pfSense

Multi WAN , 2 node pfSense configuration. WAN1 is provided as private NATted subnet. WAN2 is provided as public IP address (/30 mask),
Because of only single public IP available, CARP members have private IPs with no gateway specified. Their VirtualIP is configured with that public IP.
Everything works smoothly for outbound traffic.
Inbound traffic however is the problem. Firewall rule for allowing OpenVPN traffic passes to CARP VIP, but returning back to client through other WAN interface and thus other provider.

Action Time Interface Source Destination Protocol
2025-10-01 20:38:04.995326+02:00 WAN 192.168.5.4:29189 89.x.166.179:57856 TCP:SA
2025-10-01 20:38:04.995269+02:00 WANBACKUP 89.x.166.179:57856 82.x.197.22:1194 TCP:S

[2.8.1-RELEASE]/root: pfctl vvss | grep 89.x.166.179
hn5 tcp 82.x.197.22:1194 < 89.x.166.179:50502 CLOSED:SYN_SENT

Is this limitation in the platform or just a bug?

Thanks