Todo #15583
closedAdd documentation for VPN to WAN leakage issue and recommended solution
0%
Description
https://redmine.pfsense.org/issues/15582
VPN networks can be sent out the WAN interfaces if the VPN tunnel is down, which causes states to be established on the WAN interfaces. This then delays or prevents traffic from being sent over the VPN tunnel when it is re-established.
The recommended solution is to create floating rules that block all traffic from private/VPN networks from going out the WAN interfaces. I've done this and it seems to help.
I've only ever seen this issue mentioned twice, once by Jim Pringle and and think the other was a Strongswan forum somewhere, but it sounds like a prevalent issue that many are probably unaware is happening.
Updated by Jim Pingle 3 days ago
- Status changed from New to Rejected
This already exists: https://docs.netgate.com/pfsense/en/latest/recipes/rfc1918-egress.html