OpenVPN in Multi-WAN-Setup - Why Port-Forwarding to "localhost"?

[mscd]

Hello together,

I have some problems in configuring OpenVPN in conjunction with Multi-WAN-LoadBalancing (OPNsense 21.7).
Multi-WAN (two gateways A (default) and B) is working properly but a (external) VPN-connection to gateway B fails.

My OpenVPN-Server is configured to listen to "any" interfaces on UDP standard port. During my error analysis, I read also some pfSense-tutorials, cp.

https://docs.netgate.com/pfsense/en/latest/multiwan/openvpn.html

and I can not figure out why I should make a difference to use the configuration "listening-interface to localhost" in conjunction with corresponding WAN-port-forwarding rules in contrast to a OpenVPN-server-instance, which is configured to listen to "any".

Can give me anybody some technical reason, why the port-forwarding setup is the better one?
Could the problem be related to the route of the answer packets, which perhaps traverse not the same way back to the client as in in-direction?

Best regards,
mscd

[beren]

I have no idea but this needs to be better documented for opnsense. I spent way too long trying to get port forwarding to work until I saw you post and tried to set it to listen to 1 interface only (localhost).

[desartecsrl@gmail.com]

Hi, I have finished setting up OpnSense with 2 WANs with load balancing, almost everything works fine except the VPN connecting from the 2 WANs. From what I understand, you have done the same thing, but I can't access any of the machines on the LAN. Do you have that problem?