You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Gateway groups are ignored if you use policy based routing (firewall rule) in combination with an OpenVPN connection. I want to route all of my internet traffic via an VPN-Provider (e.g. Surfshark, ProtonVpn, ...): I have two VPN connections (legacy client) with the "Don't pull routes" option checked. If I use them individually in a firewall rule the traffic is sent via the VPN, but if I group them together in a gateway group and use that group in the firewall rule, the traffic seems to be routed via the WAN interface and not via any of the OpenVPN connections.
I found serveral reports of this issue on the internet, but unfortunately no explanation or solution.
To Reproduce
Steps to reproduce the behavior:
Create a legacy OpenVPN client connection to a VPN provider (e.g. Surfshark)
Check the "Don't pull routes" option
Manually create the Outbound NAT rules for this OpenVPN connection
Create a Gateway group with the VPN-Connection as Tire 1 and WAN as Never
Create a firewall rule that should route the traffic via the GW-Group
Check your public IP address. It's the WAN IP instead of the VPN-IP
Important notices
Before you add a new report, we ask you kindly to acknowledge the following:
Describe the bug
Gateway groups are ignored if you use policy based routing (firewall rule) in combination with an OpenVPN connection. I want to route all of my internet traffic via an VPN-Provider (e.g. Surfshark, ProtonVpn, ...): I have two VPN connections (legacy client) with the "Don't pull routes" option checked. If I use them individually in a firewall rule the traffic is sent via the VPN, but if I group them together in a gateway group and use that group in the firewall rule, the traffic seems to be routed via the WAN interface and not via any of the OpenVPN connections.
I found serveral reports of this issue on the internet, but unfortunately no explanation or solution.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
Data is routed via the GW-Group via the VPN.
Environment
OPNsense 24.1.8-amd64
FreeBSD 13.2-RELEASE-p11
OpenSSL 3.0.13
The text was updated successfully, but these errors were encountered: