Hi all, I've got a really weird problem and I'm completely stuck, hoping someone here will have some insight.
I've got pfSense with three WAN (WAN, OPT1 and OPT2) interfaces, two DMZ (OPT3 and OPT4) and a LAN (LAN) with private addressing. I have setup an IPSec tunnel with the LAN as the local network and WAN as the terminating interface and it works perfectly. Unfortunately, the DMZ networks also pass traffic to the same destination network as the IPSec tunnel and this does not work. I have firewall rules on the DMZ interfaces that route all their outbound traffic through a load balanced gateway that includes OPT1 and OPT2. Usually this works fine but now I have enabled the IPSec tunnel all their outbound traffic ignores the firewall rule and goes out unencrypted on the WAN interface. The traffic never reaches the destination network because the ISP filters source addresses. It's like there is a firewall rule before mine that is altering the gateway. Pings that are inbound from the remote network arrive on OPT2, reach the machine in the DMZ and then replies are sucessfully passed back to the remote network. Sticky connections are switched off. I've tried clearing any states relating to the DMZ machines but it doesn't help. I'm at the point where I'm considering a restart but that'll have to wait until the weekend! Anybody got any ideas? Many thanks, Jon
