Gateway on IPsec rules is not functional in pf
When selecting a gateway on an IPsec tab rule, the GUI looks correct, the generated pf rule looks correct in /tmp/rules.debug, and even looks correct in "pfctl -sr" output, however the traffic does not actually respect the gateway. It only exits via the default route no matter what has been chosen.
If you configure a rule to force the traffic out WAN2 it still exits via WAN if WAN is default. If a load balancing group is selected the traffic ignores WAN2.
Traffic on non-IPsec interfaces appears to function normally at the time.
#2 Updated by Jos Andel about 6 years ago
Chris Buechler wrote:
has this ever worked? Offhand I can't recall seeing anyone doing that.
Yes, this worked fine in 1.2.3 and 2.0.1. We have done this for many years to route traffic from remote locations to our core-router. Traffic to internet from our 400+ remote locations has to go through the core to be handled on another internet-gateway on another line than the VPN-box is on.
Recently I upgraded to 2.1.3 and found out it stopped working. See Issue #3653 for detailed information I provided.