On Fri, May 9, 2014 at 10:15 AM, Thierry De Leeuw <[email protected]> wrote: > Hi, > > Thanks for your answer. Unfortunately I already have created this interface > and still it does not work ;-( > > Looking at my state table, I have an entry > mail_server:25 <- 10.99.10.2:25 (open vpn IP) <- 209.85.215.41:53282 (Gmail) > > So it looks like, despite there is an entry for the connection, the orange > firewall seems to use the default gateway and WAN interface (the one of the > ISP) instead of the interface from which the SYN packet arrived (but still, > the source IP is correctly changed to the IP of the of the VPN interface - > so I am sending bogus packets to my ISP). > > Is my understanding right in assuming that NAT should make sure it uses the > same interface as the incoming one (only applying the routing table indeed > leads to using the pppoe interface which is what I see but not what I want)? > If not how can I force the outgoing interface to be the same as the incoming > interface? >
Exactly the way Jim noted. You have rules other than the ones on that specific VPN's interface that are matching, or disabled reply-to globally or on those rules in particular, if it's not getting routed back out the VPN. _______________________________________________ List mailing list [email protected] https://lists.pfsense.org/mailman/listinfo/list
