago. Updated almost 2 years ago.

Status:

Not a Bug

Priority:

Normal

Assignee:

Category:

Rules / NAT

Target version:

Start date:

Due date:

% Done:

Estimated time:

Plus Target Version:

Release Notes:

Default

Affected Version:

Affected Architecture:

Description

With floating rules on OpenVPN and WireGuard interfaces, matching traffic doesn’t seem to return with rules that pass traffic in the out direction. My VPN works as expected without a floating rule added (allowing pfSense to use its default pass rules for outbound traffic) but if I add a floating rule passing the IPs I want to pass or any traffic in the out direction it fails to return.

I only have a small block of IP that exit, so to get around the problem, rather than passing the block of IPs I want to allow and blocking everything else I’m blocking not (!) the block of IPs I want to exit so that I don’t have to create a pass rule.

I tried changing the state type to “Sloppy” but I still had the same issue.

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

pfSense

Custom queries

Bug #13230

Floating rules on VPN interfaces

Updated by Marcos M almost 2 years ago

Updated by Jim Pingle almost 2 years ago

Updated by James Chambers almost 2 years ago