Thanks for your help Jim and Chris. I have it working now.
For the records, instead of specifying "none" for the VPN interface, I
had to specify an IP address with a gateway set to the IP of the remote
host on the VPN tunnel.
This is probably because I had to specify "route-nopull" for the VPN
tunnel as this had the side effect of changing my default gateway to be
the VPN.
Have a nice day!
Thierry
On 05/10/2014 02:47 AM, Chris Buechler wrote:
On Fri, May 9, 2014 at 10:15 AM, Thierry De Leeuw <[email protected]> wrote:
Hi,
Thanks for your answer. Unfortunately I already have created this interface
and still it does not work ;-(
Looking at my state table, I have an entry
mail_server:25 <- 10.99.10.2:25 (open vpn IP) <- 209.85.215.41:53282 (Gmail)
So it looks like, despite there is an entry for the connection, the orange
firewall seems to use the default gateway and WAN interface (the one of the
ISP) instead of the interface from which the SYN packet arrived (but still,
the source IP is correctly changed to the IP of the of the VPN interface -
so I am sending bogus packets to my ISP).
Is my understanding right in assuming that NAT should make sure it uses the
same interface as the incoming one (only applying the routing table indeed
leads to using the pppoe interface which is what I see but not what I want)?
If not how can I force the outgoing interface to be the same as the incoming
interface?
Exactly the way Jim noted. You have rules other than the ones on that
specific VPN's interface that are matching, or disabled reply-to
globally or on those rules in particular, if it's not getting routed
back out the VPN.
_______________________________________________
List mailing list
[email protected]
https://lists.pfsense.org/mailman/listinfo/list
--
Thierry De Leeuw
Avance Consulting SPRLu.
Rue Warandeveld, 29
1120 Neder-Over-Hembeek
Belgium
Mobile: +32 479/470.512
TVA-VAT: BE 0876.491.406
_______________________________________________
List mailing list
[email protected]
https://lists.pfsense.org/mailman/listinfo/list
