Port forwarding from the non-default WAN gateway

[dasjot2]

Hi there,

I have setup a wireguard server in a VM on my local network. I have a default WAN connection that is going to my router. I also have an OpenVPN connection to AirVPN. On AirVPN I forward a port into my network. I do this because with AirVPN I have a fixed IPv4 address, whereas my provider only provides IPv6.

Now the incoming packets come in on my WAN_AirVPN interface and are correctly forwarded (with a port forward rule) to my wireguard server. The server receives them and sends a response, I have verified this with tcpdump.

How comes the interesting part: the response packets go out via the default WAN gateway, but they have the source address of the WAN_AirVPN address. It looks as if the OPNsense picks up the packets returned by the wireguard server as answers to the port forwarded packets, rewrites the sender address but then sends them out on the default gateway instead of the gateway where they came from.

Is there a way I can tell OPNsense to send these outgoing packets to the correct WAN_AirVPN gateway?