Actions
Todo #15583
closedAdd documentation for VPN to WAN leakage issue and recommended solution
Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
Rules / NAT
Target version:
-
Start date:
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Release Notes:
Default
Description
https://redmine.pfsense.org/issues/15582
VPN networks can be sent out the WAN interfaces if the VPN tunnel is down, which causes states to be established on the WAN interfaces. This then delays or prevents traffic from being sent over the VPN tunnel when it is re-established.
The recommended solution is to create floating rules that block all traffic from private/VPN networks from going out the WAN interfaces. I've done this and it seems to help.
I've only ever seen this issue mentioned twice, once by Jim Pringle and and think the other was a Strongswan forum somewhere, but it sounds like a prevalent issue that many are probably unaware is happening.
Actions