Project

General

Profile

Actions

Bug #13230

closed

Floating rules on VPN interfaces

Added by James Chambers over 2 years ago. Updated over 2 years ago.

Status:
Not a Bug
Priority:
Normal
Assignee:
-
Category:
Rules / NAT
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
Affected Architecture:

Description

With floating rules on OpenVPN and WireGuard interfaces, matching traffic doesn’t seem to return with rules that pass traffic in the out direction. My VPN works as expected without a floating rule added (allowing pfSense to use its default pass rules for outbound traffic) but if I add a floating rule passing the IPs I want to pass or any traffic in the out direction it fails to return.

I only have a small block of IP that exit, so to get around the problem, rather than passing the block of IPs I want to allow and blocking everything else I’m blocking not (!) the block of IPs I want to exit so that I don’t have to create a pass rule.

I tried changing the state type to “Sloppy” but I still had the same issue.

Actions

Also available in: Atom PDF