Greetings,
For the good communication, I am using AI power.TT
I am seeking advice on a routing issue in a Multi-WAN environment using a Gateway Group on OPNsense.
Topology & Environment:
- Setup: Dual WAN (SKT and SKB) configured in a Gateway Group (Load Balancing).
- Interface: SKT (WAN_GW, Priority 40) / SKB (OPNsenseSKB, Priority 50).
- Service: Caddy/Mail server running on OPNsense host (or behind NAT).
- Topology Link: [https://cloud.gnsinfo.mooo.com/s/QJagCtWLeQqVKRF]
The Issue:
1. A packet arrives at the SKT WAN interface and is processed (NAT/Port Forward).
2. The server/service generates a return packet (Reply).
3. Instead of exiting through the same interface (SKT), OPNsense routes this return packet to the other gateway (SKB).
4. The other gateway (SKB) drops the packet due to an invalid state or IP mismatch.
What I've observed:
- The system seems to favor the default gateway in the routing table even for inbound connection replies.
- The connection times out for external users attempting to access the service via SKT.
Question:
- How can I ensure that traffic entering via a specific WAN interface is always forced to exit through that same interface's gateway,
- especially when a Gateway Group is active for LAN traffic?
- I've looked into `Reply-to` settings but would like to know the best practice for this specific Multi-WAN scenario.
Thank you in advance for your help!